Suspect the generation environment before the math
The most repeated technical explanation is that UUID v4 only behaves as advertised when the random source is high quality and correctly wired. Commenters pointed to client-side generation, deterministic browser or crawler environments, VMs, forks, sandboxes, unsafe fallbacks, and broken RNG initialization as more plausible than an organic collision.
- jandrewrogers
UUID v4 reliability depends on a high-quality entropy source, which real systems can quietly violate.
- CodesInChaos
Frontend generation, VM state duplication, forks, and sandboxed fallbacks all change the risk profile.
- sedatk
The uuid library itself documents deterministic browser contexts such as Googlebot as a duplicate risk.