On Sun, Dec 07, 2008 at 03:05:43PM +0100, Stefan de Konink wrote: >> And even if you anonymize the IP address you'll still get data that can >> be traced back to a person. If you know all the places somebody has >> looked at, chances are that you can figure out in some cases who that >> person is. If you don't believe this, I encourage you to read up about >> the AOL search log disaster two years ago. For instance at: >> http://www.wired.com/politics/security/news/2006/08/71579 > > You are overrating Apache log files, I don't know what you like to store > on a high volume website, but the original inquiry was only a measure to > unique visitors; not even browser statistics. Thus could you identify > TomH by its IP address, most likely if TomH has no wife or children or > is not sharing his IP address using NAT technologies. > > ...the rest of the consumers are; and most likely also on a DHCP pool > due to incompetence of the telco.
It doesn't matter whether you can identify everyone or only a few people. If you can identify one, you have breached his privacy. And thats bad enough. >>> Never the less, I expect from any users that do aggregation task they >>> care about aggregation results not about raw data :) >> >> Well, we were not talking about "users that do aggregation", but >> "anybody". You said you give anybody access to log files. If you give >> anybody access, thats more than just "users that do aggregation". > > Anybody that can login to my server yes, TomH was noting root rights > where required for this. Anyone that is able to login to my server has > read rights on those files. Then I hope you restrict the number of people who can log in to your server. Jochen -- Jochen Topf [EMAIL PROTECTED] http://www.remote.org/jochen/ +49-721-388298 _______________________________________________ dev mailing list [email protected] http://lists.openstreetmap.org/listinfo/dev
