[OSM-dev] IP as personal information (Was: Re: Any tile statistics (unique visitors))

Jochen Topf jochen at remote.org
Sun Dec 7 14:20:17 GMT 2008

On Sun, Dec 07, 2008 at 03:05:43PM +0100, Stefan de Konink wrote:
>> And even if you anonymize the IP address you'll still get data that can
>> be traced back to a person. If you know all the places somebody has
>> looked at, chances are that you can figure out in some cases who that
>> person is. If you don't believe this, I encourage you to read up about
>> the AOL search log disaster two years ago. For instance at:
>> http://www.wired.com/politics/security/news/2006/08/71579
> You are overrating Apache log files, I don't know what you like to store  
> on a high volume website, but the original inquiry was only a measure to  
> unique visitors; not even browser statistics. Thus could you identify  
> TomH by its IP address, most likely if TomH has no wife or children or  
> is not sharing his IP address using NAT technologies.
> ...the rest of the consumers are; and most likely also on a DHCP pool  
> due to incompetence of the telco.

It doesn't matter whether you can identify everyone or only a few
people. If you can identify one, you have breached his privacy. And
thats bad enough.

>>> Never the less, I expect from any users that do aggregation task they 
>>>  care about aggregation results not about raw data :)
>> Well, we were not talking about "users that do aggregation", but
>> "anybody". You said you give anybody access to log files. If you give
>> anybody access, thats more than just "users that do aggregation".
> Anybody that can login to my server yes, TomH was noting root rights  
> where required for this. Anyone that is able to login to my server has  
> read rights on those files.

Then I hope you restrict the number of people who can log in to your

Jochen Topf  jochen at remote.org  http://www.remote.org/jochen/  +49-721-388298

More information about the dev mailing list