[OSM-dev] IP as personal information (Was: Re: Any tile statistics (unique visitors))
Jochen Topf
jochen at remote.org
Sun Dec 7 14:20:17 GMT 2008
On Sun, Dec 07, 2008 at 03:05:43PM +0100, Stefan de Konink wrote:
>> And even if you anonymize the IP address you'll still get data that can
>> be traced back to a person. If you know all the places somebody has
>> looked at, chances are that you can figure out in some cases who that
>> person is. If you don't believe this, I encourage you to read up about
>> the AOL search log disaster two years ago. For instance at:
>> http://www.wired.com/politics/security/news/2006/08/71579
>
> You are overrating Apache log files, I don't know what you like to store
> on a high volume website, but the original inquiry was only a measure to
> unique visitors; not even browser statistics. Thus could you identify
> TomH by its IP address, most likely if TomH has no wife or children or
> is not sharing his IP address using NAT technologies.
>
> ...the rest of the consumers are; and most likely also on a DHCP pool
> due to incompetence of the telco.
It doesn't matter whether you can identify everyone or only a few
people. If you can identify one, you have breached his privacy. And
thats bad enough.
>>> Never the less, I expect from any users that do aggregation task they
>>> care about aggregation results not about raw data :)
>>
>> Well, we were not talking about "users that do aggregation", but
>> "anybody". You said you give anybody access to log files. If you give
>> anybody access, thats more than just "users that do aggregation".
>
> Anybody that can login to my server yes, TomH was noting root rights
> where required for this. Anyone that is able to login to my server has
> read rights on those files.
Then I hope you restrict the number of people who can log in to your
server.
Jochen
--
Jochen Topf jochen at remote.org http://www.remote.org/jochen/ +49-721-388298
More information about the dev
mailing list