[OSM-dev] IP as personal information (Was: Re: Any tile statistics (unique visitors))

Stefan de Konink stefan at konink.de
Sun Dec 7 14:35:46 GMT 2008

Jochen Topf wrote:
> It doesn't matter whether you can identify everyone or only a few
> people. If you can identify one, you have breached his privacy. And
> thats bad enough.

So clearly for Dutch law it does; if there only a few people directly 
addressable and you will not a priori know who they are, it is a "good 
luck with that" situation. We are still talking about *one* file, not 
correlated sources.

Because yes, if I had access to my serverlogs, and the server logs of my 
providers DHCP pool, and to their CRM-system then I could say exactly 
tell you the customer name, and still would only know that someone could 
be potentially be at that location, or used a connection routed trough 
this location.

We are only talking about IP addresses as an uncorrelated individual 
measurement. If we actually took the API logs; with usernames; and we 
make statistics out of that, which is already been done(!) we are 
actually violating privacy. Now I don't hear anyone complaining about 
letting everyone know that they have edited at a certain time.

>>>> Never the less, I expect from any users that do aggregation task they 
>>>>  care about aggregation results not about raw data :)
>>> Well, we were not talking about "users that do aggregation", but
>>> "anybody". You said you give anybody access to log files. If you give
>>> anybody access, thats more than just "users that do aggregation".
>> Anybody that can login to my server yes, TomH was noting root rights  
>> where required for this. Anyone that is able to login to my server has  
>> read rights on those files.
> Then I hope you restrict the number of people who can log in to your
> server.

Like everyone else does :)


More information about the dev mailing list