Getting Support : For the Geeks
Protecting your privacy here.
from Jules - Friday, May 23, 2003
accessed 1410 times
This is the first in a series of changes that are occurring on this site in the next few months, and will be implemented June 1.
Currently when you post something here, your IP address is logged. This allows me as the administrator to see who is posting what, even when you use another name. Although it’s rare that I look this up, sometimes it is useful if someone is harassing other people or agreeing with themselves under a number of other nicknames.
Although this information is only seen by me, as the IP address is the unique number of your computer on the internet, in the interest of protecting your privacy, I have decided to no longer record this information, and the records I have will be deleted. This means that your site nickname will never be linked to your real life identity or physical location unless you specifically choose to disclose this information.
In order to ensure some sort of way to intervene if needed, the following changes will be implemented.
1. People will be required to register before participating here. As is the case currently, if you choose, you can keep your profile private and not let anyone contact you through this site.
2. You can still use another name if you wish to post even more anonymously, but you will need to be logged into the site to access the forms for submitting comments and posts.
3. The primary account you have here will be linked to your posts, but only the administrator will have access to this information and no one else.
As an example, in the future if I want to post a comment, I will have to log in as “Jules”. If I decide that I don’t want my nickname to show up in my post, I can change my “Jules” name in my comment to show as “Mystery User” or something else. However, the administrator will be able to look at my comment and see that it was actually from the user registered as Jules. This means that if I decided to write a rant on the evils of atheism, and then agree with myself under a few other names, the administrator could tell that I was probably just trying to bait Anthony.
If you hate this, love it or don’t care either way, feel free to post your thoughts, but unless you have a better idea to keep people’s identities completely secure and to also maintain some sort of order here, then this plan will be implemented.
Reader's comments on this article
Add a new comment on this article
Sunday, June 01, 2003 - 15:40
One need not be the administrator in order to tell that you're probably just trying to snidely bait Anthony.
(reply to this comment)
|from Craven de Kere|
Sunday, May 25, 2003 - 03:39
Before I comment a test:
http://www.able2know.com/ip.capture/spacer.gif" / >
(reply to this comment)
| From Craven de Kere|
Sunday, May 25, 2003, 03:52
Yeah, i figured you'd stopped stripping HTML.
The above was hypothetical and not linked to a valid file but I can still see anyone's IPs if they visit this page.
So for true privacy you need to disable HTML or at least disable certain tags.
It's important to mention that an offsite file would not give the IP matched to a post but rather all the IPs of visits to this page, but with the traffic levels you have it would be very veryeasy to match to each post.
Maybe that's not what you are concerned with, maybe you are worried about having litigation seek to force you to divulge an IP, and if so that can be achieved with simply by deleting logs after a week.
Nobody will be able to see a post, and then go through th legal motions to force you to disclose the IP in less than a week, and if they do just delete it anyway.
Logs do not only help in the dministration of the site but they are important when your server is attacked. I just changed servers this weekend but on my last server I was innundated with attacks and the hing log files were invaluable for both patching (someone had discovered a formmail exploit and attempted to send thousands of emails from my server in a dictionary attack on AOL) as well as investigations.
In the above script-kiddie exploit attempted on my server I caught it within 10 minutes and shut down formmail but over 5,000 emails were sent to AOL and I heard from them (they wanted to close down my server).
My log files helped me take the heat off me and onto the spammer.
That's just one example and my server was not even breached. If it were the logfiles would be worth gold to me.
The responsobility to protect privacy is mostly on the ISP's part and they do not disclose Name to IP matches fecklessly. It's admirable that you want to take the privacy stance but IMO you can achieve just as high a level of privacy protection by a weekly log deletion and still afford yourself the luxury of logging for tech purposes.
I turned off my logs on a server because the traffic was so high that running the log files was timing out my server and when I suffered a distributed DOS attack I kicked myself for not having a way to investigate the attacker.
Just my 2 cents, but if you want privacy you should patch some holes you have (e.g. the hotlinking image thing, I could do it with a 1 pixel by 1 pixel image and log everyone's IPs for you).
If you need a reply from me please email me as I won't see it here for months.(reply to this comment)
| From Jules|
Tuesday, June 03, 2003, 09:14
Ok, I've finally had some time to reply to this. This is really more to other users than CDK.
Perhaps I should disable some of the HTML tags, but to gather the IP address of a visitor from a linked image, you need to have access to the log files of the server the image is on. Sites like Yahoo and Geocities don't give you this level of access or even allow remote image links for the most part. Also, as you said, the only thing this shows is who visited the site, not who posted specific content, which is my concern.
The log files I get from this host are pretty much useless, as they only show aggregate information, and not specific IP addresses anyways, and don't even log total traffic, since if you access movingon.org instead of www.movingon.orghttp://www.movingon.org">www.movingon.org>, it doesn't track that, or any virtual directories.
I don't really care, as DOS attacks, etc. are the responsibility of the hosting company. I have backups of everything, so I can simply restore the site if there are any problems. The issue is that the data should be secure and anonymous even from the back-end. (reply to this comment)
| From Craven de Kere|
Monday, June 09, 2003, 19:36
I strongly suggest that you disable HTML tags. You make a valid point about the relative rarity of server logging that would allow for detailed tracking but neglect that free traffic tracking services are readily accesible and that they are easier to use than a server log anyway.
That is hardly the only reason. Off the top of my head I can think of more than 8 ways to download a virus onto the hard drives of anyone who reads a aspecially formatted post.
I can think of many many ways to run other malicious scripts.
I used to think those dangers are rare enough to not worry about but when you start receiving malicious attacks you will want to have been prepared as opposed to doing damage control.
You might consider a proprietary formatting language that does not allow for exploits. They are very easy to write.
I get the feeling that you aren't altogether too concerned so I'll leave it at that.
If you wish, I can probe for simple exploits due to the availability of the html tags.
The server on which I have my email account has been compromised so I can't be reached by the email you have for me.
I'll check back here the next time I remember.(reply to this comment)