| 1 |
On 02-04-2009 17:50:50 +0200, Sebastian Pipping wrote: |
| 2 |
> Fabian Groffen wrote: |
| 3 |
> > Is it really necessary to associate collected information to personal |
| 4 |
> > data at all? |
| 5 |
> |
| 6 |
> Are you referring to item |
| 7 |
> |
| 8 |
> * Add user's real name and contact info if wanted |
| 9 |
> |
| 10 |
> ? That's completely optional. I expect some people to |
| 11 |
> be willing to share their contact info, especially in the |
| 12 |
> beginning. It's not "needed" in any way. Does that answer |
| 13 |
> your question? |
| 14 |
|
| 15 |
I was wondering if this was necessary at all, and hence if you should |
| 16 |
include it. |
| 17 |
|
| 18 |
> > What if there would be a unique identifier (hashed MAC |
| 19 |
> > address?) that just identifies the Gentoo installation, would that be |
| 20 |
> > enough? That way you can track without any privacy issues involved, I |
| 21 |
> > think. |
| 22 |
> |
| 23 |
> We could use such an identifier to identify repeated submissions |
| 24 |
> (users should send in more up to date again later) and handle |
| 25 |
> some kind of "database pollution" attacks. We wouldn't catch |
| 26 |
> attackers that change their MAC before submission. |
| 27 |
|
| 28 |
I actually assumed that "updates" are one of the most important |
| 29 |
happenings of a system like this. Updates actually allow you to see |
| 30 |
when and how people update, what the effect of an GSLA is, usage |
| 31 |
patterns, etc. etc. |
| 32 |
|
| 33 |
DoS attacks are different problem, but most probably can easily be |
| 34 |
solved by infra using some rate-limiting. Poisoning attacks are again a |
| 35 |
different thing, but perhaps not so important because their impact is |
| 36 |
low, and when detected easily remedied (restart from scratch, restore |
| 37 |
backup ...) |
| 38 |
|
| 39 |
> I suppose a privacy issue still exists as you might be able to |
| 40 |
> resolve certain changes in submission data over time down |
| 41 |
> to a person. I better not construct scenarios here, but I'm |
| 42 |
> afraid that would be possible. |
| 43 |
|
| 44 |
So, question, is dealing with the privacy via identity problem one that |
| 45 |
gives you any extra benefits, or can you entirely let it go? |
| 46 |
|
| 47 |
|
| 48 |
-- |
| 49 |
Fabian Groffen |
| 50 |
Gentoo on a different level |
Archives