1 |
On 02-04-2009 17:50:50 +0200, Sebastian Pipping wrote: |
2 |
> Fabian Groffen wrote: |
3 |
> > Is it really necessary to associate collected information to personal |
4 |
> > data at all? |
5 |
> |
6 |
> Are you referring to item |
7 |
> |
8 |
> * Add user's real name and contact info if wanted |
9 |
> |
10 |
> ? That's completely optional. I expect some people to |
11 |
> be willing to share their contact info, especially in the |
12 |
> beginning. It's not "needed" in any way. Does that answer |
13 |
> your question? |
14 |
|
15 |
I was wondering if this was necessary at all, and hence if you should |
16 |
include it. |
17 |
|
18 |
> > What if there would be a unique identifier (hashed MAC |
19 |
> > address?) that just identifies the Gentoo installation, would that be |
20 |
> > enough? That way you can track without any privacy issues involved, I |
21 |
> > think. |
22 |
> |
23 |
> We could use such an identifier to identify repeated submissions |
24 |
> (users should send in more up to date again later) and handle |
25 |
> some kind of "database pollution" attacks. We wouldn't catch |
26 |
> attackers that change their MAC before submission. |
27 |
|
28 |
I actually assumed that "updates" are one of the most important |
29 |
happenings of a system like this. Updates actually allow you to see |
30 |
when and how people update, what the effect of an GSLA is, usage |
31 |
patterns, etc. etc. |
32 |
|
33 |
DoS attacks are different problem, but most probably can easily be |
34 |
solved by infra using some rate-limiting. Poisoning attacks are again a |
35 |
different thing, but perhaps not so important because their impact is |
36 |
low, and when detected easily remedied (restart from scratch, restore |
37 |
backup ...) |
38 |
|
39 |
> I suppose a privacy issue still exists as you might be able to |
40 |
> resolve certain changes in submission data over time down |
41 |
> to a person. I better not construct scenarios here, but I'm |
42 |
> afraid that would be possible. |
43 |
|
44 |
So, question, is dealing with the privacy via identity problem one that |
45 |
gives you any extra benefits, or can you entirely let it go? |
46 |
|
47 |
|
48 |
-- |
49 |
Fabian Groffen |
50 |
Gentoo on a different level |