Logging of Web Usage

Bill Frantz frantz at pwpconsult.com
Wed Apr 2 16:24:58 EST 2003

At 2:58 PM -0800 4/2/03, John Young wrote:
>Would you care to comment for publication on web logging
>described in these two files:
>  http://cryptome.org/no-logs.htm
>  http://cryptome.org/usage-logs.htm
>Cryptome invites comments from others who know the capabilities
>of servers to log or not, and other means for protecting user privacy
>by users themselves rather than by reliance upon privacy policies
>of site operators and government regulation.
>This relates to the data retention debate and current initiatives
>of law enforcement to subpoena, surveil, steal and manipulate
>log data.

The http://cryptome.org/usage-logs.htm URL says:

>Low resolution data in most cases is intended to be sufficient for
>marketing analyses.  It may take the form of IP addresses that have been
>subjected to a one way hash, to refer URLs that exclude information other
>than the high level domain, or temporary cookies.

Note that since IPv4 addresses are 32 bits, anyone willing to dedicate a
computer for a few hours can reverse a one way hash by exhaustive search.
Truncating IPs seems a much more privacy friendly approach.

This problem would be less acute with IPv6 addresses.

Cheers - Bill

Bill Frantz           | Due process for all    | Periwinkle -- Consulting
(408)356-8506         | used to be the         | 16345 Englewood Ave.
frantz at pwpconsult.com | American way.          | Los Gatos, CA 95032, USA

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list