<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On 7 June 2013 19:21, Karsten 'quaid' Wade <span dir="ltr"><<a href="mailto:kwade@redhat.com" target="_blank">kwade@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5"><br></div></div>
A tracking-mirror could go something like this:<br>
<br>
* Logs are rotated out to the trash regularly, e.g. 24 hours.[1]<br>
* Data is gathered from logs in real time in an anonymous fashion, so<br>
nothing non-anonymous is inserted in to the database. No connection is<br>
retained between the data in the database and the logs not yet thrown away.<br></blockquote><div><br></div><div style>I have been trying to come up with a better way of saying the following but haven't been able to.</div>
<div><br></div><div style>Please do not use the word anonymous data. Trying to make data truly anonymous takes a LOT of work with nebulous gain. You have to do more than just change out ip addresses with something else. You have to remove timestamps, shuffle data around, drop some data and duplicate other, and all other kinds of things which done wrong can either not really anonymize the data or make the data worthless to trying to determine what is going on in it. Phd's come up with new methods all the time that fall apart in reality because of some assumption that was forgotten. </div>
<div style><br></div><div style>We can not promise anonymity, and trying to is not something that I could see happening in a volunteer organization.</div><div style><br></div><div style>Two throwing away logs gets you into trouble because the first thing you find is that you have a new question but you can't answer it with your old data because you weren't logging it. At which point you need 6 months of new data before you can answer that question. Plus logs are useful when you run into other issues like "Hey look someone broke into the system how did they do that?" Cross referencing http/ftp/rsync logs to the breakin usually shows where the attacker was really starting from which can help others. I would say that any logs we keep are kept for X time where X is longer than 6 months and less than 2 years. </div>
<div style><br></div><div style>If a mirror is set up, it is set up. Data is collected and stored and analyzed following the laws and rules of conduct that are set up for the people who can view and analyze that data. What is published from that follows those laws and rules of conduct also. Going beyond that without a staff of trained and knowledgeable statisticians who have done this sort of thing before is a recipe for disaster. </div>
</div><div><br></div>-- <br><div dir="ltr">Stephen J Smoogen.<br><br></div>
</div></div>