QUOTE(Daniel Brandt @ Fri 14th September 2007, 3:38pm)
![*](style_images/brack/post_snapback.gif)
But handing over server logs, complete with IP addresses, to some entity merely on their word that they won't disclose the information, is outrageous.
That was more the reaction I was expecting... I'm glad to see someone gets it.
QUOTE(Daniel Brandt @ Fri 14th September 2007, 3:38pm)
![*](style_images/brack/post_snapback.gif)
This should be a no-brainer for Tim Starling, and I'm surprised he had to pose the issue on the Foundation mailing list. One possible approach might be to first do a one-way hash of all the IP addresses, so that they become an identifying number that is still untraceable.
That doesn't work all that well for normal websites, and probably wouldn't work at all for Wikipedia, because the full logs of all the edits made to Wikipedia are already public. For instance, from the public logs we know that Daniel Brandt edited the "Criticism of Wikipedia" article on April 4, 2006 at 22:43 UTC. Now match that with the line in the logs where that url was accessed and we trivially match the hashed IP to Brandt. We might not know what the actual IP address is, but that part is irrelevant if we know the identity of the person behind the IP.
Now according to Wikipedia's privacy policy they generally throw out these logs after two weeks. So if that's true this particular privacy problem would only affect those who've used the website starting two weeks after they turn over the logs. But the way Tim Starling is asking about giving the logs to this university he's acting as though they have logs from way more than two weeks. That alone would be a serious breach of their privacy policy.