Opened 19 months ago

Last modified 2 weeks ago

#20928 new task

Document our privacy-preserving webserver log setup for the world

Reported by: arma Owned by:
Priority: Medium Milestone:
Component: Community/Outreach Version:
Severity: Normal Keywords:
Cc: hiro, karsten, dmr Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We use a novel log format for our webservers, which makes sure we don't collect the IP addresses of our visitors, and doesn't record the precise timestamp of the visits, yet still produces a format compatible with various log parsing tools.

Everybody in the world should be doing this.

We should document what we do and how and why, and tell the world so everybody else can do it too.

Apparently Debian uses the same approach we do, so we have some adoption already, but much more remains!

See
http://seclists.org/nmap-announce/2004/16
for some of our original motivation.

And see
http://lists.spi-inc.org/pipermail/spi-general/2016-December/003645.html
for a summary of what we do currently.

We should also invite/encourage people to find bugs in our set-up. It can always get better!

And lastly, a blog post like this will be really useful to point to when we start doing analysis and graphs and metrics and stuff.

Child Tickets

Change History (4)

Note: See TracTickets for help on using tickets.