Opened 2 years ago

Last modified 3 months ago

#20928 new task

Document our privacy-preserving webserver log setup for the world

Reported by: arma Owned by:
Priority: Medium Milestone:
Component: Community/Outreach Version:
Severity: Normal Keywords:
Cc: hiro, karsten, dmr Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We use a novel log format for our webservers, which makes sure we don't collect the IP addresses of our visitors, and doesn't record the precise timestamp of the visits, yet still produces a format compatible with various log parsing tools.

Everybody in the world should be doing this.

We should document what we do and how and why, and tell the world so everybody else can do it too.

Apparently Debian uses the same approach we do, so we have some adoption already, but much more remains!

See
http://seclists.org/nmap-announce/2004/16
for some of our original motivation.

And see
http://lists.spi-inc.org/pipermail/spi-general/2016-December/003645.html
for a summary of what we do currently.

We should also invite/encourage people to find bugs in our set-up. It can always get better!

And lastly, a blog post like this will be really useful to point to when we start doing analysis and graphs and metrics and stuff.

Child Tickets

Change History (5)

comment:2 Changed 13 months ago by arma

Owner: mrphs, ailanthus deleted
Status: newassigned

comment:3 Changed 13 months ago by arma

Status: assignednew

comment:5 Changed 3 months ago by traumschule

Maybe link in the footer to a paragraph on contact explaining and linking this and then a blog post?
Another example: https://searxes.danwin1210.me/searxes_pp.txt?sv=ec5ec8976f898d3715319f7bc59688daf3e47f1c

Last edited 3 months ago by traumschule (previous) (diff)
Note: See TracTickets for help on using tickets.