Document our privacy-preserving webserver log setup for the world
We use a novel log format for our webservers, which makes sure we don't collect the IP addresses of our visitors, and doesn't record the precise timestamp of the visits, yet still produces a format compatible with various log parsing tools.
Everybody in the world should be doing this.
We should document what we do and how and why, and tell the world so everybody else can do it too.
Apparently Debian uses the same approach we do, so we have some adoption already, but much more remains!
See http://seclists.org/nmap-announce/2004/16 for some of our original motivation.
And see http://lists.spi-inc.org/pipermail/spi-general/2016-December/003645.html for a summary of what we do currently.
We should also invite/encourage people to find bugs in our set-up. It can always get better!
And lastly, a blog post like this will be really useful to point to when we start doing analysis and graphs and metrics and stuff.