Opened 8 years ago

Closed 6 years ago

#3797 closed defect (duplicate)

Clean BridgeDB logs from sensitive data

Reported by: kaner Owned by: kaner
Priority: Medium Milestone:
Component: Circumvention/BridgeDB Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In an ideal world, we wouldn't keep sensitive user data in the BridgeDB logs. Maybe we can come up with an idea on how to keep the data of statistical value and still not keep anything sensitive.

For instance, GetTor logs hashed email addresses of users. Maybe this is something we could do for BridgeDB, too.

Child Tickets

Change History (3)

comment:1 Changed 8 years ago by karsten

Sounds good. When you do this, maybe consider hashing the normalized version of the email address, not the original email address.

comment:2 Changed 7 years ago by aagbsn

BridgeDB (as deployed) doesn't log IPs. Hashes of email addresses are stored long enough (3 hours or so) to implement email rate limiting. Was this ticket about something else, or can it be closed?

comment:3 Changed 6 years ago by sysrqb

Resolution: duplicate
Status: newclosed

Marking as dupe of #9199, reopen if you feel differently.

Note: See TracTickets for help on using tickets.