Project

General

Profile

Housekeeping #2880

consider re-wording the privacy policy, regarding logs

sdfoijsaodif - about 1 year ago - . Updated 11 months ago.

Status:
open
Priority:
discussion
Assignee:
-
% Done:

0%


Description

History

#1

Updated by bill-auger about 1 year ago

  • Priority changed from bug to discussion

im not sure what this is referring to; but nothing is being "collected" - some rogue requests are being filtered and some IPs are being blocked - that was hoped to be temporary; but if the noise does not cease, then the policy may need to be changed

#4

Updated by freemor 12 months ago

It should be noted the the SYN flood protection pays attention to half connections in which the TCP 3 way handshake is never completed (SYN flood attack). Only very rarely would if catch an actual connection attempt. Also the Logging was primarly for Debugging the protection (making sure it wasn't catching actual connections) and would be trivial to turn off.

It also should be noted that that protection is not even active as the threat has passed.

#5

Updated by sdfoijsaodif 12 months ago

This is about someone reported scam post on Redmine and administrator checked some Redmine logs to check whether or not they are that scammer.

#6

Updated by bill-auger 12 months ago

i do not recall any event of that sort

this ticket is a great idea in theory; but it was not necessary
- it is not a new concern - the same intention is already
expressed in the privacy policy; and it is not forgotten - it is
a fine ideal, which is upheld whenever possible - in practice
however, any network service which is totally anonymous, will
inevitably become a magnet for trash, which can over-whelm the
admins, and the service becomes useless for any intended purpose

even if all connections were logged permanently, and the
sentence about logging IPs were deleted from privacy policy,
still, that is not an invasion of anyone's privacy; because that
information would not be publicly accessible, nor divulged to
any third-party - also, even if full logging were an implicit
privacy concern, no one ever needs to connect to the parabola
servers, in order to use parabola, download packages, nor to
communicate with the dev team - all of those things can be
accomplished via mirrors, email, and IRC

the important thing to note, is that every user of any distro,
who installs a binary package from any source, trusts the
packager implicitly by doing so - reading server logs would be
among the least fruitful ways to to collect information about
users and their computing activity - the IP address of any
legitimate user, or which packages are downloaded, is simply
not interesting

#7

Updated by sdfoijsaodif 12 months ago

I have found exact log messages on my IRC logs.

T 1586544140 1oaken-source1>    I will check the redmine logs. and if I find out that the IP that created the account matches the IP that created the issue, you're in trouble.

and after some time

T 1586544415 1oaken-source1>    I bluffed. that's different :)

But if these logs are useful to catch scammers if they reveal their IP by mistake, it is better to change privacy policy.

#8

Updated by bill-auger 12 months ago

  • Subject changed from Stop logging IPs! to consider re-wording the privacy policy, regarding logs
#9

Updated by oaken-source 11 months ago

Hey, sorry for the confusion. when I made that statement on IRC, I was bluffing, meaning I didn't know whether there were logs or not. The statement was made partly in jest, and partly to provoke the person I was communicating with into admitting that they were indeed themselves responsible for the spam they were reporting, by claiming that I had proof of that while I clearly didn't.

In other words, there never were logs. Any claims otherwise from my side were just plain false.

Also available in: Atom PDF