On Wed, Apr 18, 2012 at 2:15 AM, Ian Weller <ian@xxxxxxxxxxxxx> wrote: > As part of the statistics++ project [1] it is Infrastructure's plan to > make data about visits to Fedora Project web servers public, in order to > automate the information made available on the Statistics wiki page. > > The httpd logs currently contain personally-identifiable information: > the IP address the request originated from and the user agent header. > > We think that at an absolute minimum we need to hash the IP address > (with a seed, obviously) and leave the user agent header as is. But we > wanted to make sure we got legal's opinion on this. > > [1]: h > > -- > Ian Weller <ian@xxxxxxxxxxxxx> > (Moving thread to Infra list as my question is not a legal one) What is the proposed hashing anonymizing scheme for the IP addresses? How can you do this securely? Keep in mind that an attacker can control some of the hashes in the public logs (by visiting the web servers with various ip addresses). _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
