I fully agree with this reasoning and I believe that was my initial
response as well. Legal, as far as I know, favored the tiny amount of
security through obscurity. As I said, with an ok from legal, I would be
happy to allow either output style.
On Wednesday, October 16, 2013, Jan Ainali wrote:
On Oct 16, 2013 11:23 PM, "Steven Walling"
<swalling@wikimedia.org<javascript:_e({}, 'cvml',
'swalling(a)wikimedia.org');>>
wrote:
On Wed, Oct 16, 2013 at 1:59 PM, Jaime Anstee
<janstee@wikimedia.org<javascript:_e({}, 'cvml',
'janstee(a)wikimedia.org');>>
wrote:
>
It was actually legal that identified it as a problem, but I think that
is being
handled by good faith in people not releasing/pubishing cohort
membership of any individual level data with identifiers. Many program
leaders will be able to match different data points by user name also
whereas most do not know what to do with the IDs (which made the IDs a bit
more private) - Jaime.
If any person has access to user ids you should assume they also have
access to
usernames. Both are public information. Assuming numeric ids are
more private is security through obscurity.
I agree. And in this case the obscurity is really weak, we even provide
the lookup tool.
/Jan
> --
> Steven Walling,
> Product Manager
>
https://wikimediafoundation.org/
>
_______________________________________________
> Analytics mailing list
> Analytics(a)lists.wikimedia.org <javascript:_e({}, 'cvml',
'Analytics(a)lists.wikimedia.org');>
>
https://lists.wikimedia.org/mailman/listinfo/analytics