Hey folks,
The researcher running one of the new projects ( http://meta.wikimedia.org/wiki/Research:Anonymity_and_conformity_over_the_ne...) wants to have editors take a survey, but not use SSL or any other data encryption technology. What do you think?
-Aaron
What is the usual way to do it? Use SSL? What are the previous experience and how did the RCom responded previously to similar requests?
Best, G.
On Wed, Sep 28, 2011 at 4:26 PM, Aaron Halfaker aaron.halfaker@gmail.com wrote:
Hey folks, The researcher running one of the new projects (http://meta.wikimedia.org/wiki/Research:Anonymity_and_conformity_over_the_ne...) wants to have editors take a survey, but not use SSL or any other data encryption technology. What do you think? -Aaron _______________________________________________ RCom-l mailing list RCom-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/rcom-l
Usually, I'd expect an encrypted connection between user and server so that the survey data can be protected against a man-in-the-middle attack. However, this particular survey doesn't ask for information that is very personal in nature with the possible exception of age group (e.g. 13-20, 21-30, ..., 51 and above).
-Aaron
On Wed, Sep 28, 2011 at 9:28 AM, Goran Milovanovic < goran.s.milovanovic@gmail.com> wrote:
What is the usual way to do it? Use SSL? What are the previous experience and how did the RCom responded previously to similar requests?
Best, G.
On Wed, Sep 28, 2011 at 4:26 PM, Aaron Halfaker aaron.halfaker@gmail.com wrote:
Hey folks, The researcher running one of the new projects (
http://meta.wikimedia.org/wiki/Research:Anonymity_and_conformity_over_the_ne... )
wants to have editors take a survey, but not use SSL or any other data encryption technology. What do you think? -Aaron _______________________________________________ RCom-l mailing list RCom-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/rcom-l
--
"Truth is much too complicated to allow anything but approximations." :: John von Neumann
http://www.milovanovicresearch.com
RCom-l mailing list RCom-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/rcom-l
To date internal surveys have run on a non-encrypted LimeSurvey instance hosted on a WMF server. It's ironic that this server has been just taken down because of potential security issues (SQL injection). I'd recommend that we ask researchers to use standard encryption whenever possible (Limesurvey for one does support HTTPS).
Dario
On Sep 28, 2011, at 7:52 AM, Aaron Halfaker wrote:
Usually, I'd expect an encrypted connection between user and server so that the survey data can be protected against a man-in-the-middle attack. However, this particular survey doesn't ask for information that is very personal in nature with the possible exception of age group (e.g. 13-20, 21-30, ..., 51 and above).
-Aaron
On Wed, Sep 28, 2011 at 9:28 AM, Goran Milovanovic goran.s.milovanovic@gmail.com wrote: What is the usual way to do it? Use SSL? What are the previous experience and how did the RCom responded previously to similar requests?
Best, G.
On Wed, Sep 28, 2011 at 4:26 PM, Aaron Halfaker aaron.halfaker@gmail.com wrote:
Hey folks, The researcher running one of the new projects (http://meta.wikimedia.org/wiki/Research:Anonymity_and_conformity_over_the_ne...) wants to have editors take a survey, but not use SSL or any other data encryption technology. What do you think? -Aaron _______________________________________________ RCom-l mailing list RCom-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/rcom-l
--
"Truth is much too complicated to allow anything but approximations." :: John von Neumann
http://www.milovanovicresearch.com
RCom-l mailing list RCom-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/rcom-l
RCom-l mailing list RCom-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/rcom-l
I am not sure if we should require SSL for all surveys as general policy, I think we should encourage it for sure. I guess that surveys that do not support SSL communication will have a harder time attracting respondents and that's the best incentive for a researcher to use SSL instead of using making it mandatory.
best, Diederik On 2011-09-28, at 4:28 PM, Goran Milovanovic wrote:
What is the usual way to do it? Use SSL? What are the previous experience and how did the RCom responded previously to similar requests?
Best, G.
On Wed, Sep 28, 2011 at 4:26 PM, Aaron Halfaker aaron.halfaker@gmail.com wrote:
Hey folks, The researcher running one of the new projects (http://meta.wikimedia.org/wiki/Research:Anonymity_and_conformity_over_the_ne...) wants to have editors take a survey, but not use SSL or any other data encryption technology. What do you think? -Aaron _______________________________________________ RCom-l mailing list RCom-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/rcom-l
--
"Truth is much too complicated to allow anything but approximations." :: John von Neumann
http://www.milovanovicresearch.com
RCom-l mailing list RCom-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/rcom-l