Leila Zia wrote:
... we are not aware of any reader logs being shipped
out of the
WMF servers.
Page 20 of
http://infolab.stanford.edu/~west1/pubs/West_Dissertation-2016.pdf
says, "We have access to Wikimedia’s full server logs, containing all
HTTP requests to Wikimedia projects." Page 19 indicates that this
information includes the "IP address, proxy information, and user agent."
At
https://youtu.be/jQ0NPhT-fsE&t=25m40s Dr. West says, "we have
the complete ... server logs from Wikipedia ... about 14 terabytes of
raw logs per month."
If this does not imply that the logs are copied from Foundation
servers, that is certainly advantageous over the apparent meaning
of the language used. But I question whether recording the personally
identifying data in the first place is wise.
I understand that there are currently two other university research
laboratories which have similar access. Is that correct?
Would anyone in the Foundation have any way to know whether any
of the researchers with access are subject to National Security
Letters, a subpoena from a US or foreign law enforcement agency,
or blackmail, extortion, or bribery, for that matter?
Is creating the MD5 has described on page 19 of Dr. West's
dissertation after filtering bots from the user agents and discarding
the IP address before ever storing the log files to disk an
appropriate solution to this problem?
Should SHA-512 be used instead of MD5?