I fully agree with this reasoning and I believe that was my initial response as well. Legal, as far as I know, favored the tiny amount of security through obscurity. As I said, with an ok from legal, I would be happy to allow either output style.
On Wednesday, October 16, 2013, Jan Ainali wrote:
On Oct 16, 2013 11:23 PM, "Steven Walling" <swalling@wikimedia.org<javascript:_e({}, 'cvml', 'swalling@wikimedia.org');>> wrote:
On Wed, Oct 16, 2013 at 1:59 PM, Jaime Anstee <janstee@wikimedia.org<javascript:_e({}, 'cvml', 'janstee@wikimedia.org');>>
wrote:
It was actually legal that identified it as a problem, but I think that
is being handled by good faith in people not releasing/pubishing cohort membership of any individual level data with identifiers. Many program leaders will be able to match different data points by user name also whereas most do not know what to do with the IDs (which made the IDs a bit more private) - Jaime.
If any person has access to user ids you should assume they also have
access to usernames. Both are public information. Assuming numeric ids are more private is security through obscurity.
I agree. And in this case the obscurity is really weak, we even provide the lookup tool.
/Jan
-- Steven Walling, Product Manager https://wikimediafoundation.org/
Analytics mailing list Analytics@lists.wikimedia.org <javascript:_e({}, 'cvml',
'Analytics@lists.wikimedia.org');>