[Foundation-l] Abuse filter

John at Darkstar vacuum at jeb.no
Wed Mar 25 12:35:46 UTC 2009 

The problem is that something that previously was public (vandal moving
 the page "George W. Bush" to "moron") will now be private (he get a
message that hi isn't allowed to do that), this shifts the context from
a public context to a private context. Then the extension do logging of
actions done in this private context to another site. Users of this site
will then have access to private information. It is not the information
_disclosed_ which creates the problem, it is the information
_collected_. It seems like the information is legal for "administrative
purposes", but as soon as it is used for anything other it creates a lot
of problems. For example, if anyone takes actions against an user based
on this collected information it could be a violation of local laws.
(Imagine collected data being integrated with CU) If such actions must
be taken, then the central problems are identification of who has access
to the logs and are they in fact accurate. That is something you don't
want in a wiki with anonymous contributors! :D

The only solution I see is to avoid all logging of private actions if
the actions themselves does not lead to a publication of something.
Probably it will be legal to do some statistical analysis to administer
the system, but that should limit the possibility of later
identification of the involved users.

There are a lot of other problems, but I think most of them are minor to
this.

John

Domas Mituzas skrev:
> Hello John,
> 
>> done, or that any other measure is taken to avoid said problems. Can
>> anyone clarify on the matter as it seems that nearly everyone just
>> hurrays the implementation and there is no effort to solve those  
>> issues.
> 
> 
> I discussed this with Andrew (he is not on foundation-l), and  
> apparently, AbuseFilter does not seem to disclose any information that  
> would not be available elsewhere.
> Is there any particular information released by it you'd consider  
> leaking private data?
> 
> We love privacy, but we want to be consistent :)
>

More information about the foundation-l mailing list