[Foundation-l] should not web server logs (of requests) be published?

aude aude.wiki at gmail.com
Sun Nov 28 20:25:09 UTC 2010 

On Sun, Nov 28, 2010 at 2:30 PM, <WJhonson at aol.com> wrote:

> I'm afraid our Tatar is correct in some senses and others in this thread
> are in a failing  or failed mode.
>
> Each web server, of which the WMF has a few, collects details on the
> behaviour of IPs, in logs.  Those logs can be and probably have been
> requested by
> certain government officials, most likely for the purpose of tracking down
> who is behind a certain "Bad" posting to a BLP.
>
>
CheckUser data (IPs of editors) are kept for 3 months.

http://svn.wikimedia.org/viewvc/mediawiki/trunk/extensions/CheckUser/CheckUser.php?view=markup

WMF does not keep apache logs which would track what pages people are
reading.''

http://noc.wikimedia.org/conf/httpd.conf (see CustomLog which is commented
out, meaning that access logs are not kept)

There are some logs for the squid servers which are used to generate page
view stats, but those take a 1/1000 sample and there are full squid logs for
click throughs on the fundraising banners.

http://wikitech.wikimedia.org/view/Squid_logging

So, we do not have readership logs except for the sampled squid logs.  For
performance reasons, it's not desirable to collect more detailed logs, nor
would we really want them.

-Katie (@aude)


> In addition, courts can make such orders in order to determine an otherwise
> "John Doe" named in a suit, such as for libel, etc.  It's happened it will
> continue to happen, the WMF does keep such logs.
>
> Knowing the IP, it can then be tracked back to that user's ISP and a log
> again requested to determine the exact person, or at least business or
> household, who used the IP at that exact time.  So playing with words,
> doesn't let
> us get around that point.
>
> I'm still not clear why we would want to know the IP exactly for analytical
> purposes.  Some intrepid programmer could write a program which would
> simply collect detailed analysis of a person's in-world behaviour and call
> them
> "Bob992" instead of 13.42.204.192 or whatever.  Making the information
> packets anonymous.  That would still allow any sort of analysis the Tatars
> want to
> make, and not reveal any private information.


> W
> _______________________________________________
> foundation-l mailing list
> foundation-l at lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/foundation-l
>

More information about the foundation-l mailing list