On Fri, 16 May 2008, Trixter aka Bret McDanel wrote: > how one would properly scrub depends largely on the data in question, > who its released to, etc. The more its scrubbed though the less > valuable it becomes to many.
It calls into question WHO is going to be collecting and responsible for this data? All of my data will include my IP, and whether or not it was logged, it still could be used should someone nefarious decide they wanted to gain access to that data. Assuming some sort of web server was accepting posts, someone who legitimately or nefariously gained access to that server could potentially find out proprietary information, such as number of minutes, number of channels, etc, on their competitors servers. While one can't imagine why this would be useful, just re-read Steven Totaro's examples of why ANI/CLID spoofing could be damaging. Imagine you are trying to sell your business and you can see how big or small you are compared to your competitors, just by logging into a server that didn't update it's OS or server software, left easily exploitable. I don't get much benefit from giving the data, but I do put a lot at risk for giving it. I won't participate. > You could of course do well to mask all the numbers in this particular > example, maybe just list the region its in (US state for example) and > not even the city. In that way you could try to reduce more and more > the information but still have some value. Still, I don't know who has the data, who aggregates it, how well they secure it, how well they scrub it, and who has access to the raw data. > At the very least it should be well revealed that this is going on, > especially since some places dont allow this without implicit not tacit > agreements over this. Agreements and contracts mean nothing to someone who breaks into the server for nefarious reasons. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.angryox.com/ --------------------------------------------------------------------------- _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
