[Foundation-l] should not web server logs (of requests) be published?

[Erik Zachte]

Repost with shortened url:

WJhonson:
> The issue with the AOL Search Scandal is a red herring.  People are 
> not going to be searching for their own phone number or Social 
> Security numbers within Wikipedia.  And even if someone searches for 
> such a thing, there is no way to know that they are looking for 
> details on themselves, or on someone else.
> 
> Our entry on that regardless notes a lawsuit *four years old* with no 
> resolution http://en.wikipedia.org/wiki/AOL_search_data_scandal
> 
> Indicative I suggest of it being a non-story.

Many people did search for their own name occasionally, and relatively often
did search for local shops and local news. 
Each of these clues were ambiguous and insignificant by themselves, but once
put together often did paint a unique picture of one single person.

Apparently de-anonimization is a nice pursuit for some would-be detectives,
and quite possibly also for government officials in some parts of the world
where privacy is considered a risk to a state's stability. 

The AOL data were taken offline very quickly (and the research team
disbanded), but copies had already been made, and you can still find the
data online now. 

http://www.gregsadetsky.com/aol-data/ 

The following article paints a rather graphical picture of how search terms
came to haunt back their author.

http://tinyurl.com/322a5pk

Erik Zachte