[guardian-dev] Privacy preserving anonymized nginx log config

Hans-Christoph Steiner hans at guardianproject.info
Tue Jan 30 14:13:53 EST 2018


i'll bet greenhost is ammenable to privacy focused logging configs.

.hc

Tim Schwartz:
> Thanks Micah,
> 
> Yeah I really only think server logs are valuable as debugging, if $$$ is the core concept behind data analytics, then better to do it with a different system than straight server logs anyway. I really like this idea…
> 
>> Fortunately, you can actually get by
>> without keeping any logs, and just turn them on *when you need to debug
>> something* and then *turn them off immediately afterwards*. In this
>> scenario, you are only giving up the possibility of debugging past
>> problems that you cannot reproduce. A worthy sacrifice.
> 
> Though once you are scaling to a few servers or a higher level production environment, turning on / off logs might not be such an easy feat. 
> 
> Is anyone aware of managed hosting systems that have opted for privacy focused logging options? Might be an interesting space to investigate in general.  
> 
> Cheers,
> Tim
> 
> 
>> On Jan 30, 2018, at 9:42 AM, micah <micah at riseup.net> wrote:
>>
>> Tim Schwartz <tim at timschwartz.org> writes:
>>
>>> This is super helpful btw. Thanks. 
>>>
>>> What do people generally use as a rule of thumb on timing for log
>>> rotations on web servers that are privacy focused?
>>
>> Depends on your threat model, but possibilities are:
>>
>> 1. no logs at all, no rotation needed (when you have a ton of data, this
>> is actually a lot easier)
>>
>> 2. logs only in memory (vulnerable to vampire tap, or preservation
>> orders)
>>
>> 3. rotate stored logs in as short of a time as possible so that you can
>> balance usefulness against being an arbitrarily deputized state agent.
>>
>> when it comes to logging people generally want it for one of these
>> things:
>>
>> 1. surveillance capitalism - monetize visitors behaviors, sell to data
>> brokers, track you across the web, advertising
>>
>> 2. ego vanity - it feels good to know that 500 more people visited your
>> site this month, compared to last month
>>
>> 3. debugging
>>
>> If you can get over the first two (requires a bit of transcendence above
>> the earthly trappings of being human), the third one is really the only
>> reason to have any logs at all. Fortunately, you can actually get by
>> without keeping any logs, and just turn them on *when you need to debug
>> something* and then *turn them off immediately afterwards*. In this
>> scenario, you are only giving up the possibility of debugging past
>> problems that you cannot reproduce. A worthy sacrifice.
> 
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556


More information about the guardian-dev mailing list