Bug#759382: do not keep so much logs

To: 759382@bugs.debian.org
Subject: Bug#759382: do not keep so much logs
From: ilf <ilf@zeromail.org>
Date: Mon, 22 Sep 2014 19:50:48 +0200
Message-id: <[🔎] 20140922175048.GW12853@zeromail.org>
Reply-to: ilf <ilf@zeromail.org>, 759382@bugs.debian.org
In-reply-to: <[🔎] 20140922170706.GU12853@zeromail.org>
References: <20140826212848.9716.81869.reportbug@angela.anarc.at> <[🔎] 20140922092910.GA5877@ypig.lip.ens-lyon.fr> <[🔎] 877g0vpz5s.fsf@marcos.anarc.at> <[🔎] 20140922141434.GE3600@ypig.lip.ens-lyon.fr> <[🔎] 87vbofohti.fsf@marcos.anarc.at> <[🔎] 20140922145248.GH3600@ypig.lip.ens-lyon.fr> <[🔎] 87mw9robgr.fsf@marcos.anarc.at> <[🔎] 20140922170706.GU12853@zeromail.org>

ilf:

Debian shouldn't base its software on specific laws of specificcountries. Debian should provide sane defaults, produced by thecommunity, not obscure laws.

BTW, the Apache Consortium was "awarded" with a BigBrotherAward back in2000: "for the lack of attention of issues of privacy in the defaultconfiguration file of the Apache web server."


https://www.bigbrotherawards.de/2000/.scene/

More (bad) translation (by me):

In the default configuration, the Apache web server logs, among otherthings, the IP address of the user agent and the name of the retrievedweb pages. This information is a violation of user privacy, sincerelatively simple analysis tools can determine in retrospect, whichusers accessed which pages, in which order and how long the pages wereviewed.Beyong these basic logging functions, the default configuration fileof the Apache web server provides additional logging options, thatare very easy to switch on. Additional information such as the"referer" (the previously visited page) or the used browser softwareversion can be logged.In the standard configuration, these logging functions are onlydescribed from a technological point-of-view. There is no indicationthat the use of these functions may violate the privacy of the user.The use of extensive logging in a standard software such as the Apacheweb server must be fundamentally questioned. From an "informationhygiene" perspective, logs should only be kept if they areindispensable for the technological operation of the device. The userhas to be informed clearly and unambiguously, before he uses theservice.The Apache web server especially deserves this nomination, because thedefault configuration almost begs for the collection of completelyunnecessary data on a large. This results in globally distributed dataslime trails, about which the user is not informed, but provoke lawenforcement agencies to go ahead and request them.

14 years after this award and 15 months after Snowden: let's finally fixthis.


--
ilf

Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
		-- Eine Initiative des Bundesamtes für Tastaturbenutzung

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#759382: do not keep so much logs
  - From: Vincent Lefevre <vincent@vinc17.net>
- Bug#759382: do not keep so much logs
  - From: Antoine Beaupré <anarcat@koumbit.org>
- Bug#759382: do not keep so much logs
  - From: Vincent Lefevre <vincent@vinc17.net>
- Bug#759382: do not keep so much logs
  - From: Antoine Beaupré <anarcat@koumbit.org>
- Bug#759382: do not keep so much logs
  - From: Vincent Lefevre <vincent@vinc17.net>
- Bug#759382: do not keep so much logs
  - From: Antoine Beaupré <anarcat@koumbit.org>
- Bug#759382: do not keep so much logs
  - From: ilf <ilf@zeromail.org>

Prev by Date: Bug#759382: do not keep so much logs
Next by Date: Bug#759382: do not keep so much logs
Previous by thread: Bug#759382: do not keep so much logs
Next by thread: Bug#762584: apache2: silently changes user configuration /etc/logrotate.d/apache2
Index(es):
- Date
- Thread