funsec mailing list archives
RE: 2002 murder suspect located via MSN Map search
From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 04 Feb 2006 22:34:49 -0600
--On February 4, 2006 10:33:57 PM -0500 "Richard M. Smith" <rms () computerbytesman com> wrote:
All that information would be in /var/log/http-access. It's a routine part of httpd logging. The only question is what's their retention policy and why? I was a bit surprised by the Microsoft mapping situation, because that implies a retention policy that is unusually long.On the flip side, one wonders why companies like Google and Yahoo find it necessary to go out their way to implement software which looks up what specific IP addresses and cookie ID numbers are searching for: Verbatim: Search firms surveyed on privacy http://news.com.com/Verbatim+Search+firms+surveyed+on+privacy/2100-1025_3 -60 34626.html Given an IP address or cookie value, can you produce a list of the terms searched by the user of that IP address or cookie value? Langdon: Yes. Given an IP address or cookie value, can you produce a list of the terms searched by the user of that IP address or cookie value? Yes, we can. Another question here is why are these companies saving search history tie to IP addresses and/or cookie values in the first place.
Our retention policy is one year. Is that a bad thing? I don't know, but if you give me an IP address, I can tell you when, down to the hundredth of a minute, that IP address accessed our webserver for any date/time in the past year. OTOH, no court is going to see that information without a legally-obtained subpoena, and they're not going to get any more than precisely what they asked for. IOW, I'll cull the logs for what you're looking for, but the only thing you're going to get is the snippets that include the IPs listed in the subpoena - nothing else.
This shouldn't come as a surprise, and it's certainly not "going out of our way".
I understand that individuals have rights, but we as a society have rights too. When you agree to live in a civilized society you agree to live by its rules and that includes the government's right, upon production of lawful subpoena, to look at information that might implicate you in a crime. Because the 99.99999% of us who aren't criminals prefer not to allow you to do whatever you please without consequence.
ISTM that too many people forget that the government is *us*, not them. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 2002 murder suspect located via MSN Map search Richard M. Smith (Feb 04)
- Re: 2002 murder suspect located via MSN Map search Paul Schmehl (Feb 04)
- RE: 2002 murder suspect located via MSN Map search Richard M. Smith (Feb 04)
- RE: 2002 murder suspect located via MSN Map search Paul Schmehl (Feb 05)
- Re: 2002 murder suspect located via MSN Map search James Kehl (Feb 05)
- Re: 2002 murder suspect located via MSN Map search Paul Schmehl (Feb 05)
- Re: 2002 murder suspect located via MSN Map search Valdis . Kletnieks (Feb 06)
- Re: 2002 murder suspect located via MSN Map search Colin Rognlie (Feb 06)
- Re: 2002 murder suspect located via MSN Map search Paul Schmehl (Feb 06)
- Re: 2002 murder suspect located via MSN Map search Axel Pettinger (Feb 06)
- RE: 2002 murder suspect located via MSN Map search Richard M. Smith (Feb 04)
- Re: 2002 murder suspect located via MSN Map search Paul Schmehl (Feb 04)
- Re: 2002 murder suspect located via MSN Map search Paul Schmehl (Feb 05)
- Re: 2002 murder suspect located via MSN Map search Richard Cox (Feb 06)
- Re: 2002 murder suspect located via MSN Map search Valdis . Kletnieks (Feb 06)