Educause Security Discussion
mailing list archives
Re: URL Logging Allowed?
From: Rich Graves <rgraves () CARLETON EDU>
Date: Mon, 11 Nov 2013 11:32:19 -0600
We've been logging URLs, for phishing and malware remediation, since about 2010. I keep trying to have a serious
conversation about privacy here, but it's usually cut short with "don't worry, we trust you." Um, that's not the
I exclude facebook.com, *.edu, *.gov, and a few other domains because of the low signal/noise+privacy ratio.
As previously discussed here, short of full URL logging, you can get some idea of who has visited hostile sites with a
combination of DNS query logging and netflow. You need both because most web browsers will do DNS lookups for all links
on a page, even if the user never clicks them.
You can mitigate the privacy implications of any sort of logging with truncation, hashing, and reversible obfuscation.
1226522706a22b87bc141260c073fd9d can be just as useful as khfdurb.jimdo.com/. 2299920641 can be just as useful as
18.104.22.168. Design your query interface so that it displays personal identifiable information only when requested.