[arch-general] [arch-dev-public] AUR ToS (aka making AUR user names public)
Tinu Weber
takeya at bluewin.ch
Mon Mar 6 08:44:12 UTC 2017
On Sun, Mar 05, 2017 at 18:14:02 -0700, Leonid Isaev wrote:
> Isn't Arch BBS already providing list of usernames?
The BBS's user list is only available to logged-in users. Although that
is certainly not an extended privacy measure, it still prevents random
people who just "pass by" from extracting the user list.
> In general, though, I'd say follow the principle of least effort. Why just not
> publish the list of usernames and that's all? This way, new users can easily
> grep for them and don't need scrapers, and "researchers" can have fun...
Because anonymisation: even if one dataset in isolation may look
unsuspicious from a privacy POV, if combined with other datasets, it may
suddenly reveal information that was not intended to be public.
I admit that a simple one-column list of user nick names may probably
not really be joinable with other datasets or -tables in any useful
manner, but it is still not always obvious how data can be (ab)used
(see also [1]).
I would not give out the user list. Even if there are means for
everybody to somehow obtain the data (with enough effort from their
side), it is not the same thing as simply handing it out conveniently
prepared and formatted.
Best,
Tinu
[1] http://archive.wired.com/politics/security/commentary/securitymatters/2007/12/securitymatters_1213
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20170306/8b80eb81/attachment.asc>
More information about the arch-general
mailing list