[asterisk-biz] Anonymous statistics collection tool forAsterisk servers?

Peter Beckman beckman at angryox.com
Fri May 16 17:57:55 CDT 2008 

On Fri, 16 May 2008, Trixter aka Bret McDanel wrote:

> how one would properly scrub depends largely on the data in question,
> who its released to, etc.  The more its scrubbed though the less
> valuable it becomes to many.

  It calls into question WHO is going to be collecting and responsible for
  this data?  All of my data will include my IP, and whether or not it was
  logged, it still could be used should someone nefarious decide they wanted
  to gain access to that data.  Assuming some sort of web server was
  accepting posts, someone who legitimately or nefariously gained access to
  that server could potentially find out proprietary information, such as
  number of minutes, number of channels, etc, on their competitors servers.
  While one can't imagine why this would be useful, just re-read Steven
  Totaro's examples of why ANI/CLID spoofing could be damaging.  Imagine you
  are trying to sell your business and you can see how big or small you are
  compared to your competitors, just by logging into a server that didn't
  update it's OS or server software, left easily exploitable.

  I don't get much benefit from giving the data, but I do put a lot at risk
  for giving it.  I won't participate.

> You could of course do well to mask all the numbers in this particular
> example, maybe just list the region its in (US state for example) and
> not even the city.  In that way you could try to reduce more and more
> the information but still have some value.

  Still, I don't know who has the data, who aggregates it, how well they
  secure it, how well they scrub it, and who has access to the raw data.

> At the very least it should be well revealed that this is going on,
> especially since some places dont allow this without implicit not tacit
> agreements over this.

  Agreements and contracts mean nothing to someone who breaks into the
  server for nefarious reasons.

Beckman
---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman at angryox.com                                 http://www.angryox.com/
---------------------------------------------------------------------------

More information about the asterisk-biz mailing list