zlacker

[return to "Justice Department withdraws FBI subpoena for USA Today records ID'ing readers"]
1. xvecto+W4[view] [source] 2021-06-05 22:32:49
>>lxm+(OP)
I wish services didn't store IPs at all.

If abuse is an issue, why not hash the IP with a nonce?

◧◩
2. nullc+O7[view] [source] 2021-06-05 23:00:43
>>xvecto+W4
There are only 2^32 IPv4 addresses, if you know the nonce you just try them all... no privacy provided.

If you don't know the nonce, you can't match against other users-- so not useful for abuse.

But I'm skeptical re: abuse uses. For commenters, sure-- you may need to store IPs to combat abuse. But for readers? At most you would need sampled data or in-memory counters (e.g. to catch high volume bots).

Unfortunately, there really isn't any penalty for failing to minimize private data collection.

◧◩◪
3. xvecto+Fa[view] [source] 2021-06-05 23:31:42
>>nullc+O7
If you use a difficult hash function that takes ~1 seconds to calculate then it would take over 120 years to iterate through the IPv4 address space. At the very least, this could cut down on dragnet surveillance
◧◩◪◨
4. 542458+Ya[view] [source] 2021-06-05 23:35:53
>>xvecto+Fa
Yes, but then I’m burning a second of compute time every time I want to log something.

Also, by removing unlikely candidates (IPs owned by irrelevant entities or that are not US based) you could get the search range much much smaller, and with the FBIs budget you could probably compute it all in a few days even with a 1-second hash time.

[go to top]