 |
|
|
|
|
|
|
|
|
|
|
2005-03-12, 04:21 PM
|
#1 | |
|
The only guys who wear Hawaiian shirts are gay guys and big fat party animals
Join Date: Jan 2004
Posts: 178
 |
Quote:
Unfotunately the MAC address for the NIC isn't available unless the server is on the same ISP as they are in the same facility and the same cage, which would be a very rare case. If there are routers between the two machines, which is almost always the case, you'll see only an IP address and not a MAC address. Thus in the general case you don't have any specific identifying information. Without a cookie at least, the best you can do is categorize the connections in certain ways. For example you can say that this particular connection came from a Win98 SE user running a 3 year old browser called IE 6 whose clock is off by about 4 minutes, they have Excel installed but not Acrobat Reader, and they logged in as "joebob". The best indentifier is the username that they gave you specifically to let you identify them. The other information, such as operating system, identifies only a class of machines, not a particular machine or user. Of course one could also offer a cookie at signup time and if the user chooses to give you that cookie info back you'd be able to associate it with the sign info they gave you. I never finished law school, but as far as I'm aware there are no laws about keeping logs of what types of operating systems etc. have used your site. Personally indentifiable information such as name and phone number can;t be collected from those under 13 years of age without parental consent in the US. Otherwise if they choose to give you that info I don't know of any laws against keeping the info around. Strongbox primarily uses passive data collection. It only analyzes information that the user offers as opposed to seeking out information (except for requesting the user/pass). I don't see any issues legally or ethically with using information that the user provides for security purposes. Obviously selling personal information like names and email addresses to spammers would be an ethical violation, though probably not a legal one at this time. Because Strongbox doesn't share information with outsiders but only uses it for internal security I haven't had to delve into these issues. Strongbox does have one active component but essentially it just records whether or not the remote machine choose to grant us permission to do certain things. We don't do anything that anyone would complain about, we simply ask permission to do things and then record whether or not we got permission. |
|
|
|
 |
|
|
Hybrid Mode
