Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Anonymisation of public data

Hi Boris,
The basic idea is to simply replace all identifiers with asymmetrically encrypted strings, so all IDs have the same ciphered result. RSA is used for the encryption, and the private key is thrown away once the encoding is done, making it impossible (according to common encryption standards) to retrieve the original string.

Is this a requirement, at this point, to make it impossible to retrieve the original stream for anyone?
I understand that the providing anonymous dataset is interesting as you explained, but what couldn't you or Eclipse Foundation keep the private RSA key safely to decode the id if you find some unexpected patterns? If you make id anonymous and find a set of id which have a strange correlation and that you'd like to explain, wouldn't it be helpful to decode the id and find out who are the individuals behind it to better understand the cause of the correlation or even set up chats with selected contributors to better understand their practices?
I have the impression there could be value in keeping ability to decode strings, while I don't think fully discarding the key is much safer than keeping it in a safe place (like an EF server with strong restriction on who can access the key).

My 2c (or maybe even less ;)
Mickael Istria
Eclipse IDE developer, for Red Hat Developers

Back to the top