It’s very domain specific. We log everything, no one looks at it, but when things go south that’s when we do the investigative work. I say “log everything” you might need it later
Exactly. Can every piece of data logged be tied back to a legitimate business purpose? What’s needed here is a mentality change: These logs should be thought of as liabilities rather than assets. You should log only what you need, while you need it, and then turn off the log when you’re done. If your mentality is “log everything, always, because maybe we’ll need it later” then these privacy and security trash fires should be expected.
I think there is certainly a place for audit trails etc, but it again comes back to how that data is used. An access log is an access log, but it's a difference if you analyze it to find people looking at data they have no reason to look at, or if you analyze it to track who spends how long on their toilet break. And a lot of what's offered by current "bossware" clearly falls in the latter category.
Nah, I was thinking in terms of behavior. Some (expensive) devices suck for detail on logging to the point of uselessness for forensic purposes, for instance. It'll compress a dozen criminal concepts into a single entry such as: "A user logged off"
Sure. But most other places (unsure about Apple) don't automatically ship those logs off to the maker of the OS for centralised bulk collection, analysis, and monetisation.
You forgot also making sure you aren't logging things you shouldn't log. Some are obvious maybe like passwords. Others might be less obvious like the title of every window on the user's desktop which Facebook Oculus logs. Those titles end up including every page of every website you've visited, the title of every document you've edited, and every video you've watched.
reply