Good to know that our privacy here is taken seriously. However, under what circumstances would you reveal/ have revealed commenter's identity/ three byte data/any other information that can be used to ascertain identity of a commenter to/by a third party?
Thanks for your vote. In addition, we also randomise the shuffling key regularly, so even if some reverse engineering of the first three bytes was possible, after a short while it would become practically useless again.
If they're dropping the last byte, then no. The first three bytes can of course be re-engineered if you use a high-end decryption software (since nothing randomized is actually truly random) but LI can be forgiven for that.
In an age where your most intimate chats on your cell phone are decrypted by the government on a regular basis, I can vouch this is more than enough protection for public comments on a news website.
so the pseudonymized ip address based on the data stored on your servers can be re-engineered/ restored to their original identifiable status should someone wishes to?
Hello, nothing shady here but we are still in the process of fully evaluating what the rules mean and the outcome of various court challenges. In the meantime, as before, we can reiterate that we do not store the full IP addresses of commenters, also in compliance with European and other international data protection legislation. We also do not believe storing of IP addresses is required under the Intermediaries Rules in LI's case.
We do store redacted and pseudonymised versions of IP addresses to prevent spam. On a more technical level that means: an IP address consists of four bytes (e.g: 255.255.255.255); when we store a comenter's IP address, we drop the last byte of that IP address. Furthermore, in that redacted IP address the first three bytes are then converted into unique words from a dictionary, which is also shuffled randomly regularly.
Any cookies stored on LI don't contain IP addresses or other identifying information to the best of our knowledge. If you have any queries, please do let us know.
only Kian@Legally India can answer this, so please do. what will it mean for the commenters. I read in some other thread that li only retains anonymized versions of IP addresses which does not allow for identifying individuals. Then why retain commenter's IP addresses at all, as any remnant of IP retained can eventually be used to track the person's identity, I am assuming in said case atleast ISP identification details are retained. LI threads are moderated for hours on end, so I am assuming anything palpably illegal(blasphemous, threats etc.),which will require intervention of the state machinery is not published in the first place.
Have you challenged the constitutionality (haven't read about it anywhere)?
Please do provide us with an update.
If you are fully complying with the new regime, you have violated your promise (made to us users) regarding guaranteed confidentiality. Anonymity no longer exists and the harmless cookie you had us store (which you had explained in detail a long time back in some comment) is now a disaster in waiting.
You will get a lot of recommendations for lawyers (if you wish to file, and also seek recommendations here). I am sure that you will also find a lot of talented advocates here who would be more than willing to help.
In an age where your most intimate chats on your cell phone are decrypted by the government on a regular basis, I can vouch this is more than enough protection for public comments on a news website.
We do store redacted and pseudonymised versions of IP addresses to prevent spam. On a more technical level that means: an IP address consists of four bytes (e.g: 255.255.255.255); when we store a comenter's IP address, we drop the last byte of that IP address. Furthermore, in that redacted IP address the first three bytes are then converted into unique words from a dictionary, which is also shuffled randomly regularly.
Any cookies stored on LI don't contain IP addresses or other identifying information to the best of our knowledge. If you have any queries, please do let us know.
If there has been a change in the Privacy Policy, why not inform people?
Y u no answer?
Me gusta!!
@Kian, have you complied with the new IT Rules?
Have you challenged the constitutionality (haven't read about it anywhere)?
Please do provide us with an update.
If you are fully complying with the new regime, you have violated your promise (made to us users) regarding guaranteed confidentiality. Anonymity no longer exists and the harmless cookie you had us store (which you had explained in detail a long time back in some comment) is now a disaster in waiting.
You will get a lot of recommendations for lawyers (if you wish to file, and also seek recommendations here). I am sure that you will also find a lot of talented advocates here who would be more than willing to help.