>> On May 20, 2011, at 10:35 AM, Keith Jenkins wrote: >>> >>> Just out of curiosity, does anyone on this list have any opinions >>> about whether website owners should publicly post lists of their >>> visitors' IP addresses (or hostnames) and to also allow such lists to >>> be indexable by search engines? >>> >>> For example: >>> https://www3.ietf.org/usagedata/site_201104.html >>> >>> Keith Somehow I missed this when it went by originally ... For websites being hosted by the federal government, although it's not considered PII (Personally Identifiable Information), most privacy policies state that we won't share information with third parties, and that we only use server logs for diagnostics and tuning. We're actually required to destroy our webserver logs within 30 days of rolling them, or at the very least, anonymize them. We specifically do *not* allow access logs or reports to be accessed from outside our local network. If nothing else, posting logs and/or reports invites 'referrer spam' : http://en.wikipedia.org/wiki/Referrer_spam And even if you're not posting referrer information, they'll embed it in the QUERY_STRING to connections to your site, so you'll have requests for: http://yoursite.example.edu/?http://spammer.example.com Which show up in most logs as: /?http://spammer.example.com ... I'd say there is *no* reason to make any of your logs, raw or processed, visible to search engines. If your administration insists on being able to see reports remotely, put them behind some sort of authentication. (although, in our case, authentication means more paperwork we have to fill out) -Joe