tags:

views:

85

answers:

5
+2  Q: 

Is it ethical to let users see the request headers from visitors to a url shortening service?

I'm currently in the progress of making a url shortening service that will let the creator see the http request headers that the browser has made when visitors visit the url.

The visitors won't be made aware that they are being tracked, but obviously nothing is personally identifiable.

Is there anything I should be made aware of ethically or legally that makes this a bad idea?

A: 

The visitors won't be made aware that they are being tracked

Wouldn't it solve your concerns to just...not do that? Tell them the request is being logged

Michael Mrozek  2010-04-18 00:20:14
it's an instant forwarding service like all the other shortening services out there, so it won't have the opportunity to notify them
soniiic  2010-04-18 00:24:23
As sad as I am to say it, I would say that the default assumption should be that everything is getting logged, unless you explicitly use a service that is specifically designed for anonymity.
Uri  2010-04-18 01:20:00
@soniiic Ah, ok; I was picturing it like [this](http://preview.tinyurl.com/5cttyz)
Michael Mrozek  2010-04-18 01:24:18
+2  A: 

I am sure privacy freaks will cringe, but I do not think there is a problem. You are not doing anything web logging does not do for every web request anyway.

Tom Cabanski  2010-04-18 00:21:22
A: 

It's a grey area, but I don't see anything wrong with it. It's the same info the site owners will see when the request gets redirected to their site, right?

I would note it somewhere on your service's home page or in the terms of use, but I think it is pretty safe to assume that web users know that their browsers send requests to servers, and that those requests will be recorded and analyzed unless they are told otherwise.

Kristopher Johnson  2010-04-18 00:21:30
yeah it is the same info that site owners see, but the difference is that the site would give the ability for _any old user_ to come along, make a url, give it to a friend (enemy) and then see their request headers.
soniiic  2010-04-18 00:26:33
A: 

I thought a bit about it, and my first reaction was "Don't log more than necessary!" ... but then I thought "Why?". What worth is it to log all the headers? I mean, the data would not be much different to the data the user's browser sends to the webserver of the shortlink's target. The only header I'd consider worth logging would be the referer, since I assume that many people like to know how well their link is used and which page uses that link...

maligree  2010-04-18 00:41:34
+1  A: 

Having a Privacy Policy and explicitly notifying users are not the same thing, I don't believe. You can mention, in a privacy policy for the URL shortener, that this data is tracked, and that way someone who is concerned with their privacy will be able to find this information.

For example, bit.ly doesn't alert users to the fact that it tracks their activity, but it has a privacy policy available at http://bit.ly/pages/privacy/.

I don't know that you need to go so far as to specify that you are making header data available, other, perhaps, than to include what most sites (whether or not they are URL shorteners) that you track "non-personally-identifying information" and make that information available to whomever.

schellack  2010-04-18 00:51:15

related questions

When to say when with a startup company?
Ethics of assisting other programmers, where do we draw the line?
Protection from screen scraping
Legalities of screen scraping
Pharmacological enhancement for job performance
Ethics of keeping a domain name hostage
Is it wrong to decompile code?
Should I charge my client extra for the source code?
What open computer science problem should remain unsolved?
What to do when asked to fake or fudge a demo to the customer? Any hints on pushing back?
Programming as a meaningful profession?
Is reverse engineering evil?
Ethics and Coding
How can you give users confidence that your application has no malicious intent?
Ethics of Open Source Copy of Proprietary Software
Would you work for an "Adult" Company?
Is it ethical to monitor users?
Under what circumstances is it acceptable to break a public interface?
What should you do when coming across a publicly accessible security vulnerability?
What should be included in a programmer's code of ethics?
Have you ever faced an ethical issue when creating an application?
Is it ethical/legal to bring your favorite code with you after a job?
Compromising my integrity ?
What are the ethics of time management while working for pay?
Found a critical bug, but the company doesn't care