Log retention & monthly uniques

[pde]

In briefing large third parties about the policy, we've encountered a range of feedback about the 7 day log retention period. One opinion was "7 days is exactly enough; it ensures we'll have business days to deal with a problem, even during a holiday". Another opinion was "10 days would be much better". A third opinion was "31 days is a magic number, it lets us get a good handle on monthly unique visitors".

We should pick one of these for the next revision.

[pde]

It doesn't seem as though 31 days is necessary for measuring monthly uniques: there should be numerous good methods for that that don't require tracking, such as setting low entropy cookies ("countedinJuly=true") or feeding an HMAC of some identifiers into a bloom filter or other fancy counting data structure. It should be easy to do this in a way that counts as an anonymized dataset.

[josephlhall]

FYI: We've found that 30 days is something that many folks were already using, and it's what we've recommended (not after deep thought, but mostly, I think, in the sense of "90 is way too damn long") and it's what's in our own policy. I don't think it will be a big impact to us to bring it down to 10d, but we don't have very interesting logs! (the kicker is that I think any new privacy policy we roll out has a 30d waiting period before going into effect... so once we decide we can do this, it will still take some drafting, legal, and posting time before we could be formally compliant).

[pde]

Where this wound up was that several extremely large websites of different sorts told us that they might hypothetically ask for 30 day retention as a condition of signup, but none of them actually made that ask in time for the 1.0 launch. So we're sticking with 10 days for the time being.