Provide users a secret link (e.g.: https://dro.pm/log/xYKhQG7mD3MkafKt) that can be used to audit, up to a week after the link expired, whether the data was accessed by an unintended party. Also log access to the audit log. Rationale:
Allows verifying whether an unintended party got access to your data if you meant the link to be private
If you want to get the identity (e.g., IP address or user agent) of someone visiting your link, you can already do that by redirecting to a site of your own
Perhaps it should be anonymized to the organisation or ISP that viewed it, though, and/or the /22 or something. That's what most people will use as human-readable way of determining whether they were the only ones to view it ("huh why a Ziggo address? They only offer copper connections whereas I've got fiber!" helps more than "Oh no, 262.123.321.99 viewed it!"). Open question: how to turn an IP address into an org name? (I have some experience parsing whois data: it's a mess... Perhaps just show the full whois output upon clicking the /22 one is interested in?)
The user agent string should also show because this reveals bots (Telegram link checker, for example). The page should include the remark that the user agent string can be set by anyone, so it is just a hint and not a definitive proof that this was what it claimed to be.
Provide users a secret link (e.g.:
https://dro.pm/log/xYKhQG7mD3MkafKt
) that can be used to audit, up to a week after the link expired, whether the data was accessed by an unintended party. Also log access to the audit log. Rationale:Perhaps it should be anonymized to the organisation or ISP that viewed it, though, and/or the
/22
or something. That's what most people will use as human-readable way of determining whether they were the only ones to view it ("huh why a Ziggo address? They only offer copper connections whereas I've got fiber!" helps more than "Oh no, 262.123.321.99 viewed it!"). Open question: how to turn an IP address into an org name? (I have some experience parsing whois data: it's a mess... Perhaps just show the full whois output upon clicking the/22
one is interested in?)The user agent string should also show because this reveals bots (Telegram link checker, for example). The page should include the remark that the user agent string can be set by anyone, so it is just a hint and not a definitive proof that this was what it claimed to be.
Feedback is welcome!