Restricting Access to the Survey: If you want to use the anonymous link, but want to restrict who can log into the survey to complete it, try an authenticator or adding a password to the survey.This can be useful if you previously distributed your survey through the anonymous link but would now only like to use individual links instead. If desired, you can disable the anonymous link and only allow personal or individual links by enabling By Invitation Only in the survey options. Turning Off the Anonymous Link: By default, whenever your survey is active, the anonymous link can be filled out by anyone with the link.If you want to prevent multiple responses from the same respondent, refer to our Security survey options support page for more details on Prevent Multiple Submissions. Reusing the Link: By default, there is no limit to how many times a respondent can use the anonymous link.If you do not want this, or if you’d like to learn about any limitations involved, see Allow respondents to finish later for more details. ![]() Saved Progress: By default, progress will be saved as respondents take the survey so they can close the window and return to that same computer at a later date.Here are some other key things to consider when using the anonymous link: Before you use this option, see the linked support page for more details on how this setting works. ![]() Learn from others' mistakes, and others' successes - it is a lot safer than making those mistakes yourself.Qtip: If you do not want to collect IP Address or location data, consider enabling Anonymize Responses in the survey options. I recommend that you read this prior research, as it has important lessons for you. There are a number of other research papers on the subject search Google Scholar for papers that cite this one to find more. Myths and Fallacies of "Personally Identifiable Information". Computer Communication Review, volume 36 number 1, January 2006. The Devil and Packet Trace Anonymization, Ruoming Pang, Mark Allman, Vern Paxson, Jason Lee. I suggest reading the material in the public research literature on this subject. Headers are one thing the payload data is much higher risk. I do not recommend including any payload contents in the data set. Other methods that have been proposed include: replacing each IP address with its SHA1 hash (this is not secure with only 2 32 possible IP addresses, it is trivial to reverse the hashes and recover the original IP addresses - so do not use this method) replacing each IP address with a SHA1 hash of the IP address and some 128-bit cryptographic secret (this is much better, though it still allows linking all of the flows with the same IP address, so if you reveal any packet contents, this may identify users and reveal all of their activity) hashing just the first 16 bits of the IP address, again with a crypto key (a bit better still, but still may compromise the privacy of users if you include packet contents). If this removes too much information for your situation, you need to tell us more about your situation. The most secure method is to delete all IP addresses. The best method to anonymize IP addresses depends in intricate detail upon the intended use of the data-set, and what kind of analysis you want the recipient to be able to do. Use technical methods to obscure the IP addresses and anything else that may identify users. Also, request and obtain a written, signed agreement from the recipient that they will use the data only for certain purposes specified in advance that they will not share the data with others that they will use reasonable methods to secure access to the data that they will report any security breaches to you and that they will destroy the data upon your request.Īpply technical methods. Get approval from appropriate policy-level folks at your organization for releasing the anonymized data set. Therefore, while it is worthwhile to try to use technical methods to anonymize the data as much as possible, please be prepared for the possibility that they may be flawed. ![]() Many attempts at anonymization have turned out to be flawed. While you can try to obscure some of the data (e.g., IP addresses), please understand that this is a very tricky subject. You don't provide enough information about what you're trying to do for me to provide you a detailed solution, so I'm going to have to stick to general principles:Īnonymization is hard and imperfect.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |