Privacy Concerns

A serious problem which the finger system is not capable of addressing is intelligent divulging of information. All information provided by a finger server is available to anyone who can access that server through a network (often the entire Internet.) The problem here is that reliable authentication of the user querying the information, along with any classification of the availability of finger information, is not performed.

Unfortunately, as the Internet has grown, many newer (commercial) sites have declined to support the finger service, making it difficult to obtain information about users on their computer systems (try finding the username of a friend working for a major computer maker...) I feel strongly that some amount of information about computer users at a site should be made public.

Metafinger faces privacy issues at two different levels :

Privacy of the Individual

This refers specifically to privacy within a site, e.g. between users of the same computer system. There are two issues addressed by Metafinger:

Private Groups

The membership of a user's private groups should not be obtainable by another user. Whether specified in the user's profile, or as a private site-wide mail alias, this information should not be accessible, directly or indirectly.

This is addressed by requiring user authentication by the HTTP interface before loading a user's profile. When using the UNIX command line interface, authentication was done at login time. Private mail aliases, unless declared in a user's profile, are not understood by Metafinger.

Current Status

The issue of what items of information, if any, about the current status of an individual user (where they are logged in, when they logged in, what they are doing, whether they've read their mail, where their mail gets forwarded to, etc.) should be publicly available is an often-debated one. To conform to current standards, I limited the information supplied by the Metafinger server to that provided by the traditional UNIX finger server.

What a particular user is actually doing should not be widespread knowledge. Under Unix, this information is always available to other users of a computer system, and GNU finger incorporates this information into the server output. In order to conform, this capability was removed from the Metafinger server.

Privacy of the entire Site

Another concern is maintaining certain information private within a site. The main example of this being information about a local group's membership. In order to avoid making this information publicly available over the network, the expansion of group names into user names is done at the Metafinger client, not the server. A user at site A is limited to filtering using the mail aliases defined at site A, even when finger'ing another site.

Prev..Filtering & Presentation......................................... Conclusion ..Next
Meta Finger Top Level

wad@media.mit.edu