Private Monitoring

Both Mech and Datalog have server-side plugin components that could take on more monitoring responsibilities. Both are user facing, or even public facing more than site owner facing. We should consider what measurements should be public, site owner only, or private to the service operator.

For example, I've considered the names of sites hosted by a service to be private information that should not be shared by the service operator. I'm not sure who I am protecting by this decision. This information can leak out when previously unknown sites are forked into site we monitor with federation search. The Present plugin also exposes sites that may never been forked. Andrew Shell exploits this with his "river" monitoring. This was not my intention and probably a mistake that it was publicly visible.

Here is where the previously private memory stats are made public, cross-origin even: github , plot