Much edited for brevity:

Hey hey friends.......please don't expand the "problem" more as needed :-)

Atually I installed the BOINC clients for test purpose on approx 10 machines, all of them on NON productive systems. So i'm quiet sure to not stay with one feet in the jail yet.... :-)

The BOINC client report so i know at the moment.

- Fully Qualified Domain Name like hostname.mydomain.fqdn (my question)
- Local IP Range like 192.168.1.1 (i'm not care, for this you got an firewall)
- External IP like 212.67.xxx.xxx (still not care....)
- OS including SP level (hmm, discutable....but used for some nice statistic reasons, I can live with it....)
- lotsa of other stuff like disk, cpu id, benchmarks etc. (not worth to mention)

And finally, if you install it as service, the BOINC clients knows (not send) an account with at least Logon as service right.

So, if you take all this together and thinks as professional about security issues in general, some bad feelings COULD pop up......

I believe I can trust anybody of the BOINC projects but to stop the ongoing discussion, it would be the best to NOT send the FQDN, just the single hostname. With this I would be happy already, the rest I can handle myself.

My statement is not about what is reasonable, my statement is about the current regulatory environment, and specifically the insanity called "Sarbanes/Oxley."

Sarbanes/Oxley is very vague, but it says that top level management must disclose every possible problem.

Sarbanes/Oxley consultants have suggested that running more than one protocol on a LAN is a SOX violation -- I've even heard of companies who have rewired their networks because the wiring firm would "certify" their work and the current wiring is working perfectly, but is not certified.

With this kind of insanity, as much as I like BOINC, both as a project an as a burn-in tool, I would at a minimum completely reinstall all software (or just not use BOINC in this regulatory environment).

It isn't about what is safe, it is about what some shareholder's attorney might get ahold of someday.

---

Actually, the host IP and domain information go out with every IP session to any web resource. If you open a web browser and go to google, google then has that information.

There are those that prove this by having signatures that reflect this information back to the user that is viewing the forums.

Since this information is already rather public, it cannot be considered an increased security threat.

---

BOINC WIKI

Actually, the host IP and domain information go out with every IP session to any web resource. If you open a web browser and go to google, google then has that information.

There are those that prove this by having signatures that reflect this information back to the user that is viewing the forums.

Since this information is already rather public, it cannot be considered an increased security threat.

It is certainly true that every internet packet has both source and destination addresses. But if a host is behind a router or NAT software then the details of the specific host are not exposed. BOINC has to run on each host individually, so any detail it gathers is more specific. Granted that detail is not a true security risk.

As in my earlier post in this thread, I see it as a privacy issue. If BOINC gathers and sends back any information not needed to fulfill its purpose there should be a way for a user to opt out of that.

                                                       Joe