Page 1 of 1

Anonymizing IP's

Posted: Tue Jun 06, 2017 7:59 am
by richey
To increase privacy (and comply with some privacy laws) it would be great if there was an extension that would allow to anonymize user's IP numbers after a certain amount of time.

The code for it already exists: https://github.com/geertw/php-ip-anonymizer

Ideally, the extension would allow to configure the timeframe (like: 6 months) when stored IP numbers in posts would be anonymized by PHP's cron system.

kind regards,
r.

Re: Anonymizing IP's

Posted: Tue Jun 06, 2017 9:40 am
by david63
I am not sure what "privacy law" an IP address need to comply to but after six months most IP addresses will not be an issue as they will be well out of date and there is actually an argument that IP addresses should be retained as an audit trail.

Re: Anonymizing IP's

Posted: Tue Jun 06, 2017 1:45 pm
by richey
I'm aware of the value of IP addresses for auditing purposes (double registrations etc.).

However, in the EU there are strict privacy laws, and users have the right to demand their "personal information" to be deleted - IP addresses belong to personal information according to a couple of lawsuits that have been filed during the last few years. As you may know, unfortunately in such cases, it's usually small website hosters like me who get threatened with lawsuits and receive lawyer's blackmailing letters (with fee payment forms attached) if we're not complying with existing legal fine-print by 100% while fartbook, Google & Co. don't.

If an extension (or such a feature) existed, I could extend the privacy declaration on my board that - let's say, after 3 months - IP addresses are automatically anonymized, so no user could cause me any trouble if he wants to 'leave' and have 'all his information deleted'. The posts could remain in the board as they usually don't contain identifiable information, he/she could "anonymize" his/her email address (by changing it to a non-existing one, thus disabling his own access to the board) and his IP would be anonymized after a couple more weeks anyway.

cheers, r.

Re: Anonymizing IP's

Posted: Tue Jun 06, 2017 1:49 pm
by Brf
richey wrote:
Tue Jun 06, 2017 1:45 pm
if he wants to 'leave' and have 'all his information deleted'. The posts could remain in the board as they usually don't contain identifiable information, he/she could "anonymize" his/her email address (by changing it to a non-existing one, thus disabling his own access to the board) and his IP would be anonymized after a couple more weeks anyway.
It would be simpler to delete that user completely, and leave their posts behind. Then their Email address is gone.

Re: Anonymizing IP's

Posted: Wed Jun 07, 2017 9:17 am
by infinitiv
Brf wrote:
Tue Jun 06, 2017 1:49 pm
richey wrote:
Tue Jun 06, 2017 1:45 pm
if he wants to 'leave' and have 'all his information deleted'. The posts could remain in the board as they usually don't contain identifiable information, he/she could "anonymize" his/her email address (by changing it to a non-existing one, thus disabling his own access to the board) and his IP would be anonymized after a couple more weeks anyway.
It would be simpler to delete that user completely, and leave their posts behind. Then their Email address is gone.
But the IP still remains in posts table.

Re: Anonymizing IP's

Posted: Wed Jun 07, 2017 9:42 am
by Mick
richey wrote:
Tue Jun 06, 2017 7:59 am
and comply with some privacy laws
Illuminate please, what laws, do you have links?

Re: Anonymizing IP's

Posted: Wed Jun 07, 2017 10:57 am
by richey
https://www.whitecase.com/publications/ ... some-cases

As a webmaster/forum hoster, I'd really prefer to be able to 'forget' about such things by informing users beforehand that their IP's are 'safe' on my board (instead of having to clean up everything by hand on request), and save time when someone wants to have their private information deleted.

Re: Anonymizing IP's

Posted: Wed Jun 07, 2017 11:48 am
by david63
That report specifically states that unless there is sufficient other data present with the IP address to identify a user then it does not fall within the scope of the EU data privacy laws.

In standard phpBB there is no other "personal" data that can be used in conjunction with a user's IP address that could be used to identify them - now if you have other "add ons" that add that data then the issue is with the add on.

Re: Anonymizing IP's

Posted: Wed Jun 07, 2017 12:19 pm
by Brf
infinitiv wrote:
Wed Jun 07, 2017 9:17 am
Brf wrote:
Tue Jun 06, 2017 1:49 pm
It would be simpler to delete that user completely, and leave their posts behind. Then their Email address is gone.
But the IP still remains in posts table.
Why would it matter since the post is no longer attached to the user?

Re: Anonymizing IP's

Posted: Wed Jun 07, 2017 1:10 pm
by richey
In many board (including mine) it has come to the practice to suggest users to "anonymize" their account by entering a crazy email address and changing the password (so they won't be able to access it anymore by themselves as well).
That way, posts can remain in the forum (which is prefered by forum hosters in most cases), but the user's real email address is detached from the account (which is what most users are actually interested in when asking for their account to be 'deleted': to avoid potential spam). So the IP from the posts table remains linked to the account (and it could theoretically be used to track a user or reveal his real identity), although that would hardly cause any harm.

Re: Anonymizing IP's

Posted: Wed Jun 07, 2017 1:16 pm
by Brf
But if you delete the user account, then there will not be an account to link anything to anymore. Just leave the posts intact.

Re: Anonymizing IP's

Posted: Wed Jun 07, 2017 4:37 pm
by david63
richey wrote:
Wed Jun 07, 2017 1:10 pm
it could theoretically be used to track a user or reveal his real identity
Please explain how this can be done within standard phpBB

Re: Anonymizing IP's

Posted: Thu Jun 08, 2017 10:53 am
by canonknipser
I agree with the OP that board owner should be able to anonymize IP's, There is very seldom a need to store the posters IP for the whole lifetime of a post and it's against the "need to know"-principle.
With standard phpBB, it's quite easy to find out the IP the post was made from, the ISP where that IP belongs to (via whois service) and maybe (if it is a static IP) eg. the company network. It's just in the post information area, giving "IP", "posts made from this IP", "Other IP used by the user", all IPs with a link to the whois service.

Apart from that, there are some legal calls for "telecommunications data retention", which often affects ISPs, but normal board owners should very seldom have legal needs to store communications data eternally.

For a limited period it is useful to check session keys, or to identify multiple accounts from one user (there may be other usecases as well). But storing the data forever is not very useful and maybe against the law in some country or against board owners principles