Yes, that looks a lot like the custom plugin for the MyBB 1.6 series I wrote beside I only killed the last two digits and did not replace the whole IP.
I might fork yours or rewrite my own one if there is no built-in solution for MyBB to come within the 1.8 series...
Yes, just hide last two digits in IP adress would be enough - replace them by "**"
(2015-01-18, 04:34 PM)Lennart Sauter Wrote: [ -> ] (2015-01-18, 04:28 PM)dragonexpert Wrote: [ -> ]My two cents, but the registration agreement says that your IP address is recorded, therefore, by continuing the sign up process you waived your rights at that moment.
Reference File: https://github.com/mybb/mybb/blob/featur...ng.php#L82
That's actually against german law as far as I know. The sentence has no effect therefor. Law > registration agreement.
(2015-01-18, 04:59 PM)Lennart Sauter Wrote: [ -> ]MyBB does also get the IP of guests for who's online display for example. If you deliver cached sites, you'll technically already have a saved IP adress. Also IP banning means you are saving an IP - with or without existing account.
MyBB also saves (depending on config) data about visitors - think of mobile plugins for 1.6 for example.
EDIT: Enable guest posting - guest IP recorded without registration agreement.
If you have privacy policies that do properly explain what is saved and what is it good for, you can do that. But for a forum it'll be quite hard to explain and writing a complete privacy policy for every forum individually will cause a lot of work. A simple setting would be a better solution here in my opinion. I'm not a lawyer. I do have an imprint and a data privacy statement on all of my sites but my sites do also not record IPs usually. Stefan, you might know the german "Verhältnismäßigkeitsprinzip" when collecting data. That is not given for MyBB here I think - also compared with Drupal/WP and so on.
Would you rather record all information and capture malicious attacks from visiting IP addresses so you can privide vital information when requested by enforcement agencies or would you rather protect a criminal by discarding IP addresses or falsifying information? This is the constant struggle between privacy and security. If you have a problem with MyBB's forum doing logging IP addresses, maybe you should turn your attention to Woltlab. Their Burning Board products store IP addresses for posting, sessions, etc. I currently hold a Burning Board license and operate a burning board with IP logging features built into it's core. Woltlab is a German company. So I think it's safe to say, your suggestion will not hold any weight on forcing MyBB into compliance with a law that doesn't apply to MyBB's forum software.
(2015-02-18, 02:20 AM)Vashnik Wrote: [ -> ]Would you rather record all information and capture malicious attacks from visiting IP addresses so you can privide vital information when requested by enforcement agencies or would you rather protect a criminal by discarding IP addresses or falsifying information? This is the constant struggle between privacy and security. If you have a problem with MyBB's forum doing logging IP addresses, maybe you should turn your attention to Woltlab. Their Burning Board products store IP addresses for posting, sessions, etc. I currently hold a Burning Board license and operate a burning board with IP logging features built into it's core. Woltlab is a German company. So I think it's safe to say, your suggestion will not hold any weight on forcing MyBB into compliance with a law that doesn't apply to MyBB's forum software.
I'm
not forcing MyBB into anything. This is the forum for
1.8 Suggestions and Feedback and I'm suggesting a feature for MyBB 1.8.
No idea why you do mention Woltlabs Burning Board here but hey - here is the (german) discussion of german webmasters using Burning Board and asking for a deactivation possibility for IP logging:
https://community.woltlab.com/thread/163308-ip-logging/
Be assured that german webmasters (if they don't want to be suit) are using Woltlabs BB with deactivated IP logging.
I already mentioned other web software discussing similar issues
here.
For the freedom of speech, I'd not provide any information to enforcement agencies. But sadly, they can force us to provide infos. If I don't have these infos, there is nothing to provide (beside username and email if valid).
But I don't want to dive to deep into the usual collect/protect discussion here. There are admins, that would like to see - for law enforcement or personal reasons - a simple option to shorten/deactivate IP collection for MyBB.
And I'm suggesting to add this option to MyBB Core as an optional ACP setting. That's all.
As we had the discussion lately at my uni (I'm German btw): there is actually no real law against it. There's a law that forbids storing "personal" (Personenbezogene Daten) data, however its not sure whether IPs are personal data or not. Some courts said yes, others said no and the Bundesgerichtshof (the highest German court) hasn't decided yet. Though if you want to be safe it's probably better I don't see the point of changing it by default and instead a tutorial should be enough. There is a lot of software that stores the IP without providing an option so I doubt that any court (German or any other) will sue all admins who use such a software.
(2015-02-18, 07:33 PM)Jones H Wrote: [ -> ]As we had the discussion lately at my uni (I'm German btw): there is actually no real law against it. There's a law that forbids storing "personal" (Personenbezogene Daten) data, however its not sure whether IPs are personal data or not. Some courts said yes, others said no and the Bundesgerichtshof (the highest German court) hasn't decided yet. Though if you want to be safe it's probably better I don't see the point of changing it by default and instead a tutorial should be enough. There is a lot of software that stores the IP without providing an option so I doubt that any court (German or any other) will sue all admins who use such a software.
We had the same discussion in my german Uni
IPs are person based data because you can identify persons (or households) by IP. The recent court decisions are pretty clear here.
If you follow the (Abmahnungen) in the last time, I'm pretty sure we'll see a lot of them for IP violations as we currently see a lot of them for not having a link to the privacy privacy statement (Datenschutzerklärung).
As I said, I personally solved this as a plugin so far - and I'll solve the new EU cookie bar requirements as plugin too. But MyBB would be a lot more usable in the professional area if it would provide more options. Not even talking about imprint page by default here...
And if Edward Snowden teached us one thing then to respect and protect data privacy.
This thread is going far beyond everything I asked for first and I'm sorry for that. I looked deeper into Piwik's logging system and I think I'll integrate that way of user identification (based on a hash) instead of logging IPs in plaintext with MyBB. It should provide the possibility to avoid multi user registrations and find posts by users while not saving the IP.
I can only recommend everybody who runs the software in germany to do the same.
I see the same problems as the authot of the thread. Privacy is very important and according to the german law IP shall not be registered. The defaults for the registration alloe to send a mail oer a PN to the user, this shall be disallowed by default. There are probably a lot of things thgat are not OK bit I habe not inspected all feature now.
Jean-Jacques
That's great and all if it's the German law. MyBB is a global product, however, and should serve the majority of the world, which does not have such laws. Additionally, this cripples the ability to ban selective IPs and forces the admin to ban incorrect IPs that multiple users (i.e. on the same Class B) would hit. This would also break the ability to integrate with StopForumSpam (or any other service, for that matter) as well.
If someone wants anonymity, then the board administrator should make the necessary modifications by plugin or code edit, or the user can use something like TOR or a VPN to mask their IP. Those are products or solutions targeted at this problem, whereas dropping useful functionality worldwide isn't necessarily proportional to the localized issue.
Since I asked for a setting for this feature it'd not drop useful functionality. Admins worldwide don't have to disable the function, german admins can.
It's not all about law by the way - it's a matter of data privacy. That's a topic which is quite important to users worldwide. You mentioned TOR as a solution on the userside but which user will do that? Instead I'd still prefer a server side solution from MyBB.