(2015-09-08, 08:34 AM)Lennart Sauter Wrote: [ -> ]Since I asked for a setting for this feature it'd not drop useful functionality. Admins worldwide don't have to disable the function, german admins can.
It's not all about law by the way - it's a matter of data privacy. That's a topic which is quite important to users worldwide. You mentioned TOR as a solution on the userside but which user will do that? Instead I'd still prefer a server side solution from MyBB.
And what about your Apache/Nginx logs? Have you removed client IPs from them? Do you use Cloud flare? If so, they're recording your client IPs. Any other services in the middle (Google Ads? Yep, they record IPs) are also likely recording them too. To be fully compliant with this ruling you've got quite a lot of work on your hands.
This will likely not happen in the 1.x series, but is possible for 2.x. IP logging is spread throughout the 1.8.x codebase and would be a real pain to change at this stage.
(2015-09-08, 08:34 AM)Lennart Sauter Wrote: [ -> ]Since I asked for a setting for this feature it'd not drop useful functionality. Admins worldwide don't have to disable the function, german admins can.
I can tell a similar thing: German admins can use a plugin for this, while admin worldwide don't need to. Sounds a bit more logical, IMO.
(2015-09-08, 08:34 AM)Lennart Sauter Wrote: [ -> ]You mentioned TOR as a solution on the userside but which user will do that?
Any user who in fact requires privacy and can use Google. They won't be anonymous if they decide to visit nearly any non-German site (and many German sites regardless of the law) without Tor or anything similar. Most users don't need to hide their identity when browsing most forums - I don't think you can neglect that.
(2015-09-09, 09:24 PM)Destroy666 Wrote: [ -> ] (2015-09-08, 08:34 AM)Lennart Sauter Wrote: [ -> ]Since I asked for a setting for this feature it'd not drop useful functionality. Admins worldwide don't have to disable the function, german admins can.
I can tell a similar thing: German admins can use a plugin for this, while admin worldwide don't need to. Sounds a bit more logical, IMO.
To add some leverage, we were even discussing whether the "cookie law" note should be included in the core or as an official plugin, and that does concern not only Germany but the whole European Union.
(2015-09-08, 08:34 AM)Lennart Sauter Wrote: [ -> ]It's not all about law by the way - it's a matter of data privacy.
After said law came into force, the European Internet was flooded with ad-like popups and banners that were mostly ignored (
#1,
#2), which taught users to click
OK on random dialogs and security notifications; gigabits are being wasted on transferring complete third party JavaScript libraries (most likely from a CDN server that keeps an IP access log) to display a notice explaining how Internet browsers work each time the user visits a website (if they don't accept cookies, they will be flashed with it until they give up; it cannot be turned off, because the consent itself is being stored in a cookie).
All that while there were much more user-friendly solutions available (a
Do Not Track header, built-in cookie blocking [actual blocking instead of clicking
I don't agree and hoping for the best]).
Unfortunately, the law yet again proves to be behind the technology and the IP privacy case is no exception - while the service operators can be rendered blind it will not change the fact that the IP addresses are the very base foundation of Internet communications, which allows them to be intercepted or logged nonetheless.
(2015-09-08, 09:20 AM)Euan T Wrote: [ -> ]And what about your Apache/Nginx logs? Have you removed client IPs from them? Do you use Cloud flare? If so, they're recording your client IPs. Any other services in the middle (Google Ads? Yep, they record IPs) are also likely recording them too. To be fully compliant with this ruling you've got quite a lot of work on your hands.
This will likely not happen in the 1.x series, but is possible for 2.x. IP logging is spread throughout the 1.8.x codebase and would be a real pain to change at this stage.
We are using our own servers and no, we do not record IP adresses on server level (we do hash IPs and user strings to prevent DDOS in certain cases but you can not get the IP back from that hash and we'll store it for 5 minutes only). We do neighter use Cloudfare nor Google Ads or Google Analytics (Piwik OpenSouce rules here!). There are certainly cases where we can not prevent IP sending - Paypal is one of these cases for example - but that's paypal's fault, not ours.
I'd love to see that in 2.0, my company uses a plugin for this in the 1.8 series anyway now.
(2015-09-09, 09:24 PM)Destroy666 Wrote: [ -> ] (2015-09-08, 08:34 AM)Lennart Sauter Wrote: [ -> ]Since I asked for a setting for this feature it'd not drop useful functionality. Admins worldwide don't have to disable the function, german admins can.
I can tell a similar thing: German admins can use a plugin for this, while admin worldwide don't need to. Sounds a bit more logical, IMO.
Not all MyBB users are plugin coders (and there is no official plugin for it) but a lot are from germany - if you look at the stats at mybboard.de.
(2015-09-09, 09:24 PM)Destroy666 Wrote: [ -> ] (2015-09-08, 08:34 AM)Lennart Sauter Wrote: [ -> ]You mentioned TOR as a solution on the userside but which user will do that?
Any user who in fact requires privacy and can use Google. They won't be anonymous if they decide to visit nearly any non-German site (and many German sites regardless of the law) without Tor or anything similar. Most users don't need to hide their identity when browsing most forums - I don't think you can neglect that.
The discussion "if you don't have anything to hide - why would you care about privacy" is one that I don't want to discuss in detail here because I discussed that elsewhere in a 200 pages thread already.
I showed some examples of software that included hiding IP possibilities (WP, Drupal...) in the first posts of this thread and they implemented it. With some good reasons too. Forcing users to use TOR is not what I'd expect from sites. I expect sites to respect my Do Not Track headers and I do expect sites not to record my personal data if they do not need it for good reasons. Same goes for Android Apps and other providers. I do not visit a lot of sites because they are using a lot of trackers (although I got Ghostery so once again, I'm covered) and I'd not recommend them. I do not have AngryBirds on my Smartphone because they don't need to know my GPS location.
And I'd post more in a MyBB forum that does not track me and does not record my IP all the time then in a MyBB forum that actually does that. And a lot of people feel the same.
(2015-09-09, 10:38 PM)Devilshakerz Wrote: [ -> ]A lot of true thoughts about the EU Cookie Bar law.
I agree that this Cookie Bar is just stupid but I think since this is on the user site it should be treated differently. I'd not provide an OptOut for IPs. I prefer to not record what I don't need.
Maybe I can close this discussion in some way as I would no longer vote this into 1.8 core but pick it up as 2.0 suggestion? It should be easily done in core there so we might have less discussions for MyBB 2.0.
Feel free to open it as a suggestion for 2.0
If this topic is done with ill close it tomorrow.
(2015-09-10, 07:59 PM)Lennart Sauter Wrote: [ -> ]Not all MyBB users are plugin coders (and there is no official plugin for it) but a lot are from germany - if you look at the stats at mybboard.de.
I made a
free plugin available here on the mods site, which I mentioned earlier in this thread. It's not "official', but anyone can simply download it, no matter whether he's German or not. Anyone can translate and upload the package to the German support forums if they wish, too.
(2015-09-10, 07:59 PM)Lennart Sauter Wrote: [ -> ]Not all MyBB users are plugin coders (and there is no official plugin for it) but a lot are from germany - if you look at the stats at mybboard.de.
I'm sorry if this hurts your ego, but Germany is only a fraction of the world that MyBB provides this software for. As such, MyBB is not obligated to conform to German law, that is
your responsibility. Also, the only reason your board has more German registrants is because that is
your target audience, where MyBB's target audience is, more or less, the administrators from all over the world who are interested in running a message board. Stop constantly making this about Germany and then make the suggestion.
(2015-09-09, 10:38 PM)Devilshakerz Wrote: [ -> ]To add some leverage, we were even discussing whether the "cookie law" note should be included in the core or as an official plugin, and that does concern not only Germany but the whole European Union.
Please let that be a plugin. I'd prefer it not be included in the full download package either, but let it be disabled by default if the MyBB group decides that it must be included. Let the board administrator decide whether to enable it or not. Administrators need to step up and actually be administrators, not be held by the hand and have it be enabled for them "out of the box."
(2015-09-10, 09:45 PM)Destroy666 Wrote: [ -> ]I made a free plugin available here on the mods site, which I mentioned earlier in this thread. It's not "official', but anyone can simply download it, no matter whether he's German or not. Anyone can translate and upload the package to the German support forums if they wish, too.
Which does totally override the IP by fake number, see my statement for that.
(2015-09-11, 03:44 AM)Vashnik Wrote: [ -> ]I'm sorry if this hurts your ego, but Germany is only a fraction of the world that MyBB provides this software for. As such, MyBB is not obligated to conform to German law, that is your responsibility.
You clearly did not read this thread carefully dude. I never said that MyBB is obligated to do that, it was a suggestion. Read again and I might respond to a reply from you.
(2015-09-11, 07:09 AM)Lennart Sauter Wrote: [ -> ]Which does totally override the IP by fake number, see my statement for that.
Exactly, your statement. Not all German admins' who may not need partial IP. Also, I can't see the reasoning behind hiding the last two parts. If I'm not mistaken, it doesn't mean anything for IPv6 and you would only have an irreliable comparison for IPv4 addresses. Anyone can still neglect their identity if you manage to find similar IPs - that's the point of privacy after all. Partial IPs that may even be from different countries.
But if you feel that keeping some parts is important - well, feel free to share your plugin here and on German support forums as well, assuming you already made it.
I posted this suggestion for 2.0 and since it has been confirmed not to be in 1.8 anymore, I don't see any point in discussing this further. You seem to have made your opinion and I got a different opinion. Done with it.
http://community.mybb.com/thread-178780.html