MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Suggestions and Feedback > No IP Retentetion
Full Version: No IP Retentetion
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

zemane

2008-04-22, 12:50 PM
Originally "wir speichern nicht".
The aim of the campaign is to inform about the IP retention. Saving the IP addresses of your users in your logs...
Why stop? In order to deliver to users the best anonymity and privacy possible.
-
So my suggestion is that during install admin could choose not to create user IP logging table on DB or even remove it after install with single click from adminCP. Again this feature isn't available in any other BBS! So myBB could be leading the way one more time.


I know maybe for most of you privacy and anonymity ain't that important. But we need to remember that there are several countries where you can get in to truble saying what you think, about human right, about the govern party... (like China, Russia, Venezuela and others...)
If they ask on a lawsuit "give us all information about user X", and i don't have the ip, well then would much harder to harm my user...

dvb

2008-04-22, 02:19 PM
well, that is interesting suggestion, but you'll need to delete your server logs also.
maybe you can do that with a cron?

zemane

2008-04-23, 10:58 AM
Yeah, thats the idea. If one is using shared host, that could be a bit hard, but myBB can do its part Smile

ChrisR

2008-04-23, 11:26 AM
So what your saying to to stop IP's from been logged? well i am sure you can set that in the adminCP so IP's are not logged.

zemane

2008-04-23, 01:27 PM
They are still loggod on registration, plus the ips that were already logged before, are keeped on the database.

laie_techie

2008-04-24, 02:28 AM
I, for one, would never get rid of IPs from my logs. IPs help me identify possible duplicate accounts. I rarely ban an IP on a first offense, but if I see a trend I add it to my blacklist. I reside in the US and my server is in the US, so China and Russia have no jurisdiction over me. Besides, due to the nature of my site, very few people from those anti-democracy countries would ever visit (except to try and spam).

Yumi

2008-04-24, 03:34 AM
Dunno about including this as an option, but if you want to remove logging of IPs, these code edits should be suffice:

In inc/datahandlers/user.php, find and delete:
"regip" => $db->escape_string($user['regip']),
		if(isset($user['regip']))
		{
			$this->user_update_data['regip'] = $db->escape_string($user['regip']);
		}

In inc/datahandlers/post.php, find and delete all instances of:
"ipaddress" => $db->escape_string($post['ipaddress']),
"ipaddress" => $db->escape_string(get_ip()),

And then run the following queries:
UPDATE mybb_users SET regip=""
UPDATE mybb_posts SET ipaddress=""
(assuming your prefix is "mybb_")

I haven't tested it, but that should be suffice. Note that this doesn't clear IP logging from mod/admin logs.
And IPs are somewhat necessary for the sessions table.



An interesting alternative, rather than not logging IPs could be hashing IPs - this will allow you to identify dupes (though that partly depends on your trust in the hashing algorithm not generating a collision), yet make it so that the hash itself doesn't mean much.

zemane

2008-04-24, 11:05 AM
Thanks a lot Zinga, that will be a very good start.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Suggestions and Feedback > No IP Retentetion