[FIXED] mask client IP for privacy reasons


(kkretsch) #1

Is there a patch in the queue for masking i.e. the last byte of the client IP before saving for privacy reasons?
It seems there is a growing concern about saving an ip number, which would be allowed if mask. The network provider should still be found using the remainung ip fragment.
I think it would be a patch to the Common.php in the getIpString function.


(vipsoft) #2

You could do that but because this is a utility function (not limited to handling the visitor IP) and for other reasons described elsewhere, this is the wrong place to mask the visitor ip. We will work with the community to offer a solution that balances functionality with privacy concerns.


(XSK8) #3

Hey Vipsoft, I saw this has been moved to Milstone 0.6, whitch is really good.
Do you have any idea when this will be done?
I don’t want to stress anybody but here in Germany we have a bunch of lawyers who like to earn money with accusing websiteowners for anything possible…

Some of my clients are already concerned and want to disable tracking.


#4

I would tell those lawyer that they’re just been plain stupid.
If IP are masked in Piwik, you can still get it in the server log.
Because there’s no way the server can send a web page (file) without knowing to wich adress the delivery must be made.

But, if there a law in some countries, people of that country need to follow it.

I can say that i never need to see IP adress in Piwik in the first place. Piwik is already giving me all information about a visitor that IP adress could provide anyway.

Some people want to have IP so they can suit people that misbehave on their website. But isn’t what server logs are for ?


(XSK8) #5

[quote=TulipVorlax @ Dec 21 2009, 01:50 AM]I would tell those lawyer that they’re just been plain stupid.
If IP are masked in Piwik, you can still get it in the server log.
Because there’s no way the server can send a web page (file) without knowing to wich adress the delivery must be made.

But, if there a law in some countries, people of that country need to follow it.

I can say that i never need to see IP adress in Piwik in the first place. Piwik is already giving me all information about a visitor that IP adress could provide anyway.

Some people want to have IP so they can suit people that misbehave on their website. But isn’t what server logs are for ?[/quote]
No need to discuss this - its stupid - I know. But there are a lot of stupid laws and anyway you have to observe the law.
If you don’t, sooner or later a smart lawyer will make you pay some money and force you to observe the law…


#6

Did i said the contrary ? style_emoticons/<#EMO_DIR#>/mellow.gif


(XSK8) #7

Hey sorry, don’t wanted to offend you, maybe I misunderstood your intention.
I’m just waiting for this feature and getting nervous… style_emoticons/<#EMO_DIR#>/wink.gif

Nevertheless I’m still wondering if there is any idea when this feature or version 0.6 will be released?


(vipsoft) #8

I don’t have an estimate on the timeframe, but in relative terms, the next release will be 0.5.5, and we expect that will be followed by 0.6.


(ollyy) #9

[quote=TulipVorlax @ Dec 21 2009, 01:50 AM]I would tell those lawyer that they’re just been plain stupid.
If IP are masked in Piwik, you can still get it in the server log.[/quote]

Unmasked IPs in Serverlogs are not allowed in Germany. It’s not allowed to STORE (unmasked) IPs unless for billing (until billing is done). There’s an Apache Mod to mask IPs in Logfiles IP-Adressen in Webserver-Protokollen (Update A 2.4)

It’s not allowed to store identifying data of website-visitors without their permission.

This topic is getting bigger in Germany. I had to shut down Piwik on my website to avoid getting sued.


(Tiggr) #10

Hi!

This topic is getting bigger and bigger in germany! Now it starts to hit the press.

It’s just a question of time, until the first lawyers start earning money bye sueing site owners!

:frowning:

Bye
Marcus (aka Tiggr)


(Thomas Seifert) #11

[quote=Tiggr @ Feb 15 2010, 09:15 AM]Hi!

This topic is getting bigger and bigger in germany! Now it starts to hit the press.

It’s just a question of time, until the first lawyers start earning money bye sueing site owners!

:frowning:

Bye
Marcus (aka Tiggr)[/quote]

Ah, another one reading c’t style_emoticons/<#EMO_DIR#>/wink.gif.
But right, I feel the same about it. Would be really, really, really nice to have an option like that while keeping most of the analytics functionality.
Beside that I didn’t find a way in nginx yet to achieve the same for logfiles.

Regards,

thomas


(Tiggr) #12

[quote=Thomas Seifert @ Feb 16 2010, 10:44 AM) <{POST_SNAPBACK}>

Ah, another one reading c’t style_emoticons/<#EMO_DIR#>/wink.gif.

Yes! ;-]Beside that I didn’t find a way in nginx yet to achieve the same for logfiles.[/quote]

That’s the nice thing about shared hosting: I decided, the server logs are a SEL (Somebody Else’s Problem)! :wink: If things are getting hot, the provider has to take care about it.

Bye
Tiggr (aka Marcus)


(vipsoft) #13

Thank you all for the comments. As previously stated, this request is on the roadmap and is planned for the 0.6 release.

We appreciate the interest but please be patient. This is a non-trivial fix because we must also consider backward compatibility and functionality of non-core plugins. In the meantime, we’re trying to wrap up 0.5.5.


(Thomas Seifert) #14

[quote=vipsoft @ Feb 16 2010, 05:36 PM]Thank you all for the comments. As previously stated, this request is on the roadmap and is planned for the 0.6 release.

We appreciate the interest but please be patient. This is a non-trivial fix because we must also consider backward compatibility and functionality of non-core plugins. In the meantime, we’re trying to wrap up 0.5.5.[/quote]

That sounds awesome!
Any rough timeframe for 0.6?

Thanks,

thomas


(XSK8) #15

[quote=Thomas Seifert @ Feb 18 2010, 02:23 PM]That sounds awesome!
Any rough timeframe for 0.6?

Thanks,

thomas[/quote]
Hey Thomas and all others, I’m also wating for this feature, but decided to check this dev.piwik.org/trac/roadmap instead of asking here for a timeframe and wasting everybodys time style_emoticons/<#EMO_DIR#>/wink.gif
If you check the roadmap from time to time you’ll see, there is a progress style_emoticons/<#EMO_DIR#>/wink.gif

EDIT: ok links dont work here… I forgot : c&p the url HAHA!


#16

I still wonder how can someone living in Germany can contribute to a wiki as an anon then ?
I know wikis very well and all anons edits are showing in the recent changes and history with a full IP adress.
Sure, german people just need to make an account.
But not everyone want to do that.


(vipsoft) #17

Fixed. Will be in 0.5.5.


(Tiggr) #18

Great! Thank you very much!

Bye
Marcus (aka Tiggr)


(AdrianC) #19

[quote=ollyy @ Jan 19 2010, 01:33 PM]Unmasked IPs in Serverlogs are not allowed in Germany. It’s not allowed to STORE (unmasked) IPs unless for billing (until billing is done).

It’s not allowed to store identifying data of website-visitors without their permission.[/quote]

This is potentially very worrying.

Do you have any idea how this would apply to non-Germans running sites aimed at non-German audiences, but on servers located within Germany? 1&1/Schlund are one of the biggest hosting providers in Europe - with, AIUI, most of their European servers located in several data centres in Germany…


(XSK8) #20

Hey THX - realy friendly of you guys to move it into 5.5! THX a lot again.

The Piwik Software is really helpfull and it would be sad if we couldnt use it because of the damn IP problem!