@Gargron Registrations are closed, so vandals are not an issue currently.
If mastodon gave me an option to store anonymised IP addresses instead, I'd consider it, but I'm very sure I'm not legally bound to store IP addresses.
Running a cronjob against the database is obviously not optimal, but it's better than nothing.
@rixx OK. Check the Security page too though, the IPs of logged-in sessions are important to the end-user, I believe.
@Gargron Important how? I deleted mine with no issues occurring, and I can't see that they are accessed in any meaningful way in the code.
@rixx Important as in I wanna know who logged into my account from where to be sure that it's all me - a lot of other services provide similar information.
@Gargron Ohhh, so mastodon logs way more than just last_sign_in_ip and current_sign_in_ip.
I feel that this feature should be based on a per-user decision, with the options "log", "don't log" and "anonymize".
@Gargron I get the desire to have this information available, but I also get that people don't want this (why would Mastodon need to retain the IP address I used on some browser a year ago, they say) – so at least offering an opt-out would be good.
@rixx If you're not using a session you can revoke it from that same page and its data is gone instantly.
@Gargron Right, and that's good, but if I'm a user who doesn't want past session IPs saved, I need to check that page on every login, which isn't good – a setting to avoid this would be very appreciated.
@rixx but then you'd only be able to use mastodon from one device (the latest one)
this isn't a login history, these are active sessions
@Gargron But why do sessions need to be IP bound? I mean, if I take my device to a different network, I don't need to sign in again, so IP addresses can't be a distinguishing feature for sessions.
If I were to manually remove only the IP addresses from the sessions, I'd still be able to use that session, no?
@Gargron @rixx Users that (have to) connect over Tor (or other anonymization tech) will change their appearing IP regularly.
Same for mobile devices on GSM networks as they move between cells. (The time where we had a single legacy IP per device are long gone.) Today carriers use Carrier-grade-NAT, IP pools, etc.
Changing IPs are the norm.
In my personal opinion, IPs as part of the session information cause unnecessary logouts → bad UX. Negligible security gain.
With regards to IPs being PII, the GDPR views IPs explicitly as such. (There's no need in arguing that this doesn't make a lot of sense from a technical point of view in most cases.)
Since GDPR and other related laws also mandate data storing minimalism (for more than 20y) and there's not technical reason to keep it, there's no legal requirement to keep it, get rid of it.
@MacLemon @Gargron Also, for non-technical users IP addresses are not helpful at all. Other services mostly show/store geo information, which is way less identifiable. Would that be an alternative for you? Seeing a "session x, last used 4 months ago, from Vienna, Austria" would be more helpful and less identifiable.
@xpac Why not make that super-privacy mode the default, call it normal and name the other mode that leaves an IP trail “IP tracking mode”?
Privacy should be by design and by default for everyone as a respecting sane choice. Why force instance operators to store information they don't want, have no legal grounds, and no technical necessity to store them at all?
@Gargron @rixx For this kind of check, it would be enough to store and show a prefix of each IP address – as done by Matomo, or even GoogleAnalytics if you use the anonymizeIP option: https://support.google.com/analytics/answer/2763052
@Gargron That German law (Vorratsdatemspeicherung, or VDS) is currently on hold after high courts of the EU and Germany decided that it is, well, unlawful. @Digitalcourage and others have taken this to the constitutional court to reach a final verdict which is expected this year. Currently, no German ISP we know of practices VDS.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!