zlacker

[return to "Justice Department withdraws FBI subpoena for USA Today records ID'ing readers"]
1. xvecto+W4[view] [source] 2021-06-05 22:32:49
>>lxm+(OP)
I wish services didn't store IPs at all.

If abuse is an issue, why not hash the IP with a nonce?

◧◩
2. nullc+O7[view] [source] 2021-06-05 23:00:43
>>xvecto+W4
There are only 2^32 IPv4 addresses, if you know the nonce you just try them all... no privacy provided.

If you don't know the nonce, you can't match against other users-- so not useful for abuse.

But I'm skeptical re: abuse uses. For commenters, sure-- you may need to store IPs to combat abuse. But for readers? At most you would need sampled data or in-memory counters (e.g. to catch high volume bots).

Unfortunately, there really isn't any penalty for failing to minimize private data collection.

◧◩◪
3. hyperb+vl[view] [source] 2021-06-06 01:39:09
>>nullc+O7
But of course, the real reason is that those ips are worth analytics $$$.
◧◩◪◨
4. cout+4b1[view] [source] 2021-06-06 13:57:27
>>hyperb+vl
It's also useful forensic data if your site is ever hacked.
[go to top]