zlacker

[return to "Justice Department withdraws FBI subpoena for USA Today records ID'ing readers"]
1. xvecto+W4[view] [source] 2021-06-05 22:32:49
>>lxm+(OP)
I wish services didn't store IPs at all.

If abuse is an issue, why not hash the IP with a nonce?

◧◩
2. nullc+O7[view] [source] 2021-06-05 23:00:43
>>xvecto+W4
There are only 2^32 IPv4 addresses, if you know the nonce you just try them all... no privacy provided.

If you don't know the nonce, you can't match against other users-- so not useful for abuse.

But I'm skeptical re: abuse uses. For commenters, sure-- you may need to store IPs to combat abuse. But for readers? At most you would need sampled data or in-memory counters (e.g. to catch high volume bots).

Unfortunately, there really isn't any penalty for failing to minimize private data collection.

◧◩◪
3. spacem+lf1[view] [source] 2021-06-06 14:34:14
>>nullc+O7
An example of using IPs to combat abuse is Wordfence. It's a WordPress plugin which blocks traffic from known abusive IPs. A quick glimpse at the "live traffic" for one of my websites reveals several IPs within the last hour that have attempted to access the site which were blocked.

A site I was repairing after a hack fortunately had server logs which included IP data. That IP allowed me to identify the specific exploit used.

So, there are definitely uses for IP data in security terms.

[go to top]