Option to remove IP tracking

[chasz]

yeah so? viewing is different to posting

in the grand scheme of things it probably wouldnt matter, if some is out to get ya they will.

you can probably insert my IP yourself, however i dont understand this resistance !! lol

[Wolfie]

I think the main point is, why bother to remove it? You can easily remove it from view, so why remove it from the programming?

[Mark]

[quote name='chasz' date='20 June 2009 - 11:05 PM' timestamp='1245535557' post='1812016']
yeah so? viewing is different to posting

in the grand scheme of things it probably wouldnt matter, if some is out to get ya they will.

you can probably insert my IP yourself, however i dont understand this resistance !! lol


How is it?
Let's say you just posted something and now I want to find out who you are so I can hunt you down (not that I could do that with just your IP address anyway :P) - I send you a PM, with an image in it - now I know your IP address.

You should bare in mind I have very little say in what features are and aren't included. I'm just trying to make you see why it would be an utterly pointless feature, regardless of whether or not it's added :)

[chasz]

well, i just wanna state that ipb is neither moral police or law enforcers...i cant see why it cant be optional !

[adeadpeacock]

because there's no reason to have such a feature in the first place?

[Wolfie]

[quote name='chasz' date='20 June 2009 - 06:44 PM' timestamp='1245537859' post='1812023']
well, i just wanna state that ipb is neither moral police or law enforcers...i cant see why it cant be optional !

When a feature request is made, the IPS staff have to weigh out the options, benefits, drawbacks, necessity, demand and other factors that get involved with making such a request possible and available.

Out of the thousands of people who put in requests and have reasons for using IPB and the included features, only an extreme few, such as yourself, want the IP address to NOT be recorded.

So then, let's look at the overall concept. To prevent it from logging IP addresses, an option would have to be included that would ignore IP addresses altogether. Then other options and features that rely on the information would have to be reprogrammed to take into account that the feature may be disabled. Additional programming would have to be designed and implemented in order to adjust the board and the way it functions in order to not produce undesired or seemingly buggy results from the lack of obtaining and recording IP addresses. Overall, it's a massive undertaking just to make one very undesirable feature available for a select few people.

If you're really that worried about IP addresses being recorded, then go into the Peer to Peer forums and ask for help making a task module to run hourly that would do SQL queries to blank out or put in "127.0.0.1" in place of real IP addresses. Then you won't have to worry about it because the longest an IP address would remain in the database would be up to an hour. Would be much easier to design and would accomplish what you want.

I do believe I speak for an overwhelming amount of other board owners when I say that I would prefer that such a 'feature' not have a way to be turned off, because all it would take is for a hacker to find a way to inject malicious code to force a board to disable IP logging or a disgruntled administrator to turn it off on a board not his own, and then suddenly that board is vulnerable to all sorts of trouble. Not only that but someone could turn it off accidentally and then not realize it until they really need it. It's just too much trouble and too much that could go wrong with it.

[chasz]

if you are really worried about security why dont you put an .htaccess on your admin folder with your ip? rather than adding this bruden to the scripts in the first place. i mean we could go tit-for-tat all night !!! omg ! lol

i am yet to hear a decent explanation rather than a "holier than thou" attitude !

[Wolfie]

We're not talking security like keeping everyone out except for the administrator(s). We're talking about being able to detect spammers, users who make and use multiple accounts, imposters who try to steal accounts by hacking attempts, etc. There are so many reasons to have it there.

I can understand your desire to have a board where people can be anonymous when they post, but it's not a justifiable reason for everyone else to have their board put at risk just because one board wants it there.

[chasz]

what part of switch dont you understand.... dont hyperbole thanks.

[Wolfie]

[quote name='chasz' date='20 June 2009 - 07:43 PM' timestamp='1245541385' post='1812038']
what part of switch dont you understand.... dont hyperbole thanks.


I already addressed your "switch" concept.

[quote name='.Wolfie' date='20 June 2009 - 07:18 PM' timestamp='1245539924' post='1812029']
I do believe I speak for an overwhelming amount of other board owners when I say that I would prefer that such a 'feature' not have a way to be turned off, because all it would take is for a hacker to find a way to inject malicious code to force a board to disable IP logging or a disgruntled administrator to turn it off on a board not his own, and then suddenly that board is vulnerable to all sorts of trouble. Not only that but someone could turn it off accidentally and then not realize it until they really need it. It's just too much trouble and too much that could go wrong with it.

[chasz]

and i thought i addressed your hyperbole.....learn to use the built in apache features

[Brett B]

[chasz]

[quote name='aurorawx' date='21 June 2009 - 01:54 AM' timestamp='1245545690' post='1812051']


yeah good for you, if i were his admin gone rogue, or if i used a proxy, i doubt very much he could do much !

[Rheddy]

I think that if the original poster is looking to disable that feature, that they're not going to completely disable it. While the IP Address may not be visible to Admin and Moderators by having the IP Address attached to their posts, that information will still be logged and attached to their posts.

Also, if you want the privacy of your members to remain anonymous, then tell them not to post anything libelous or slanderous. If the forum is hosted outside the United States, then it's your responsibility and the owner of the forum could be held liable for the posting of the slanderous message. Courts have ruled previously that creating a program or a modification to circumvent technology over someone's anonymity is a violation of law.

Matter of fact, Courts in the United States have ruled against websites that have installed these kind of filters.

What the original poster needs to do is place this warning in their forum rules and in their registration rules:

'the Administrator of <insert_website/forum_name_here> respects the privacy of each member. The posting of libelous or slanderous material is not permitted and each member is responsible for the activity of his or her account and that the Admin, Staff or website owner of this site cannot be held liable for what a member posts. As such, our website will respond to any requests from Law Enforcement or any subpoenas for information.'

Now, if you don't have such protections on your site or forums, then it's your own fault if you disable IP Tracking and you find yourself on the wrong side of an interrogation booth. I have a warning similar to that one but less wordy.

[Wolfie]

[quote name='chasz' date='20 June 2009 - 01:31 AM' timestamp='1245475910' post='1811836']
My boss wants to know if there is an option to remove all IP tracking?

[quote name='kenichi' date='21 June 2009 - 12:42 PM' timestamp='1245602540' post='1812216']
I think that if the original poster is looking to disable that feature, that they're not going to completely disable it. While the IP Address may not be visible to Admin and Moderators by having the IP Address attached to their posts, that information will still be logged and attached to their posts.

They want to remove all tracking of it, not just removing the ability to see it.

[changeme123]

Won't happen with invision power board.

Every site you visit has some 'form' of IP tracking.

[Rheddy]

I have to agree because even if you manage to remove IP Tracking from the software, your webhost logs everything committed to your site. But, there's no way to remove it because the ACP records everything ... in order to remove all IP Tracking, that's going to involve someone creating a "Full Mod" for that and I doubt anyone would create one because most would have no reason to use that feature.

I would say that if you're concerned about that, then you need to find a forum software other than IPB.

It just sounds like someone is asking for this in advance because they think someone is gonna request logs of these users. They might want to think about hosting their website outside the country they're worried about.

BE WARNED: If you remove IP Tracking from every aspect of your forum software and you are in a country or nation that requests information about this member or that member, as it pertains to their IP Address and you don't have IP Tracking, the owner of that website could find themselves legally responsible for the posted comments of their users. Obviously, when you removing that IP Tracking, you become legally responsible for those posted comments since they are posted on your website. It's akin to being an accessory to a crime, meaning you could face the same charges.

Here in the United States, website operators are required by law to cooperate with law enforcement agencies. In the event that they don't the courts will interced or your webhost will intercede by shutting down your website and providing all pertinent information to the police of federal authorities.

You need to be mindful of the laws of your country. If you host your website in a country that has laws against posting certain things, then you, as the owner can be held liable.

[Connor T]

You've repeated the same thing now like 6 times. If the guy wants to disable it, then go for it. It seems like a great idea for politics which can get out of hand quickly. Its personally not my 2 cents to do, but you don't have to continue to bash the guy. Also, to correct your laws a bit. Most of the laws only come in place where your server is PHYSICALLY located. In order words my offshore server in Finland can do things that my server in America can not.



Thats not entirely true, back on phpBB3 a guy took my 110k user forum down using the 3.0.2 exploit. He stole all the passwords, decrypted them and mass spammed the emails, and still to this day posts the old mySQL dB on the internet. I filled out a FBI IC Form, and never heard back. Talk to my host to take legal action, never happened.

If you can get America to fight with you on any online issue, thats a miracle.

Here in the United States, website operators are required by law to cooperate with law enforcement agencies. In the event that they don't the courts will interced or your webhost will intercede by shutting down your website and providing all pertinent information to the police of federal authorities.

[chasz]

well if you want big brother to control you life even more, then be the slave that yer are.

unless i need the ip for geolocation in a membermap, they are gone with a reverse proxy, just need to disable the ip matching in acp

[Rheddy]

iBot, who said anything about bashing anything? I didn't. I'm just saying that there's no reason to disable IP Tracking and if you're doing so then you're doing something that you shouldn't be doing in the first place. This means that you're breaking the law.

If a particular member wants to disable his or her IP Address then there are somewhere programs out there that will do just that. There's no reason to disable the secutiy feature from IPB.

There's Hide My IP: http://www.hide-my-ip.com/

There's also using anonymous proxy servers to also hide your IP Address. There are many alternatives out there and none of them involve modding IPB with a new hack.

[chasz]

whats this law u keep quoting, if there is NO IP tracking feature in IPB3 then the webmaster cant be held responsible ;)

[Wolfie]

[quote name='chasz' date='22 June 2009 - 12:16 PM' timestamp='1245687400' post='1812487']
whats this law u keep quoting, if there is NO IP tracking feature in IPB3 then the webmaster cant be held responsible ;)

If someone commits a crime or gives cause for concern and you cannot provide information (because of your own intentional doing) or will not provide information when required to do so, then you are obstructing justice and depending on the circumstances, can be considered an accessory to the crime.

Also, IPS staff have already said that keeping a record of IP addresses is essential to the proper functioning of the board.

Why do you insist so heavily on it not keeping a record of IP addresses when you can see that the overwhelming response to this comes from those who develop the software, those who use it and those who can't see any point in it? I can understand the goal you are trying to achieve and that in itself is not illegal. However, you are requesting something be turned into an option and that I believe is extremely unlikely to happen. How many other IPB owners do you think want to have an option there that they will not only not use but that could be accidentally switched and they don't realize it until there have been too many problems caused?

It's like requesting that new cars be designed with brakes or car door locks being optional accessories. I don't know about you, but I rather like being able to come to a complete stop when needed and I like the idea of being able to lock the doors while I'm driving, to reduce the chances of being carjacked. You could very easily just not use the brakes and just not lock the doors. It's there but you don't have to use it.

[chasz]

jesus christ whats up with the hyperboles ?? is it a GDubya-itis??

You could walk across the streets and get hit by a bus, so why not lock yourself in your bedroom in your bubble?

Its like idiots in the US selling guns and defending their rights to guns and still are alarmed at the death by shooting rates.

Now a forum software is no lethal weapon, so ditch the holier than thou attitude, and unlike your little games forum, there are some serious discussion forums, that will need to hack up IPB silly little code. Who have better hackers than the script kiddies attacking games forums, by the way.

And if they keep making idiotic decisions, we will ditch them too.

[Rheddy]

Then, you haven't been paying attention. Recently, the RIAA and the MPAA have been going after website owners who run software and forum software where IP Addresses log the actions of each and every user that appears on your site. Well, courts are consistantly ruling that website owners are required to turn over their logs rergarding IP addresses so that they can identify what user is downloading what material.

Since these cases have set the precedents for handing over access logs regarding IP addresses, if someone posts something on your forums and you have deliberately deactivated that tracking, you can be held liable by the courts for that.

Every single user is responsible for the conduct committed under their IP Address. If you disable IP Tracking on your forums, the website owner can be held liable for negligence if that tracking is disabled if a serious crime has been committed. Because while the end user can be tracked via his or her IP Address, when you disable the end user's IP Address on your website, then you need to be aware that you place the liability on yourself as the owner of that website because you disabled a tool that would prevent someone from committing a crime or allow the police to apprehend that person.

[chasz]

booohooo for precendents, i will put an read-only on my log file and they can read that !!

Besides the boss will blame me ;) he wont be liable haha