Jump to content



  • Posts

  • Joined

 Content Type 



IPS4 Providers

Release Notes

IPS4 Guides

IPS4 Developer Documentation

Invision Community Blog



Entry Comments posted by ptprog

  1. 3 minutes ago, opentype said:

    Yes, the ToS are irrelevant in this case. But the user has the chance to check out the privacy policy to learn how his form data will be used.

    For contact forms probably only Privacy Policy is relevant.  For guest posts I believe both are important.

    (In general I agree with you that this is stupid, and it is unlikely anybody will have problems with this.  But I wouldn't be surprised if this is indeed required.)

  2. 8 minutes ago, DReffects2 said:

    The country Germany itself has lost in front of the court for storing IP addresses. The opinion of the court is a little bit more worthy than yours and mine. What matters at the end of the day is that the storage of IP addresses for a company is risky and was proven time and time again to be unlawful. No matter how you personally interpret the law.

    As I mentioned in other post, at least in the European Court, the decision was favorable to the use of legitimate interest as a reason to store IP addresses, even though they were classified as personal information.

    But I agree when you say that storing IP addresses is risky, 

  3. 1 hour ago, Matt said:

    That really is not required. It should all in the T&S and Privacy Policy which you have to opt-in to when registering, and this opt-in is recorded.

    GDPR is not about putting a checkbox in front of every possible interaction with the site. What a nightmare that would be for everyone.

    Note that you can use the contact form without agreeing to the ToS, I believe.  Probably there are other guest forms in a similar situation.

    I'm checking European Commission websites to see how they are complying with GDPR, and their contact forms (or at least some) have the consent checkboxes.  So, even though I'm not particularly concerned with this issue, I think it would be wise to add this to contact forms and some other guest forms (maybe put it in the same places where you may place a CAPTCHA for avoiding guest spam messages).

  4. 2 hours ago, DReffects2 said:

    I based my writing on the rulings of the european high court and BGH (germanys highest court). Due to this rulings google has implemented the anonymize_ip function in google Analytics. German providers offer the option to truncate the last 3 digits in weblogs as well.

    Logic behind the ruling was that you are not allowed to store unless there is an actual threat against your server. Crime prevention by globally logging IPs is not what the court wants. No Minority Report dystopia in the EU.

    My understanding of the European Court decision is that not only it decided that IP address are personal data, but also said the the German law limitations on storing personal data based on legitimate interest were not in accordance with the EU directive.



    The operator of a website may have a legitimate interest in storing certain personal data relating to visitors to that website in order to protect itself against cyberattacks.


    Second, the Court states that EU law4 precludes the legislation of a Member State under which an online media services provider may collect and use a visitor’s personal data, without his consent, only to the extent that it is necessary to facilitate and invoice the specific use of services by that visitor, so that the objective aiming to ensure the general operability of those services cannot justify the use of such data after those services have been accessed.

    The Court recalls that, according to EU law, the processing of personal data is lawful, inter alia, if it is necessary to achieve a legitimate objective pursued by the controller, or by the third party to which the data are transmitted, provided that the interest or the fundamental rights and freedoms of the data subject does not override that objective.

    The German legislation, as interpreted by the majority of legal commentators, reduces the scope of that principle, by excluding the possibility of balancing the objective of ensuring the general operability of online media against the interest or the rights and freedoms of visitors.

    In that context, the Court emphasises that the Federal German institutions, which provide online media services, may have a legitimate interest in ensuring the continued functioning of their websites which goes beyond each specific use of their publicly accessible websites.

    This latter part has been interpreted by some as meaning you can store the IP addresses for some time based on legitimate interest.  It is also my interpretation, but I'm not a lawyer.

    1 hour ago, TSP said:

    But other parts of account history is unnesseary. 

    For example, do you need to know that someone changed from mypreviousmail@myjob.com to unemployednow@yahoo.com for a year? You are perfectly able to make a good argument for keeping such entries for some months after the member changed it, but you're really stretching it when it goes beyond a year for some of the information they store to account history now. 

    I agree.  I was just stressing that the rules to keep personal information may be tricky to define, as there is some information that needs to be retained for longer periods, and that information may not be properly "isolated".

  5. 16 hours ago, TSP said:

    FWIW I agree on the interpration from IPS on most points here. The only thing I'm a bit surprised by is that they don't provide retention settings for:

    • IP addresses
    • Account history 

    The account history is actually a particular cases where we need to keep some IP addresses indefinitely (the ones that are associated with "consents").

    11 hours ago, DReffects2 said:

    Therefor we absolutely need an option to disable the collection of IP addresses and purge previously collected data. (since that's not new with the GDPR)

    I recognize that you might be able to run a few db-queries to purge the IPs but since the GDPR requires companies to have a method description for all things related to IT this is not enough. Each tool used within your companies IT structure needs to be GDPR compliant on its own. Therefore the exclusion of IP address data collection has to be implemented within Invisionpower Software to be legal.

    I disagree that you need to completely disable IP address collection (or even anonymize all IP addresses before storing then).

    Recital 49 says:


    The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security [...] constitutes a legitimate interest of the data controller concerned.

    This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping 'denial of service' attacks and damage to computer and electronic communication systems.

    Storing IP addresses for a limited amount time (a few months) is a perfectly proportionate measure to be able to investigate a security incident or block brute force attempts, for example.  This is something you cannot simply enable after the fact, so you need to collect them under normal operation.

    There are also IP addresses such as the ones that are part of the proofs of consent, which you likely want to store indefinitely, and here I guess you can use "compliance with a legal obligation" as legal basis.  You would only delete those IP addresses if you deleted the member account.

    This may be a delicate subject, though.  I'm aware that German law has been traditionally more protective of IP addresses than some other European countries.

    35 minutes ago, DReffects2 said:

    To be valid those unexpected terms and conditions have to be acknowledged individually by the user. This not only goes for all the intellectual property stuff but also for the new requirements of the GDPR. That's why I was asking for individual checkboxes during signup, commenting, contact forms etc.

    I'm not sure if this is what you are asking for, but I would say that having a feature that allowed admins to define custom consents checkbox, which would be logged in user history in the same way as newsletter consents, would be very useful.

  6. 1 hour ago, Matt said:

    I personally do not feel that public posts or personal messages constitute 'personal data'. I see that more like email address, age, address, credit card details, etc.

    Note, however, that if you do not delete old IP addresses from the database, nor anonymize them, that is personal data.

    Even for those like me that want to delete IP addresses after some time, the recent ones (and the ones from consents, for example) will be in the database.  I don't think anybody will request this for data portability, but people may request it as part of their "right of access" (Article 15).

  7. 9 hours ago, DesignzShop said:

    In many instances one could come up with many many reasons to retain data from "forgotten" users.


    Yes, in general you may have valid reasons to retain data.

    For example, when you retain IP addresses, or even emails, of banned users and spammers, I see a reasonable reason to retain that data: prevent future abuses, from users that already have a historic of abuses (although I have some doubts about the real usefulness of this data...).

    But I'm talking about a specific case.  In particular, my problem is with the indefinite storage of IP addresses as result of the "normal" use of IPS software.  I have used the IP data to detect abuses, but I never needed data from more than a few weeks ago.  So, even if the user does not want to be forgotten, I believe retaining this data indefinitely does not comply with the balance requirements of legitimate interest.

    (This opinion is mainly based on my experience.  Others may have legitimate use cases to justify keeping such data, and if that's the case, I'm curious to know more about concrete examples.)

    9 hours ago, GlenP said:

    Once an account is deleted, the IP address then becomes associated with the Guest account and not user account Fred. As that is an anonymous account the IP is no longer Personally Identifiable Information and is therefore GDPR no longer applies to it.

    IP address are considered PII even when they are not directly connected with a user account.  If you cannot associate the IP address with an account, you can still "track" the user.  In this case, the IP addresses are similar to many other online identifiers such as tracking cookies, which are considered PII even if not associated with user accounts.

    28 minutes ago, Matt said:

    If you're more comfortable removing IP addresses from content data, then get in touch with support and we'll show you the queries to run on your database (assuming you make back-ups, and are comfortable with admin tasks like that, etc, etc).

    Thanks.  That may be enough for me.

  8. 2 hours ago, Matt said:

    GDPR does not stop you storing information.

    It just asks that you are transparent about what you store - and don't store more information that is needed.

    The user can request that information be deleted. You'd use the "Delete member" feature to do this.

    Two points:

    • I would say that storing the IP address from which a post was made 5 years ago is storing more information than is needed.
    • I just checked some private messages exchanged with a member that was deleted, and its IP address is still there (I did not check if posts also preserve this info), so it seems the possibility to delete a member is not enough to delete its personal data.
  9. Quote

    Given the internet is very much driven by IP addresses, I fail to see how you can not collect an IP address in some form or another. They are collected in access logs deep in the server OS.

    One thing is to collect IP addresses for a limited time, and in a way which does not allow you to directly associate IPs with specific users.  This can be easily justified by security reasons (I believe there are countries that require that info to be store for some time, so you would have legal reasons to do that).

    Another completely different thing is to keep IP addresses indefinitely and associated with users, as it happens with many of the IPs stored by IPS in the database, I believe.

    I'm wondering which legal basis your are going to use for this.

  10. On 3/26/2018 at 5:07 PM, opentype said:

    This should be all answered by the article, the general suite features (e.g. account deletion) or by trying the 4.3 beta yourself. 

    Could you be more specific about the points 1 and 3?  That is:

    • Where did IPS "answer" about the opt-in/opt-out of cookies?
      For the record, showing a message stating that cookies were set is not a valid opt-in.  I'm also not sure where we can opt-out after accepting the cookies.
      (I don't think GDPR forces us to rely on consent to store cookies, but it would be nice if IPS allowed us to do so.)
    • Where did IPS "answer" about allowing to export users' personal data?
      I'm not sure which data users may require to be exported for portability, but even if we assume it is just the profile info (which may be easy to collect), note that the users may also request to know all personal data stored about them.  I'm pretty sure this includes IP addresses stored in IPS logs.  In any case, I did not find any feature to export users data in IPS 4.3 (but I may be missing it).
  11. These improvements are welcome, but there are a few issues that still need to be addressed.

    One is regarding the ability to either disable the collection or anonymize personal data that is not critical to the software functionalities.  I'm thinking about IP address in logs, for example.  I don't know if there are other items.

    Regarding cookies, I think GDPR requires affirmative user action for things like accepting cookies.  Thus, IPS should not set any cookie until it has user consent, and it should also provide an opt-out mechanism.  I believe this is not done in current version (I didn't test 4.2.7 yet).

    Using embedded content also means the users may get cookies from external domains/services.  So, we need more control on the embeds that are enabled, to make sure we don't add unexpected cookies. It would also be nice to be able to rebuild posts and remove external embedded content.

  12. And what about editor pluggability?   So far you guys have been real developer-friendly with hooks but the editor is the exact opposite and the existing version has been pretty bad for us at least.   Is it possible to replace this thing with some type of community plugin editor that might be written or is this the one thing that still can't be extended/replaced with IPS?


    This feature would be really nice...

    Give people the ability to choose the editor and the markup language used.  You could provide an editor that just uses HTML (and forget about BBCode conversions).  Those who want to use BBCode would only have to create an editor and a BBCode to HTML converter.  The same would happen for Markdown, Textile, or any other markup language people want to use in their forums.

  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy