MyBB

zemane · (This post was last modified: 04-22-2008 03:58 PM by zemane.)

Originally "wir speichern nicht".
The aim of the campaign is to inform about the IP retention. Saving the IP addresses of your users in your logs...
Why stop? In order to deliver to users the best anonymity and privacy possible.
-
So my suggestion is that during install admin could choose not to create user IP logging table on DB or even remove it after install with single click from adminCP. Again this feature isn't available in any other BBS! So myBB could be leading the way one more time.

I know maybe for most of you privacy and anonymity ain't that important. But we need to remember that there are several countries where you can get in to truble saying what you think, about human right, about the govern party... (like China, Russia, Venezuela and others...)
If they ask on a lawsuit "give us all information about user X", and i don't have the ip, well then would much harder to harm my user...

dvb · 04-22-2008, 02:19 PM

well, that is interesting suggestion, but you'll need to delete your server logs also.
maybe you can do that with a cron?

zemane · 04-23-2008, 10:58 AM

Yeah, thats the idea. If one is using shared host, that could be a bit hard, but myBB can do its part Smile

ChrisR · 04-23-2008, 11:26 AM

So what your saying to to stop IP's from been logged? well i am sure you can set that in the adminCP so IP's are not logged.

zemane · 04-23-2008, 01:27 PM

They are still loggod on registration, plus the ips that were already logged before, are keeped on the database.

laie_techie · 04-24-2008, 02:28 AM

I, for one, would never get rid of IPs from my logs. IPs help me identify possible duplicate accounts. I rarely ban an IP on a first offense, but if I see a trend I add it to my blacklist. I reside in the US and my server is in the US, so China and Russia have no jurisdiction over me. Besides, due to the nature of my site, very few people from those anti-democracy countries would ever visit (except to try and spam).

Yumi · (This post was last modified: 04-24-2008 03:36 AM by Yumi.)

Dunno about including this as an option, but if you want to remove logging of IPs, these code edits should be suffice:

In inc/datahandlers/user.php, find and delete:

PHP Code:

"regip" => $db->escape_string($user['regip']), 

PHP Code:

        if(isset($user['regip']))
        {
            $this->user_update_data['regip'] = $db->escape_string($user['regip']);
        } 

In inc/datahandlers/post.php, find and delete all instances of:

PHP Code:

"ipaddress" => $db->escape_string($post['ipaddress']), 

PHP Code:

"ipaddress" => $db->escape_string(get_ip()), 

And then run the following queries:

Code:

UPDATE mybb_users SET regip=""

Code:

UPDATE mybb_posts SET ipaddress=""

(assuming your prefix is "mybb_")

I haven't tested it, but that should be suffice. Note that this doesn't clear IP logging from mod/admin logs.
And IPs are somewhat necessary for the sessions table.

An interesting alternative, rather than not logging IPs could be hashing IPs - this will allow you to identify dupes (though that partly depends on your trust in the hashing algorithm not generating a collision), yet make it so that the hash itself doesn't mean much.

zemane · 04-24-2008, 11:05 AM

Thanks a lot Zinga, that will be a very good start.