Can the user IP be removed from the logs?

[jngr]

Is there a way to optionally remove the user IP from the logging (or replace it with a dummy address)? User IPs are personally identifiable data. As such, recording them is imposing legal risks on the developer, and it's a deterrent for getting user permission to send reports. The IP address is rarely needed for solving an issue.

[jngr]

This matter has been addressed in #295 Exclude IP and some assumptions were made in the discussion, namely that the fact IP addresses are part of any internet communication justifies logging them. That is not the case - at least not everywhere.

For instance, in Germany there have been various court rulings that IP addresses constitute personally identifiable data, and also public awareness regards them as such (meaning people are not likely to give their permission). On web server logs, IPs need to be removed or anonymized, as they may only be kept as long as they are needed. It boils down to the following:

The collection of personal data is

1. strictly forbidden by law.
2. under some circumstances, data may be stored with permission of the user as long as it's needed for a transaction or a service provided to the customer.

Recording IP addresses as part of supposedly anonymous crash logging

• is not functionality of the app or service provided to the customer
• is usually not needed for bug fixing and
• probably stores records for reference beyond the point the bug is fixed

and will put the developer on very thin ice legally for either of those reasons.

European privacy legislation is undergoing some revisions at the moment, but it looks like the concepts will be very similar. And even current European law states

(a) 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

and

1. Member States shall provide that personal data must be:

(b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards;

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use.<

Of course there have been some contradictory rulings, for example taking into account the means the operator possessing the IP addresses personally has for tracing them back to the user. But I rather avoid this kind of legal uncertainty and not record this information in the first place. And so should many others, at least those operating in the EU.

Using Acralyzer without the option of excluding the user IP from the logs is likely be illegal or extremely inconvenient, having to extract information from the database and delete the log records frequently.

[jngr]

This place is not too active anymore but I really hope ACRA is continued to be maintained. It's a very well working and secure crash reporting solution, and unlike pretty much all of the commercial solutions out there something you can use in good conscience if you care about your users' privacy (and the legality of your app).

Making the logging of IP addresses optional/configurable seems to be more than just a small change as the database and the web UI are separate applications, and the database (logging the reports) itself does not have a user interface. So, for anyone wanting to do this, the easiest way is to edit acra-storage/updates/report.js and change the line

`data.user_ip = req.peer;`

to

`data.user_ip = '0.0.0.0';`

If you don't want to go through the trouble of manually installing the database from sources you can "hack" this using Futon:

• in Futon/Overview click on acra-yourapp
• look for the document called "_design/acra-storage" and select it
• double-click on the "updates" field
• do the change described above
• green checkmark to save
• 'Save Document' on top of the page

[jngr]

I'll close this as a duplicate of https://github.com/ACRA/acralyzer/issues/114.

[PaulWoitaschek]

Thanks for the workaround. I recently removed acra because of this

[jngr]

Glad it's useful for someone and hope you can add ACRA to your app again. Afterall it's the best (only?) solution for getting crash data without compromising your users' privacy. And, if you're really not comfortable with using Acralyzer, it's actually quite easy to create a simple backend to at least capture the crash reports. Anything on top of that is up to one's own creativity. So I'd keep ACRA in any case.