PaperMC / Paper

The most widely used, high performance Minecraft server that aims to fix gameplay and mechanics inconsistencies
https://papermc.io/
Other
9.96k stars 2.31k forks source link

IP Logging #6298

Closed CubBossa closed 3 years ago

CubBossa commented 3 years ago

Is your feature request related to a problem?

Hello. We wanted to remove IP addresses from server logs (actually as well for waterfall, should I create another issue there?). We wanted to avoid any privacy problems and have our own way of ip logging where we can make them unrecognizable or hash them so we can still compare them. We would need to delete the logs or run scripts to have the IPs unrecognizable in there as well, but we want to keep the logs to check for more seldom occuring exceptions and so on. When I saw that there even is an option to toggle villager death logging i though i could maybe suggest one for ip logging

Describe the solution you'd like.

A config option that turns [08:17:34] [Server thread/INFO]: ThisIsAUsername[/XX.XX.XX.XX:XXXXX] logged in with entity id 1 at ([skyblock_islands] x, y, z) into this `[08:17:34] [Server thread/INFO]: ThisIsAUsername logged in with entity id 1 at ([skyblock_islands] x, y, z)

Describe alternatives you've considered.

Deleting logs right away or running scripts that remove ip adresses by regex.

Agreements

Other

No response

Proximyst commented 3 years ago

I would assume using Fx hashing for the IP to still keep them traceable is best; this removes the privacy aspect, while keeping the administrative aspect of a console.

electronicboy commented 3 years ago

This is the type of thing you do with the logger rather than trying to mess around with stuff, log4j can already be configured to not retain log files, but, such is asking for issues. Easiest solution for this would be a log filter, which would probably be better provided by a plugin

ghost commented 3 years ago

User IP is needed to run a minecraft server, https://www.reddit.com/r/gdpr/comments/8icg2j/can_i_still_store_ip_addresses_in_a_database/

Chew commented 3 years ago

That has nothing to do with Minecraft nor this issue... the IP is still being used, just not logged. Nor does it need to be, and that article does not prove me wrong.

0-x-2-2 commented 3 years ago
import com.destroystokyo.paper.event.player.PlayerHandshakeEvent;
import org.bukkit.event.EventHandler;
import org.bukkit.event.Listener;
import org.bukkit.plugin.java.JavaPlugin;

public final class SpoofJoinIP extends JavaPlugin implements Listener {
    private static final String SPOOF_IP = "1.3.3.7";

    @Override
    public void onEnable() {
        this.getServer().getPluginManager().registerEvents(this, this);
    }

    @EventHandler
    public void onHandshake(final PlayerHandshakeEvent event) {
        event.setSocketAddressHostname(SPOOF_IP);
    }
}
name: SpoofJoinIP
version: @version@
main: SpoofJoinIP
load: STARTUP
authors: [0x22]
NoahvdAa commented 3 years ago

< code snippet >

Won't this break plugins that need the player's IP, such as punishment plugins? Would a log filter be a better solution?

CubBossa commented 3 years ago

A logfilter via plugin would solve the problem. I made a feature request because servers in eu countries have to consider privacy policy which includes ip logging. Smaller servers and especially servers with no developers could simply toggle ip logging off if they don't know how to create a log filter. Also, in germany every user can request information about their stored data and server owners have to provide them within a certain time. Turning off ip logging would allow servers to have no collected player data at all. Owners could still hash ips in their plugins and write privacy policies but smaller servers that are not experienced enough would be able to avoid privacy problems.

Edit: sorry for closing, I missed the button

kezz commented 3 years ago

It's worth noting that even a username can be considered as identifying information. I personally believe that this feature request, alongside PR #6342, is useless as it would just lull people into a false sense of data protection security rather than just making them account for data protection regulations properly.

Additionally, such filtering can be done incredibly easily with a plugin/filter for those that really want to do this instead of actually taking proper measures to abide by data protection laws.

CubBossa commented 3 years ago

Im no expert but i don't think a username is considered as personally identifiable information. I think it would be (like the players uuid) if i were able to get the actual owner of the account by using the information. But i cannot get an email address or a name or address by using the players uuid. So the privacy policy of some servers i know does not contain uuids and player names

kezz commented 3 years ago

Im no expert but i don't think a username is considered as personally identifiable information.

In the UK for example, see https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-are-identifiers-and-related-factors/#pd3.

Chew commented 3 years ago

Usernames are absolutely PII because usually it's the same nickname for different accounts, and most of the time I can look it up and find info about you.

I don't know enough about privacy laws, nor do I care (yet) how they work. As shown above apparently the UK stays losing with their somewhat strict definition of PII (IPs aren't that bad either). I'd find it far easier to have some agreement or privacy policy on your server, or something.

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

MiniDigger commented 3 years ago

long time no activity, my stance on this is that, even ignoring what is PII and what isn't, having this option is a good idea, cause it could also help preventing people from accidentally pasting logs with IPs in them. IPs are generally, in the time of democratized ddos solutions, much more worth protecting compared to usernames. Heck, one could even make the case to default this to enabled.