Store users IPs and ability to ban IPs

[xa-bi]

I have a chat where sometimes trolls come to mess with users. It would be nice to store user IPs and the ability to ban users from same IP.

It also be nice to have the option to make a chat public for non registered users ("readonly mode") Yes I know there is an open issue #604 ,but just trying to bump it :)

Thanks in advance.

[lunitic]

Regarding this.. What about the idea to be able to "attach" a md5 or something similar of the IP beside the user posts.. Makes it possible to identify trolls posting from multiple accounts..

Lunitic IP: E03AE33EE8417CE2C9785274217636E0

Preferable some other scheme ...

[engelgabriel]

Maybe we could show the real IPs on of connected users on the admin panel? And show last 8 characters of the hashed IP on the user profile tap.

[wtsarchive]

@engelgabriel For me it would be super useful to have as an admin user IPs shown in the user profile tab, because I had some people who tried to impersonate others on my chat.

[Gandalf-the-Grey]

Pleaes note that displaying IP publicly (i.e. not only to admins) is a privacy concern even if they are simply hashed it's trivial to bruteforce, they should be at least salted

[WebSavvyDude]

As already mentioned, we should have the IP view ability for Administrators and Moderators and Owners.

This will not create any privacy concerns. Public users should not be able to view IP addresses.

[ghost]

Add reCAPTCHA - IP LOGGING for DMCA requests #10542

[reetp]

@WebSavvyGuy

This will not create any privacy concerns

It has legal connotations with GDPR. As soon as you link an IP to a user it is personally identifiable data and covered by GDPR.

Public users should not be able to view IP addresses

What about your when system gets hacked ?

@Gandalf-the-Grey is correct.

GDPR is a gamechanger regarding storing personally identifiable information, period. Love it or loath it, you can't change it.

[WebSavvyDude]

Almost every major website has some sort of logs stored with IPs.

Setting up some sort of disclaimer helps in those scenarios.

Why this chat doesn't have some sort of IP log by now is puzzling.

[reetp]

Almost every major website has some sort of logs stored with IPs.

Websites usually log via the webserver. Forums and other systems may then use the IP and link it to a user, but that now has consequences due to GDPR

Setting up some sort of disclaimer helps in those scenarios.

Not necessarily with GDPR. Disclaimers will do absolutely nothing to protect you from your responsibilities to look after the data if is personally identifiable - eg an IP linked to a user.

Why this chat doesn't have some sort of IP log by now is puzzling.

As per the first comment. And strangely enough not everyone needs it !

[WebSavvyDude]

@reetp

I am not convinced this GDPR you speak of applies to just IP being logged and associated with a "nickname/username"

Actually the Nginx logs for the rocket.chat service already show username and IP but its hard to access that and it needs better and organized ways to access it from the Admin panel.

Those IP logs do not really identify anybody at all. There would be several further steps required to identify someone after obtaining an IP address. Most of which involves law enforcement and then the assistance of the ISP. I can give you my IP address now, and I bet the average Joe could not identify me.

In a nutshell, almost every server running Rocket.chat already has IP logs and username. (100% confirmed if you use Nginx). It's just not configured into the admin panel.

To your second point....Yes, not everyone needs the IP but for standard security, it's pretty much the basics. But as I have stated in the past, this application is really good for internal (i.e office) and small scale use. Public and anonymous large scale use (as we tried to use it for in the past) it isn't good at all.

[reetp]

@WebSavvyGuy

I am not convinced this GDPR you speak of applies to just IP being logged and associated with a "nickname/username"

General Data Protection Regulation

If you don't know about it then I really suggest you go and read up. Plenty of stuff online about it. It is a game changer for data storage with personally identifiable information, particularly in the EU, but affecting anyone who has contact with EU citizens.

Who does the GDPR affect? The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What constitutes personal data? Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

[WebSavvyDude]

@reetp

Well almost the entire internet has to be rewritten then.

How much is enforceable, we would have to wait and see to find out. As you pointed out, mostly applied to EU. Also, some common sense has to be applied here. An IP address does not identify you directly. A lot of hurdles would have to be taken to get the actual person and even then it may not even be the same person. It could be a household, institution, service center. Adding "a computer IP address" as personal data is just careless by the GDPR people who wrote that.

Think of all the software/websites (forums, blogs, etc...basically any site that you need to register at and, heck any server with logs being recorded) out there that records IPs. This is more a function of your webserver via logs.

As i have already said, Rocket.chat does presently record usernames with IPs. (For me its located at /var/log/nginx/access.log) Are you saying they should remove that then?

Anyways, we are getting way off topic. My vote is to still add this feature to the admin panel so we can access the IP logs that already exist for this application and ban those who need banning.

But I am not holding my breath. (GDPR or no GDPR :) )

[reetp]

@WebSavvyGuy

Well almost the entire internet has to be rewritten then.

Welcome to 2018...

How much is enforceable, we would have to wait and see to find out

More than you may think. Especially if you are in the EU or have any dealings with the EU. Note other bugs on Rocket for GDPR compliance....

Adding "a computer IP address" as personal data is just careless by the GDPR people who wrote that.

Nope. It's intentional. It's the way it is, and I believe there is case law already in the EU regarding the status of IPs

Think of all the software/websites

Yup - they'll all need looking at unless you have zero visitors from the EU. But it's OK. You still have 24 days to get your compliance in order :-)

Note also the very first comment in this bug:

It would be nice to store user IPs and the ability to ban users from same IP.

So the intention is to retain that data to identify and ban that user. That becomes PII, and subject to GDPR.

So my original point was that this feature should be a toggle at most for those who want it, but not for those who do not.

[ghost]

Gee this thread is just a joke im sorry I even commented! Anything that is asked regarding IP loggin is stone walled, im out ill pay someone to rewrite a solution as nobody here is the slightest bit interested other then GDPR compliance well I have a huge budget I can deal with that when it arises right now Id like some access to these IPs you say are already logged! and a decent solution or at least some decent input in these threads it's like dealing with a bunch of five year olds asking about issues here.

10542

[WebSavvyDude]

@WoWzee

I totally hear you. Let me know if you find a solution. We definitely need this feature but it's not going to happen with people striking fear into the developers with this GDPR nonsense.

Some idiot added "IP address" to the list of personal data into the FAQ's and now this is going to get them all paranoid. (which it already has some)

We run a website with tens of thousands of users and Rocket.chat was not able to handle the load (even on a powerful server) so keep that in mind for how much time and money you spend into modifying. We learned the hard way.

@reetp

Every single webserver stores IP address logs. I hope the EU shuts down the internet to the rest of the world. Let's see how long this law lasts.

[reetp]

I'm not saying you shouldn't have it.

I just just asked that you bear in mind that there are those of us who are subject to different laws, like it or not, and to respect that fact. The USA is not the only nation on the planet, nor does it have the only set of laws.

GDPR is here. It has been for 2 years. Just that it becomes mandatory on the 25th May. It can't simply be ignored. The EU is a market of 500 million people. It is not insignificant. And the fines for non compliance are large. GDPR is there to protect the privacy of the individual, which has been abused for far too long, and that is no bad thing IMHO.

Please stop using words like 'idiot' and 'nonsense'. They are superfluous in a grown up discussion. This about law, decided by judges.

[engelgabriel]

We are considering fro development a solution, that would have the following characteristics:

• Have a server side memory only map of the IP -> USER relationship
• Never store the IP -> USER relationship on the DB
• Enable the admins to ban a IP by reporting a USER
• Enable the method calls rate limiter to filter per IP
• Log abuses of the rate limiter per IP so can be used by Fail2Ban
• Only store a list of banned IPs on the DB
• List of banned IPs is only visible on the Admin Panel

Can you guys give us some feedback about this ideas?

[Lawri-van-Buel]

@engelgabriel I got the following notes on the top of my mind.

• Keep in mind that ip adressen are not always fixed and can be used by multiple users. (Maybe only allow ban after multiple accounts from that up are blocked or list other accounts on a IP. ).

• Clusters need a way to share this data. Without the database this will be tricky.

• Givven the GDPR, we need a clear ground on which we are allowed this action. (Its not that the GDPR prohibits this, it just mandates you are upfront about it and clear in your privacy statement).

• As a side note user management on this level could also (and possibly would be better to) be bone through an external login provider over oAuth. (Gitlab/drupal/Wordpress all have dedicated code on rocketchat to do oAuth that I know and all are capably to manage users and ban abusers without adding complexity to rocketchat. The GDPR parts stay in affect but are now part of the website not the chat and all have more experience with abuse than rocketchat) [Full disclosure. I worked on the drupal integrations and maintain the drupal rocketchat module]

• Rate limiting is (if configurable & dynamic) a great idea.

[Gandalf-the-Grey]

To some of participants in this discussion: please do not spread FUD about GDPR, please consult your use cases with your own lawyers if you haven't already. GDPR doesn't change much for people that were doing things right. You should handle PII material with a proper care. If you are running an Internet service and can't do that properly you should really shut it down.

Obviously if that is such controversy let's just define option I_DONT_BELIEVE_IN_INTERNET_ABUSE=true that would cause to skip such logging.

Have a server side memory only map of the IP -> USER relationship Never store the IP -> USER relationship on the DB

I see no reason for restricting ourselves. In the end we are keeping e-mail addresses in DB. How holding IP address is making it worse? As @Lawri-van-Buel noted, it introduce issues with clusters when sharing data.

Enable the admins to ban a IP by reporting a USER

Sounds good.

Enable the method calls rate limiter to filter per IP

Not sure if that's needed that much. Global settings for rate limiting to avoid general spam would be enough. Maybe with some exceptions (please note: reverse-proxy scenario, many-to-one relation in some scenarios)

Log abuses of the rate limiter per IP so can be used by Fail2Ban

Ideally I would love to have nginx/apache like log file with actions user/ip

Only store a list of banned IPs on the DB

As mentioned above, IMO no need for such restrictions, however, we might want to limit access to IP data to admins

List of banned IPs is only visible on the Admin Panel

Sounds good.

[vynmera]

I believe this is an important issue. If we want to make Rocket.Chat more usable for public usage, we'll need more powerful moderation tools. One of these would be IP bans. Myself, I currently use a different login provider which allows me to ban IPs, but I feel it would be quite important to build this into Rocket.Chat.

Implementing this doesn't have to be insanely difficult - add a "ban" function to users, which will disable their account and find the user's last few IPs and restrict those from creating new accounts. Even the admins don't need to see the IPs - this can be done in the background Discord-style.

As for law/GDPR/privacy issues: is an IP address not "data required for the operation of the service"? Every single webserver logs IPs too, so I feel it would be trivial to legalize the storing of IPs in such manner. If the admin doesn't want it, they should just be able to turn it off in the ban list.

Another good feature to add at this point is some sort of DNSBL / getipintel integration, to prevent people from using VPNs or Tor exit nodes (of course, it should be possible to disable, or add specific IPs/hosts that bypass this, for companies that use VPNs). Rate limiting, CAPTCHA and/or fail2ban seem like useful features here too, to prevent bots trying to match leaked databases/common password against users.

Using Rocket.Chat publicly is difficult without proper moderation tools. Slack suffers from this too - let's beat them to it :)

[Lawri-van-Buel]

@vynmera

I believe this is an important issue. If we want to make Rocket.Chat more usable for public usage, we'll need more powerful moderation tools. One of these would be IP bans.

I would support more and better moderation tools. IP bans are generally not wanted to moderate. (there to blunt a tool to be effective). IP address do NOT represent individuals in all cases, which would mean you (potentially) ban a lot more users than you think. (this is especially true in not 1st world countries where IP's can be shared between neighbourhoods through NAT's).

To understand the complexities of banning we only need to take a look at IRC's history (like on freenode) and see that banning based purely on IP is not without high risks.

As for law/GDPR/privacy issues: is an IP address not "data required for the operation of the service"? Every single webserver logs IPs too, so I feel it would be trivial to legalize the storing of IPs in such manner. If the admin doesn't want it, they should just be able to turn it off in the ban list.

As for GDPR, any and all use needs to be declared and needs a base to use it. The test for whether it is data required for the operation of the service is simple ==> Is it possible to use the service without data 'x'. unfortunately, the answer is yes which would mean that just for banning purposes storing the IP is does not qualify as data required for the operation of the service. We would need a separate ground for it (I believe maintaining the integrity of the service to prevent abuse of a user could be a valid grounds. but I am no lawyer)

Another good feature to add at this point is some sort of DNSBL / getipintel integration, to prevent people from using VPNs or Tor exit nodes (of course, it should be possible to disable, or add specific IPs/hosts that bypass this, for companies that use VPNs).

An optional setting to provide a "ban" list based on 'DNSBL / getipintel / etc.' would be a really good feature. But probably belongs on the webserver side. and not in the rocket chat app.

Rate limiting, CAPTCHA and/or fail2ban seem like useful features here too, to prevent bots trying to match leaked databases/common password against users.

To utilize rate limiting with a fail2ban all we would need is a proper log entry in the webserver (for which there already exist fail2ban scripts)

I must stress that there are more moderation tools available in rocketchat than in Slack, especially through the API. While not as accessible as an UI element it offers more advanced use-cases.

We could use an admin tool alike to the Rocketchat native app on desktop that would expose these more advanced use-cases in a moderator friendly way.

@Gandalf-the-Grey

To some of participants in this discussion: please do not spread FUD about GDPR, please consult your use cases with your own lawyers if you haven't already. GDPR doesn't change much for people that were doing things right. You should handle PII material with a proper care. If you are running an Internet service and can't do that properly you should really shut it down.

I can not stress this enough myself. GDPR is only a gamechanger in regards to the potential "punishment" (e.a. fine's / legal remifacations) it is based on older laws that allready requirers the proper use and safeguards for utilizing PII. Ergo, most of it is stuff to consult a lawyer about as @Gandalf-the-Grey allready recommands.

[WebSavvyDude]

I do like the plans put forth by @engelgabriel

It’s a positive step in the right direction. Hope this becomes a reality.

I do not agree with the statement raised by another person that we should further limit this function because of a few rare cases of users sharing the same IP addresses. In that very unlikely event just delete it from your list.

[Lawri-van-Buel]

@WebSavvyGuy

In that very unlikely event just delete it from your list.

This is not a rare event on the global scale. see IPv4_address_exhaustion -->Transition mechanisms

a real thing in Asia, Africa, South America and parts of Europe. the real difficulty is that there is no reliable way to tell if the customer IP your blocking is the endpoint IP or a intermediate IP (like a NAT access point). This means that there is no way to detect the "wrong" setting. The customer that is banned without case basically has no more way to contact you (assuming you employ fail2ban or similar scheme).

It is also important to note that there are options in rocketchat to Block, Deactivate and Delete an existing account. And there is an option to require a valid email and an option to require a manual approval for users. (something that in an active community with lots of community admins / moderators should not be a problem).

IP bans are useful on a network layer, not on an application layer. since Rocketchat is an application it should NOT ban on IP. If tour setup requires IP level bans you should also employ network monitoring and network level firewalls that can actually blacklist an IP. (your basically entering the area of Denial of service attacks and targeted abuse that will require these level of tools)

TL;DR. IP bans do not belong in an app, they beling on a(n) (application) firewall .

[vynmera]

@WebSavvyGuy An interesting idea I just thought of is that if you try to ban an IP that multiple people use, it'd give you a warning. Also, perhaps we could optionally have it use the User-Agent as well.

[WebSavvyDude]

It is a rare event at the moment. You can always do an IP address ban list review periodically to filter out these unlikely events.

They can still contact you as this would be limited to Rocket.chat (i believe) They can still contact you via contact us page on your site.

Block, deactivate and delete are a joke. You just need to sign in again. If you use anonymous user, it's a matter of 1 second to get back. The ban request is for a good reason.

We run an extremely high traffic chat website. Have been doing it for 18 years. Been using ban, kick and mute functions for 18 years. We have never run into such an issue of a shared IP address or ever once saying "oh we don't need a ban button".

Yes, bans belong in an app.

[Lawri-van-Buel]

@WebSavvyGuy

It is a rare event at the moment.

you mean for yourself. We are not all located '', and we can not all ignore huge area's of the world. Also did you measure this in any way (number of additional blocked users, number of blocks that were unfounded?, etc) I find this quite a bold statement if it is without evidence.

Block, deactivate and delete are a joke. You just need to sign in again. If you use anonymous user, it's a matter of 1 second to get back.

If you use anonymous accounts you are right. so maybe switch to a login-in only structure.(my suggestion)

We run an extremely high traffic chat website. Have been doing it for 18 years. Been using ban, kick and mute functions for 18 years.

without numbers I am going to assume by "extremely high traffic chat website" the number of 1 connection a day. (as to keep the discussion on point without exaggeration). the amount of time you have been doing this is hardly relevant for this discussion apart from that you have some experience.

We have never run into such an issue of a shared IP address or ever once saying "oh we don't need a ban button".

This question only 'pops' up naturally when questioning if you need feature 'x' or permission 'y' type of questions. if you are doing the same thing for 18 years I would doubt you encountered it if you did not have a need to reflect on your choices or legal status.

Yes, bans belong in an app.

Can you explain why this should be in the app, and not in the network layer or webserver layer?

[WebSavvyDude]

So, because some parts of the world share the same IPs (most likely Second, Third World), you wouldn't want this feature? First world countries make up the bulk of internet users. I've already explained to you that it is a rare event. In rare events you can do an IP ban list audit periodically. If you are running your rocket.chat from a third world country than perhaps you can just disable this feature. I am assuming we will have an option to disable it here.

Anonymous accounts are a main attraction when you have a public website. So, going to full login system isn't an option for us.

My experience dealing with chat rooms are far more extensive than yours was my point. You should see the amount of trouble when i did run Rocket.chat even on a small part of our website. It was chaos without a proper ban, mute and kick button. Even the ability to view IP's would be great.

Yes, this GDPR adds a new element. I agree although our users mainly do not come from Europe. (but yes we do have some). But, there are ways to protect yourself and be in compliance with GDPR and still store IP addresses. Most important is to state that in your privacy policy.

Bans belong in an APP for convenience. Before I was using Nginx logs to figure out who is who and it takes a very long time and even then with a 50% success rate.

Having said all that, i would be ok with a way to just easily view IPs. Then we can use our own firewall to ban IPs.

I just don't want rocket.chat to be pushed off the path of something I feel is very important for this application. If everyone keeps coming up with these very rare hypothetical situations, we will see this feature sitting for years untouched.

[Lawri-van-Buel]

@WebSavvyGuy So in short you want to have a way to convert a specific login (like a user name) to an IP to use in another process.

This I think would be a good idea. It would enable proper IP restrictions being implemented in the right layers.

This should be a "super admin" type permission that is not enabled default (IMHO) and your privacy statement should list it as a tracked PII. (but that's legal not relevant here)

I would even be open to have a "trigger" that (super) admin's can use to block an IP with a button.

So I would propose we implement it like following:

• Have a permsision (defaults to off) to view the current logged in IP of a user (in admin UI)
• Have a permission / button to trigger the "ban user from service" button that will trigger an external script to do a (temporary) ban on an IP. (similar to the outgoing webhook, possibly even as part of it)
• Have the documentation in place to inform Site-admin / maintainers that such actions require proper care (since IP is a PII)
• Record in the Logs that `USER 'x' USING '[IP] WAS BANNED BY 'admin' .
• Have a list of Banned IP's with Date of ban, user that was banned and user that banned . with possible reason of ban (popup during ban?)
• Have an API endpoint to convert IP <-> User names.

This would be in my opinion the proper way to implement an IP retrieval.

I would love to hear your thoughts on this. (@WebSavvyGuy, @engelgabriel)

[Gandalf-the-Grey]

I'm not really in the mood for fighting over which place is best suitable for access control.

Current status is that wherever IP based access control should be executed, it just can't be because rocket.chat is not giving us clear data about: user = ip = action relationship.

Yes, of course there are always risks of filtering out too much (obviously I'd love to be able to use CIDR notation). My goal is to protect my users. Yes, more than 1 person can use single IP. In my case filtering out /16 isn't rare (65k IPs and yes, I'm aware that more than one person can share one of those IPs ;-) )

[Lawri-van-Buel]

@Gandalf-the-Grey

I'd love to be able to use CIDR notation

this is among my main reasons to prefer a (application-) firewall over an application ban function. It also means less load has to be put on rocket chat (I prefer to use my connections for actual users).

[WebSavvyDude]

@Lawri-van-Buel

In the past (I no longer use Rocket.chat anymore and we are building our own chat app) I would go to the Nginx Access log files (/var/log/nginx/access.log) and i would match up username with IP address that way. Then i would ban it using an IPset banlist i created in the server (that also can use CIDR notation)

The problem was the username you needed would appear with hundreds of different IPs so you would have to take the first one on the list to get the right one. A lot of chance for errors to do it this way.

I guess its just the way the logs are stored.

This feature really should not be that hard to implement as i personally do not know a chat software out there (at least moderately used) that doesn't have some sort of IP viewing or logging associated with it which associates this with a kick, ban and mute button. It's more that it has not been a priority of Rocket.chat to have it.

[Lawri-van-Buel]

@WebSavvyGuy Good luck with your own app :smile_cat: You are right that it is hard (not impossible) to extract the IP from Rocket chat it this time.

But it is also hard to see what connection of a user did what (as rocketchat allows n connection for each user)

But we are also living on a changing world. approaches that worked in the past will not (always) work now and in the future. as an example we implemented DNS to replace the /etc/hosts file (and distribution) as it was no longer a maintainable way to distribute names <=> IP connections.

We also have to take care about the current reality in IT, that breaches happen and that people's information get stolen. If we record any details we do not need we increase the risks for all our users. Something we (as IT-professionals) should endeavour to limit as much as possible.

[Gandalf-the-Grey]

Thing is that we are recording IP addresses anyway, as @vynmera mentioned IP address is "data required for the operation of the service". Also it is NOT PII by itself. It could be "linked" at most.

I have list of all of your 4-digit PINs to your credit cards and all of your IP addresses (yes, even that private one ;-) )

We already have that info (IP) we just don't have convenient way to use it for basic service feature such as access control. I'm not sure about your Internet, maybe it consists of rainbows and unicorns ... but mine is dark and full of terrors. I need access to data that will allow me to identify and stop abusers at the gates.

For others we can still have I_DONT_BELIEVE_IN_INTERNET_ABUSE=true.

[vynmera]

@Gandalf-the-Grey Something I'd like to add: once you've actually seen other people's IPs (lost your IP virginity perhaps?) you will find that in reality, it's not that interesting.

I operate a service with many users, and I store all of their IPs - not because I "love looking through my IPs" or because I "spy on people". Once you actually get people's IPs you will find that you won't care. You have better stuff to do than poke around, IPs are for tracking possible abusers and that's it.

I'm not saying there's no bad apples at all, but I feel this fear of storing/access to IPs is a bit irrational.

[Lawri-van-Buel]

@Gandalf-the-Grey The fact it is allready used is a Non sequitur. as in having some information does not mean you can use it for "x".

as an analogy, If I would have a copy of your private photo collection, I would NOT have the right to distribute this to all people with an email address ending in "@gmail.com". I need a grounds (reason) in order to be able to do this. In my example here there is no way to get any grounds in order to perform the action legally (Your permission is not enough, and there are no other grounds I know in order to do that action).

So far as I know these principle happy in all jurisdictions, But I must stress I am NOT a lawyer.

As to whether the IP is a PII, this differs in what jurisdiction you are. Some (like Europe with the GDPR) do label it as a PII so we must build Rocket chat assuming the IP is a PII. (We must accommodate the most restrictive group of users)

[Gandalf-the-Grey]

I have few lawyers around. And yes, I'm in EU and yes GDPR applies. And no, IP address is not PII by itself. Even if linked with other info, even if all together you can say that you process PII then what? You have to implement appropriate measures anyway, mostly procedural and legal. I believe that technical matters are already in place because you are already processing data that you need to protect. e-mail itself is enough (it can be PII on its own), IP address is less troublesome.

Again. "data required for the operation of the service" = access control, anti-abuse.

Analogies? Geez. OK ;-) If you order a pizza you have to disclose your address. If you don't you don't get a pizza. Trust me, post-GDPR Europe still order pizzas.

[vynmera]

@Gandalf-the-Grey @Lawri-van-Buel Also: a lot of people here are going to be using Rocket.Chat behind a reverse proxy. Their nginx installs (or Apache (please don't use Apache)) will be storing IPs by default.

[WebSavvyDude]

I think GDPR states somewhere that IP addresses are PII data that applies to their rules. Dumb, but true.

[Gandalf-the-Grey]

No, GDPR doesn't define IP address at all. You can't identify a natural person solely by IP address that person used.

That's irrelevant anyway!

Because of GDPR Recital 49 and because of Article 6, namely par1a) because of the ultimate ToS, accept it as-is or GTFO par1b) because it's how TCP/IP works, or GTFO par1c) because obligations to law enforcement par1d) and f) because of anti-abuse (one par is enough for processing, here you have plenty)

Please, there's no reason to waste our time on talking about GDPR, for that please call your lawyers when in doubt.

Let's stay in focus on what features are needed to improve Rocket.Chat usability.

[Lawri-van-Buel]

Based on this blog post (from a Dutch IT lawyer) A IP address is a PII.

Yes we need to process the IP to facilitate the connection. This does not need we need to store it in a conjunction with a user(name). We would need a different ground than “it’s needed for TCP/IP.” And a ToS is not a ground (by itself). A Privacy’s permission must be freely givven and be retractable. A ToS is not. It’s the set or requirements by and of the service to be usable. (Basically a list of contract terms between the service and user listing each limit and requirement).

Anti abuse can be a grounds for these featurers however they can only be when made applicable. (Similar to how an EULA in he United States has to be made applicable through a required conscious step in which you have to agree.)

Building rocketchat with Privacy first and limit the amount of PII stored (especially over time) is a good thing. It does require a slight change in thinking of us as developers.

Also. All data that is needed to run a service = the minimal set you need to offer the service. Currently you do not need the IP in order to implement anti abuse. You have Ban/kick/block/delete to facilitate this requirement. (It sucks but it does mean you need a different ground than ‘Data required for the operation of the service’.

[chatnl]

I see a lot of wrong ideas about the GDPR in this thread. Not so strange because people are getting bombarded with information that is not correct.

These are the facts:

1. The IP address is regarded as personal information and therefor covered by the GDPR
2. There is nothing wrong with storing the IP address of a user as long as they are using your service and you are only using this information to provide certain functionality in the service (like banning). As soon as the user deletes his account or is being deleted you should delete all personal data including the IP address that was used.

I really really really (should I go on) need the option to suspend / block / ban an IP address. I would not even check if there are more users active with the same IP address. You could have that situation in a student / school / work / family environment, but I think users will be more careful if they know that their shared IP could get banned.

I've read a reply that mentioned that IP addresses are used again in other parts of the world but that's not correct. An IP address is always unique or else routing would be impossible.

Rocket Chat is evolving from collaboration software into a robust chat environment. A chatbox without the banning option is hard to use. If it is too much effort to build a banning system in Rocket Chat then please please at least display the last used IP address in the users profile (and a permission setting to show this option). I will use IP tables or an external firewall to block them for the time being.

Regards,

Stef

[WebSavvyDude]

An IP address is a PII. It’s very clearly written. Not sure why @Gandalf-the-Grey keeps saying otherwise.

Anyways, it is silly that it is considered that, but it is.

If you use that information responsibly and remove it whenever a user deletes their account there is no reason why we couldn’t have a ban button for IPs or a view last IP address function.

[Gandalf-the-Grey]

An IP address is a PII. It’s very clearly written. Not sure why @Gandalf-the-Grey keeps saying otherwise.

Whether clearly written or continuously repeated, bullshit is still bullshit. An IP address by itself is not a PII (Personally Identifiable Information) because it is not information by itself that can identify a person. Or are you telling me that I can run a script that will generate PII of all people in the world that are using the Internet? Cool.

Still, it's irrelevant to our case, whether if it is or it isn't. Lack of such feature is hurting usability of rocket.chat. Unwillingness to add it is purely stupid.

[WebSavvyDude]

I agree with your last point but an IP is a PII according to GDRP.

If you don’t want to believe it then carry on in your own imaginary world. The fact is we need to get by this silly GDRP to make those functions many of us want in RC. That seems to be the obstacle now (or excuse not to do it).

[chatnl]

Sadly enough the GDPR states that an IP address by itself is PII. Of course there are situations where it is difficult to track an IP address back to a user, but in most cases it can be done. Our friends Facebook, Google and loads of other companies have enormous databases where IP addresses are allready linked to postal addresses etc.

Also several ISP companies register the IP address to the user. If you retrieve the Whois info you will get the name, address and phone number instantly. Have seen this myself with the internet connections of certain customers.

But as Gandalf states, it is not important. We need to be able to see the last used IP address. It is NOT a violation within the GDPR when it is used for an important function and deleted when not needed anymore. They could even hash it and check the hash with the new one everytime a user logs on. As long as I can block a hash / IP or whatever you call it I am happy.

I am now experimenting with a Mongodb client in order to view the IP address and then add it to IPtables in order to block someone. A ban / unban feature would be very good.

I bet there are even people that would pay for this to be added!

[NameTheJew]

WE DONT WANT IP LOGS.

IF this "feature" is implemented, i hope it will be able to be disabled.

MANY of us who run rocketchat servers do so to AVOID being doxxed, or having any personal identifiable information linking back to users.

BESIDES, in the world of DYNAMIC IP's IP Banning = WORTHLESS Just look at 4chan.org (get IP banned, reboot modem, new IP, continue shitposting)

We run all our rooms as PRIVATE, and only let in people we approve. If your going to have public chat, your going to have trolls Just let your community shun them, trolls only come for reactions

[vynmera]

@NameTheJew You shouldn't be expecting perfect IP privacy from Rocket.Chat as it is now - a server owner can already easily look through webserver logs, and if link unfurling is on, they can simply post an image on a server they own. Besides, although you may be a professional at rotating IPs, I believe it will fend off many intruders quite well.

[ghost]

@NameTheJew That's rich coming from someone naming themselves "NameTheJew".

[reetp]

The law regarding IPs is still the law, at least as far as anyone hosting in the EU is concerned.

Here's a little guide on it:

https://www.whitecase.com/publications/alert/court-confirms-ip-addresses-are-personal-data-some-cases

Static IPs are quite clearly PII. Dynamic IPs are different. The case above says that in the EU if that IP is tied to other information then it becomes PII.

If you really just want to ban an IP then you could probably do it via webserver logs and iptables/fail2ban etc. The point is that I don't think that is what people here are really asking for - they want to be able to ban users from their associated IPs. That makes the information PII.

As far as EU law goes, logging an IP has potential consequences, and logging it and matching it to a user has even more. That cannot be dismissed lightly just because you or your server are not in the EU. Some of us are bound by that law, like it or not. Kindly respect that fact.

As a user in the EU I personally have no issues with logging code being added. (consideration should be given as to whether users should be notified of this if in use)

All it needs is a big red OFF switch for those of who do not want it, or do not need it. Simples.

[damianmcclure]

This entire thread is useless. Every single other online communication software like forums, message boards, etc have IP address logging to ban users. This should be Implemented.