Store users IPs and ability to ban IPs

[xa-bi]

I have a chat where sometimes trolls come to mess with users. It would be nice to store user IPs and the ability to ban users from same IP.

It also be nice to have the option to make a chat public for non registered users ("readonly mode") Yes I know there is an open issue #604 ,but just trying to bump it :)

Thanks in advance.

[gpoudrel]

I agree with OP. We need a feature (with a switch so can be disabled) to have IP address logged if legal action is required. Login time, IP/Username associated.

[coders-kitchen]

We are currently adding a feature that logs at least the failed login attempts

https://github.com/tyntec/Rocket.Chat/tree/failed_login_audit

Logging of IP Addresses, Username and UserAgents can be turned on / off via the Admin interface.

[vynmera]

Just have three modes:

• No logs
• Hashed logs (last 8 or so characters of say, a salted sha512, so you can compare them to other users but not get the IP out)
• Full logs (and display a notice stating you must update your privacy policy to reflect this (and have a button that takes them to the Layout key to change this))

[Lawri-van-Buel]

@coders-kitchen could you change this so you can choose what is logged. As stated earlier in this thread the laws surrounding what you can and cannot log and why are not uniform across the globe. Having the flexibility to choose how your logging works would make it easier for all to utilize it.

the solution from @vynmera would also work but lacks flexability.

Also @coders-kitchen where is the PR?

[coders-kitchen]

@vynmera @Lawri-van-Buel thanks for hints about the information that should / could be logged.

@Lawri-van-Buel PR is here https://github.com/RocketChat/Rocket.Chat/pull/13385 and what's your idea about could you change this so you can choose what is logged

[WebSavvyDude]

Definitely need more than just for “failed logins”

[coders-kitchen]

Shall we open a dedicated issue for this PR and keep this issue?

It seems to tackle more than "just" the logging part for failed logins :)

[coders-kitchen]

I've created a dedicated issue for our Merge Request, see here #13479

[coders-kitchen]

can someone please check the PR?

[faziloub]

We really need this feature

[coders-kitchen]

The Merge Request will not close but only reference this issue.

@Lawri-van-Buel The feature in the Merge Request contains already the option to choose what to log. In detail you can deactivate logging of the following information

• Client IP
• Forward For IP
• UserAgent
• Username

each deactivated option will be displayed as a simple '-' sign.

[NameTheJew]

" We are currently adding a feature that logs at least the failed login attempts"

PLEASE DO NOT DO THIS DO NOT LOG IP.

NO IP LOGS is a DISTINCT advantage and point of difference over DOXcord. Who cares if some admins (for dubious reasons) are BEGGING for IP logs. You DESTROY user confidence in the platform. You end up just creating another DOXcord. ZERO Knowledge is BEST for when subpoenas get received. And MANY political organizers have shifted to Rocket Chat, and VALUE the no IP feature.

I have not seen ONE legitimate reason for these "admins" to need logs. Got a problem user, delete their account, require new account approval, or limit new accounts to a lounge, trolls and spammers solved. DO NOT CUCK AND BECOME ANOTHER DOXcord.

On Thu, 28 Feb 2019 at 00:41, Peter Daum notifications@github.com wrote:

The Merge Request will not close but only reference this issue.

@Lawri-van-Buel https://github.com/Lawri-van-Buel The feature in the Merge Request contains already the option to choose what to log. In detail you can deactivate logging of the following information

• Client IP
• Forward For IP
• UserAgent
• Username

each deactivated option will be displayed as a simple '-' sign.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/RocketChat/Rocket.Chat/issues/2885#issuecomment-467886772, or mute the thread https://github.com/notifications/unsubscribe-auth/AnBXmusR0DkmLbRooG-B0trKSaw1NgW2ks5vRpkZgaJpZM4IHR7U .

[NameTheJew]

@damianmcclure This entire thread is useless. Every single other online communication software like forums, message boards, etc have IP address logging to ban users. This should be Implemented.

translation: "the internet is becoming an orweallian spy grid, so we should join in to" GTFO No logs is incredibly important in an age of doxing & honeypots.

[NameTheJew]

You shouldn't be expecting perfect IP privacy from Rocket.Chat

seems like an EXCELLENT Goal to have tho! Need i remind you all the OTHER encryption feature https etc are to do everything possible to protect peoples privacy... so why cuckout on IP logs? webserver might show when someone "connected", but doesnt mean it can connect them to a specific post. (not if the encryption is being done right)

[faziloub]

@NameTheJew what if you get users terrorists? what if you get sick people that offer drugs and destroy people life from your server?? what if you get some criminals in your site how will you manage that ?? i think message audit panel & ip log and ability for admin to see ips and ban and read convos is for safety for client and users and even server owners

[WebSavvyDude]

Please get IP logs. Ignore the garbage arguments for not having it. The people who don’t want it have no users so probably can’t be bothered with it. Anybody with a half decent website with actual users will know the importance of IP logs. Worse case is let admins turn this feature on and off as they choose.

[faziloub]

@WebSavvyGuy i agree the people who arnt planning to do troubles or to harms they dont get worried about admins getting their ip or reading their convo me personaly i dont worry about because i know its for safety of users facebook, skype , twitter , whatsapp kik, all chat apps have this features and they read the convo and they get users ip

[WebSavvyDude]

I’ve never seen people complain about a potential added feature that is beneficial. Even if it was made “optional” (turn on and off logging from the admin panel say)... they would be against it, which makes you wonder what their actual motives are.

Most servers already come with access logs, just making it more readable is all we ask. It is legal to give IP addresses to law enforcement agencies. (GDRP or otherwise) That would be one reason to have it.

[faziloub]

@WebSavvyGuy i agree with you 100%

[WebSavvyDude]

Yes, it’s really those people who b*tch and complain about it affecting privacy or GDRP which slows this feature down from being made. They don’t fully understand what GDRP and privacy is. Those two things are more about how you protect the data, not actually possessing it. Almost every server has access logs already. Is the whole world going to shut off their access logs because GDRP was introduced?. Of course not, thats not how it works.

[NameTheJew]

muh terrorists

LOL, are you serious. Cos terrorists just LOVE to tell everyone their secret plans. Any REAL terrorist cell would host their own private encrypted chats. And would likely be using public wifi & a vpn. If someone is advocating violence, you delete their account. Limit new account access to rooms. Require approval for new accounts. IP bans DONT WORK. Restart router/phone, get a new dynamic IP.

99.999% of the time people are talking shit on the internet. We are NOT the police. We have no business fighting "thought crimes". Statistically, You have more chance of being hit by lightening, then being killed by a terrorist. Terrorism is a ridiculous hyperbolic argument, that government lean on all the time to justify mass surveillance, & endless BS wars.

feature that is beneficial.

except IP logging is NOT beneficial to users, or administrators. It will NOT stop people changing IP and re-joining server. IP LOGGING HAS ONE PURPOSE > DOXING USERS I help administer a political rocket chat server with over a couple of hundred users I've never once wanted IP logs, nor needed them.

muh failed logins

WHO CARES... really. We tell all our users to setup 2FA. Some retard can sit their all day long and try guess the password They aren't getting past the 2FA

If rocket chat implements IP logging, ive already made the decision i will FORK rocketchat, and create a privacy focused chat server.

[WebSavvyDude]

@NameTheJew Please stop with your nonsense.

You are assuming EVERY single person out there is sophisticated enough to host their own private encrypted chats, or "smart" enough to use a VPN.

There are legitimate situations where users have been committing criminal offences and were caught doing so because we had their IP address and provided it to the police/law enforcement agency. Yes, terrorism brought up by the other post is a far fetched example but there are smaller crimes (although serious enough) that require an IP address for law enforcement. Because we had access to IP logs, we were able to assist law enforcement to arrest thousands of users over the years. I won't get into specifics but not only is IP logs beneficial for administrators to protect their own servers, it has proven to be beneficial to protect the general public when working with law enforcement.

Personally, i don't really care what happens because we stopped using Rocket.chat due to technical limitations with high volume amount of users but i received this update in my email and needed to respond.

Yes, please fork rocketchat and create your own privacy focused chat server where you guys can post all day about how great not having IP logs are...but stop trying to argue against something that is very much needed by many other rocket.chat users. (Most are just asking for it as an OPTION, not something permanent that every adminstrator has to use)

Would you be open to it being an optional feature? Would love to hear your answer to that LOL.

[NameTheJew]

Please stop with your nonsense.

no my concerns are entirely VALID, and represent the interests of all rocket chat USERS. Go read about all the people who got DOXED using discord, because they received a subpoena, which then implicated EVERYONE in the chat. Also, a "bad" admin could exploit logs for their own criminal intentions.

You want to "catch criminals" go join the FEDS (im pretending you haven't already). Rocketchats priority should be its USERS Not helping feds catch political activists, whistle blowers etc in some countries this litterally protects users lives !!! Saudi arabia will execute political dissidents for "wrong think" its is NOT our responsibility to make the feds job easier.

we stopped using rocket chat.

then you have NO BUSINESS HERE discussing the future of this software. stop glowing & leave.

[NameTheJew]

Would you be open to it being an optional feature?

Of course NOT. How would users know if logging was on of off? Right now, users can feel confident their words are free from DOX. If the feature exists, then this platform can no longer be trusted.

[WebSavvyDude]

How would users know if logging was on of off?

Thats what a site disclaimer is for. You tell users what you have and how you protect it or when you remove it. Whether they believe it or not, it's their choice. I doubt everyone is going to go run and check that Rocket.chat indeed doesn't have IP logging.

Also, a "bad" admin could exploit logs for their own criminal intentions.

If you have the unfortunate circumstance of a "bad" admin, i am sure that said website wouldn't have too many visitors for long. Also, GDRP can go hard on that website, not to mention any law enforcement.

Rocketchats priority should be its USERS Not helping feds catch political activists, whistle blowers etc

The tool is there to help them if it's needed, you paranoid &!#*.

Right now, users can feel confident their words are free from DOX.

You should rephrase your statement to say:

"Right now, users can feel confident their actions are free from any criminal responsibility."

Why don't you just tell all your users to use VPNs if they are so scared of being DOX'd because of their freedom of speech? Oh, it would be an inconvenience to them wouldn't it? Well that's the same answer I have in response to your suggestion of running a private chat server with users manually approved.

then you have NO BUSINESS HERE discussing the future of this software. stop glowing & leave.

I can express my opinion if I want to. You gonna stop me? LOL. Aren't you all for freedom of speech. How contradictory you are now. I may use this product again in the future if there are improvements. They are on the right track. This discussion is a great step in that direction.

You are just so absolutely ridiculous. How can people lose confidence in a product if this feature was OPTIONAL. Maybe you are losing confidence in the ability to hide things on the internet and don't like the fact that you can and should be held responsible for your actions if through words on the internet. I am starting to think that is what your website is all about. Probably a platform to express hate crimes, etc. If users are so paranoid about DOX as you say they are, use a VPN. Let's face it your DOX reasoning is just a dumb excuse. Your username is also reflective of the type of person you are so STFU and create that privacy focused server you were talking about earlier. Run along now.

[JoshStrobl]

Christ, can the devs lock this discussion with the "heated" reason? It has turned into an absolute cesspool and derailed from the actual discussion / development topic at hand.

[coders-kitchen]

so no updates on this apart from a completed heated discussion?

[Lawri-van-Buel]

OK, To get this discussion back on track, and give a short overview of the issues (as I see them): The Asked question is "@xa-bi Can you add an feature that enables storing an users connected IP address and have the ability to ban on IP basis?"

• Some people think (I am one of them) that mandatory storing / displaying of the IP address is a bad idea. Among other things GDPR compliance and rogue admins have been given as to why this is an bad idea.
• I have stated that IP banning is not a proportional or effective means of controlling bad users. IP's are often shared between users and banning on user level already exists (just make registering an account mandatory, this would also help by making people agree to a rule set and allow for notifications, e.a. no anonymous accounts)
• I have also stated that if you really need to manage users on an IP level employ a different mechanism for logging in than the native Rocket.Chat username / password box. For example Drupal could be used as a manager of user accounts (with a much finer degree of control than Rocket.Chat ever could){Note, I am the maintainer of the Rocket.Chat Drupal module, and one of the people that set up the Drupalchat.eu service so a little Biased towards those}.
• As reason given (in this thread) for wanting IP logging and Banning, Terrorism and other criminal activity have been given, while I do agree we should help law enforcement when they ask for our assistance (as ordered by the courts) I do not think I would need something as crude as "ip logging" to facilitate them.
• Another issue that has been raised is against Logging IP's is the (legitimate) fear of DOXing, as some have claimed happens on some Discord services.

in short I believe the following:

1. None has met the burden of proof as to why you need IP logging (and there is no other way but IP logging for your issue). A requirement we need to be GDPR compliant.
2. IP logging and banning are crude tools that just as MAC filters have there limited use but should be wielded with care.
3. We can not assume all users are in the same legal area, We should setup Rocket.Chat as compliant to every legal zone it is being used in as possible. Within reason.
4. We should use Evidence and arguments to discuss things, not feelings and rhetoric.

[coders-kitchen]

Thanks a lot. Just a few comments from my side

• I agree that this must not be mandatory, but it should be an option to at least write them on unsuccessful attempts to a log. Which the linked PR provides.
• Yes indeed, IP banning might be sometimes an overkill and will/may affect other users. And I completely agree that IP bans are not the tool for punishing malicious users. There are better and safer ways to do so - as you already outlined. But at least in our case it's not about banning malicious users instead preventing brute force attempts to hack account(s). Which is from my understanding a legitimate reason in GDPR sense.

How should we continue now?

[WebSavvyDude]

As mentioned before, lets make this OPTIONAL.

That would solve those problems with people who are really scared of GDRP (there are many ways to remain GDRP compliant) or having rogue admins (are you serious? lol... re-examine your hiring practices then).

An optional feature should pretty much keep everyone happy (except one person here).

[Lawri-van-Buel]

* I agree that this must not be mandatory, but it should be an option to at least write them on unsuccessful attempts to a log. Which the linked PR provides.

Optional IP logging (e.a. a config options) would not be something I am against. (For example to comply easily with the PATRIOT-act for USA based Hosters)

* Yes indeed, IP banning might be sometimes an overkill and will/may affect other users. And I completely agree that IP bans are **not** the tool for punishing malicious users. There are better and safer ways to do so - as you already outlined. But at least in our case it's not about banning malicious users instead preventing brute force attempts to hack account(s). Which is from my understanding a legitimate reason in GDPR sense.

There already is rate limiting in place on Rocket.Chat, does that not suffice for your needs? does it need to be expended? Also, Rate limiting can also be achieved on the Firewall level (e.a. a Firewall can only allow 'x' number of packages / second)

[Lawri-van-Buel]

That would solve those problems with people who are really scared of GDRP (there are many ways to remain GDRP compliant) or having rogue admins (are you serious? lol... re-examine your hiring practices then).

Not everybody uses Payed admins, (think about non-profit or other volunteer vocations). If we Limit the impact a rogue admin has, we also limit the impact an attacker can have. (it hinders misuse whether intentional and unintentional).

An optional feature should pretty much keep everyone happy (except one person here).

I Agree

[WebSavvyDude]

Don’t get me wrong i understand your point about rogue admins (we use volunteer ones also).

But the “chances of one going rogue” is far less than the chances of a person abusing a service criminally.

We have worked with the FBI, Homeland Security and Interpol and countless law enforcement agencies many times over the years with our services. The ability to provide them IP addresses has led to hundreds of arrests. Without that valuable piece of information, you can only imagine what users can get away with.

I am happy to see you at least agree to an optional solution.

Worse case they can make it an “add on” if this really raises some really legitimate concerns (i still don’t see any strong arguments against it as an option)

[coders-kitchen]

As it seems there is an agreement around "If it's optional, than it's ok" - please correct me if my understanding is wrong, how do we proceed now with (https://github.com/RocketChat/Rocket.Chat/pull/13387) ?

[damianmcclure]

So has anyone made an integration or something yet? It's been 3 years since this post has opened.

[reetp]

So has anyone made an integration or something yet? It's been 3 years since this post has opened.

Read the previous comment (and note that this is an extremely contentious issue). That PR needs updating to pass.

"This branch is out-of-date with the base branch"

You can of course take that code and roll your own if you want.