Open alangecker opened 4 years ago
clokep
commented
4 years ago This seems like something reasonable. I believe there's only a couple of spots we record this (for each device and also for each step of UI auth).
The IP address stored with each device is shown to users in their client though, so not having this information could be confusing (see matrix-org/synapse#8485 about other ramifications of this).
tusooa
commented
4 years ago This seems like something reasonable. I believe there's only a couple of spots we record this (for each device and also for each step of UI auth).
The IP address stored with each device is shown to users in their client though, so not having this information could be confusing (see matrix-org/synapse#8485 about other ramifications of this).
Could that info be encrypted with user password (or something like that) so that no one else can see it? If we don't store plaintext ip, we cannot be threatened by the authority to give out that.
ckorder
commented
3 years ago storing them encrypted is the best way to handle this, but why anyway we have the session id. i don't get also why matrix needs a canvas fingerprint, just use a cookie with a long lifetime and refresh cycle maybe linked with an user pw encrypted ip. and off course they will be checked server side. i don't know why self destructing messages should be anything bad, it would be nice for the server storage if we can clear / the user can clear with ease the old messages. destructing messages are the safest way to keep conversations private on long term, because the chance increases by time being targeted and the encryption keys / the user device get exposed!
add self destructing messages as feature for private chat and group rooms and store the user ip as hash encrypted with salt.
care more about the conversations than authorities. by making them unaccessable matrix-org/synapse#6287 https://github.com/vector-im/element-web/issues/2497
throny
commented
3 years ago Any news on this @clokep? The labels are outdated but I think this is a privacy issue: I could be forced as a hoster (as @tusooa mentioned above) to give out this information. I would not be able to do that in encrypted form. Could you please update the labels? Would offer my help but am unexperienced with Synapse (just like @alangecker )
ghost
commented
2 years ago I believe that all IP logging should be disabled by default.
Currently there is no option which allows us to disable the storing of users IP addresses in the database.
There is the config
user_ips_max_agewhich helps removing the IP's after a short timeframe and it is possible to do something in the reverse proxy like replacing theX-Forwarded-Forheader with something arbitrary like0.0.0.0, but this also disables things like IP based rate limiting.From a data privacy perspective I think there should be an option for disabling the storing of user IP's at all.
I'm personally motivated to work on that, but I'm also quite unfamiliar with synapse.. so if this feature is wished and anyone can give me some hints how this would be implemented in the best possible way, I probably could do it! :)