Although there is no tracking of individual users, nor any information on a user other than IP address (and no data inferred from IP), it seems that IP may be considering "personal information". It should be possible to hash the existing IP addresses and hash all future IP addresses to do the same deduping of install operations that is currently done.
There isn't really a practical issue here in terms of privacy, because:
There is no way for me to connect an IP to a person
IP addresses are never accessible through the website/API
I am the only individual in the entire world who has access to the server
Backups are stored in a machine physically secured in my home on a machine that only I have access to
I never use IP address information for anything other than the package control site, and never will
Most likely we'll need to just run IPs through sha256.
Although there is no tracking of individual users, nor any information on a user other than IP address (and no data inferred from IP), it seems that IP may be considering "personal information". It should be possible to hash the existing IP addresses and hash all future IP addresses to do the same deduping of install operations that is currently done.
There isn't really a practical issue here in terms of privacy, because:
Most likely we'll need to just run IPs through
sha256
.