Store users IPs and ability to ban IPs #2885
Comments
|
Regarding this.. What about the idea to be able to "attach" a md5 or something similar of the IP beside the user posts.. Makes it possible to identify trolls posting from multiple accounts.. Lunitic IP: E03AE33EE8417CE2C9785274217636E0 Preferable some other scheme ... |
|
Maybe we could show the real IPs on of connected users on the admin panel? |
|
@engelgabriel For me it would be super useful to have as an admin user IPs shown in the user profile tab, because I had some people who tried to impersonate others on my chat. |
|
Pleaes note that displaying IP publicly (i.e. not only to admins) is a privacy concern |
|
As already mentioned, we should have the IP view ability for Administrators and Moderators and Owners. This will not create any privacy concerns. Public users should not be able to view IP addresses. |
|
Add reCAPTCHA - IP LOGGING for DMCA requests #10542 |
|
@WebSavvyGuy
It has legal connotations with GDPR. As soon as you link an IP to a user it is personally identifiable data and covered by GDPR.
What about your when system gets hacked ? @Gandalf-the-Grey is correct. GDPR is a gamechanger regarding storing personally identifiable information, period. Love it or loath it, you can't change it. |
|
Almost every major website has some sort of logs stored with IPs. Setting up some sort of disclaimer helps in those scenarios. Why this chat doesn't have some sort of IP log by now is puzzling. |
Websites usually log via the webserver. Forums and other systems may then use the IP and link it to a user, but that now has consequences due to GDPR
Not necessarily with GDPR. Disclaimers will do absolutely nothing to protect you from your responsibilities to look after the data if is personally identifiable - eg an IP linked to a user.
As per the first comment. And strangely enough not everyone needs it ! |
|
I am not convinced this GDPR you speak of applies to just IP being logged and associated with a "nickname/username" Actually the Nginx logs for the rocket.chat service already show username and IP but its hard to access that and it needs better and organized ways to access it from the Admin panel. Those IP logs do not really identify anybody at all. There would be several further steps required to identify someone after obtaining an IP address. Most of which involves law enforcement and then the assistance of the ISP. I can give you my IP address now, and I bet the average Joe could not identify me. In a nutshell, almost every server running Rocket.chat already has IP logs and username. (100% confirmed if you use Nginx). It's just not configured into the admin panel. To your second point....Yes, not everyone needs the IP but for standard security, it's pretty much the basics. But as I have stated in the past, this application is really good for internal (i.e office) and small scale use. Public and anonymous large scale use (as we tried to use it for in the past) it isn't good at all. |
|
@WebSavvyGuy
General Data Protection Regulation If you don't know about it then I really suggest you go and read up. Plenty of stuff online about it. It is a game changer for data storage with personally identifiable information, particularly in the EU, but affecting anyone who has contact with EU citizens.
|
|
Well almost the entire internet has to be rewritten then. How much is enforceable, we would have to wait and see to find out. As you pointed out, mostly applied to EU. Also, some common sense has to be applied here. An IP address does not identify you directly. A lot of hurdles would have to be taken to get the actual person and even then it may not even be the same person. It could be a household, institution, service center. Adding "a computer IP address" as personal data is just careless by the GDPR people who wrote that. Think of all the software/websites (forums, blogs, etc...basically any site that you need to register at and, heck any server with logs being recorded) out there that records IPs. This is more a function of your webserver via logs. As i have already said, Rocket.chat does presently record usernames with IPs. (For me its located at /var/log/nginx/access.log) Are you saying they should remove that then? Anyways, we are getting way off topic. My vote is to still add this feature to the admin panel so we can access the IP logs that already exist for this application and ban those who need banning. But I am not holding my breath. (GDPR or no GDPR :) ) |
|
@WebSavvyGuy
Welcome to 2018...
More than you may think. Especially if you are in the EU or have any dealings with the EU. Note other bugs on Rocket for GDPR compliance....
Nope. It's intentional. It's the way it is, and I believe there is case law already in the EU regarding the status of IPs
Yup - they'll all need looking at unless you have zero visitors from the EU. But it's OK. You still have 24 days to get your compliance in order :-) Note also the very first comment in this bug:
So the intention is to retain that data to identify and ban that user. That becomes PII, and subject to GDPR. So my original point was that this feature should be a toggle at most for those who want it, but not for those who do not. |
|
Gee this thread is just a joke im sorry I even commented! Anything that is asked regarding IP loggin is stone walled, im out ill pay someone to rewrite a solution as nobody here is the slightest bit interested other then GDPR compliance well I have a huge budget I can deal with that when it arises right now Id like some access to these IPs you say are already logged! and a decent solution or at least some decent input in these threads it's like dealing with a bunch of five year olds asking about issues here. |
|
@WoWzee I totally hear you. Let me know if you find a solution. We definitely need this feature but it's not going to happen with people striking fear into the developers with this GDPR nonsense. Some idiot added "IP address" to the list of personal data into the FAQ's and now this is going to get them all paranoid. (which it already has some) We run a website with tens of thousands of users and Rocket.chat was not able to handle the load (even on a powerful server) so keep that in mind for how much time and money you spend into modifying. We learned the hard way. Every single webserver stores IP address logs. I hope the EU shuts down the internet to the rest of the world. Let's see how long this law lasts. |
|
I'm not saying you shouldn't have it. I just just asked that you bear in mind that there are those of us who are subject to different laws, like it or not, and to respect that fact. The USA is not the only nation on the planet, nor does it have the only set of laws. GDPR is here. It has been for 2 years. Just that it becomes mandatory on the 25th May. It can't simply be ignored. The EU is a market of 500 million people. It is not insignificant. And the fines for non compliance are large. GDPR is there to protect the privacy of the individual, which has been abused for far too long, and that is no bad thing IMHO. Please stop using words like 'idiot' and 'nonsense'. They are superfluous in a grown up discussion. This about law, decided by judges. |
|
We are considering fro development a solution, that would have the following characteristics:
Can you guys give us some feedback about this ideas? |
engelgabriel
added
Feature: Planned
|
@engelgabriel
|
|
To some of participants in this discussion: please do not spread FUD about GDPR, please consult your use cases with your own lawyers if you haven't already. GDPR doesn't change much for people that were doing things right. You should handle PII material with a proper care. If you are running an Internet service and can't do that properly you should really shut it down. Obviously if that is such controversy let's just define option
I see no reason for restricting ourselves. In the end we are keeping e-mail addresses in DB. How holding IP address is making it worse? As @Lawri-van-Buel noted, it introduce issues with clusters when sharing data.
Sounds good.
Not sure if that's needed that much. Global settings for rate limiting to avoid general spam would be enough. Maybe with some exceptions (please note: reverse-proxy scenario, many-to-one relation in some scenarios)
Ideally I would love to have nginx/apache like log file with actions user/ip
As mentioned above, IMO no need for such restrictions, however, we might want to limit access to IP data to admins
Sounds good. |
|
I believe this is an important issue. If we want to make Rocket.Chat more usable for public usage, we'll need more powerful moderation tools. One of these would be IP bans. Implementing this doesn't have to be insanely difficult - add a "ban" function to users, which will disable their account and find the user's last few IPs and restrict those from creating new accounts. As for law/GDPR/privacy issues: is an IP address not "data required for the operation of the service"? Every single webserver logs IPs too, so I feel it would be trivial to legalize the storing of IPs in such manner. If the admin doesn't want it, they should just be able to turn it off in the ban list. Another good feature to add at this point is some sort of DNSBL / getipintel integration, to prevent people from using VPNs or Tor exit nodes (of course, it should be possible to disable, or add specific IPs/hosts that bypass this, for companies that use VPNs). Using Rocket.Chat publicly is difficult without proper moderation tools. Slack suffers from this too - let's beat them to it :) |
I would support more and better moderation tools. To understand the complexities of banning we only need to take a look at IRC's history (like on freenode) and see that banning based purely on IP is not without high risks.
As for GDPR, any and all use needs to be declared and needs a base to use it. The test for whether it is
An optional setting to provide a "ban" list based on 'DNSBL / getipintel / etc.' would be a really good feature. But probably belongs on the webserver side. and not in the rocket chat app.
To utilize rate limiting with a fail2ban all we would need is a proper log entry in the webserver (for which there already exist fail2ban scripts) I must stress that there are more moderation tools available in rocketchat than in Slack, especially through the API. While not as accessible as an UI element it offers more advanced use-cases. We could use an admin tool alike to the Rocketchat native app on desktop that would expose these more advanced use-cases in a moderator friendly way.
I can not stress this enough myself. GDPR is only a gamechanger in regards to the potential "punishment" (e.a. fine's / legal remifacations) it is based on older laws that allready requirers the proper use and safeguards for utilizing PII. Ergo, most of it is stuff to consult a lawyer about as @Gandalf-the-Grey allready recommands. |
|
I do like the plans put forth by @engelgabriel It’s a positive step in the right direction. Hope this becomes a reality. I do not agree with the statement raised by another person that we should further limit this function because of a few rare cases of users sharing the same IP addresses. In that very unlikely event just delete it from your list. |
|
@WebSavvyGuy
This is not a rare event on the global scale. a real thing in Asia, Africa, South America and parts of Europe. It is also important to note that there are options in rocketchat to Block, Deactivate and Delete an existing account. And there is an option to require a valid email and an option to require a manual approval for users. (something that in an active community with lots of community admins / moderators should not be a problem). IP bans are useful on a network layer, not on an application layer. since Rocketchat is an application it should NOT ban on IP. If tour setup requires IP level bans you should also employ network monitoring and network level firewalls that can actually blacklist an IP. (your basically entering the area of Denial of service attacks and targeted abuse that will require these level of tools) TL;DR. |
|
@WebSavvyGuy An interesting idea I just thought of is that if you try to ban an IP that multiple people use, it'd give you a warning. |
|
It is a rare event at the moment. You can always do an IP address ban list review periodically to filter out these unlikely events. They can still contact you as this would be limited to Rocket.chat (i believe) They can still contact you via contact us page on your site. Block, deactivate and delete are a joke. You just need to sign in again. If you use anonymous user, it's a matter of 1 second to get back. The ban request is for a good reason. We run an extremely high traffic chat website. Have been doing it for 18 years. Been using ban, kick and mute functions for 18 years. We have never run into such an issue of a shared IP address or ever once saying "oh we don't need a ban button". Yes, bans belong in an app. |
|
We really need this feature |
|
The Merge Request will not close but only reference this issue. @Lawri-van-Buel The feature in the Merge Request contains already the option to choose what to log. In detail you can deactivate logging of the following information
each deactivated option will be displayed as a simple '-' sign. |
|
" We are currently adding a feature that logs at least the failed login attempts"
PLEASE DO NOT DO THIS
DO NOT LOG IP.
NO IP LOGS is a DISTINCT advantage and point of difference over DOXcord.
Who cares if some admins (for dubious reasons) are BEGGING for IP logs.
You DESTROY user confidence in the platform.
You end up just creating another DOXcord.
ZERO Knowledge is BEST for when subpoenas get received.
And MANY political organizers have shifted to Rocket Chat, and VALUE the no
IP feature.
I have not seen ONE legitimate reason for these "admins" to need logs.
Got a problem user, delete their account, require new account approval, or
limit new accounts to a lounge, trolls and spammers solved.
DO NOT CUCK AND BECOME ANOTHER DOXcord.
…On Thu, 28 Feb 2019 at 00:41, Peter Daum ***@***.***> wrote:
The Merge Request will not close but only reference this issue.
@Lawri-van-Buel <https://github.com/Lawri-van-Buel> The feature in the
Merge Request contains already the option to choose what to log. In detail
you can deactivate logging of the following information
- Client IP
- Forward For IP
- UserAgent
- Username
each deactivated option will be displayed as a simple '-' sign.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#2885 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AnBXmusR0DkmLbRooG-B0trKSaw1NgW2ks5vRpkZgaJpZM4IHR7U>
.
|
translation: |
seems like an EXCELLENT Goal to have tho! |
|
@NameTheJew what if you get users terrorists? what if you get sick people that offer drugs and destroy people life from your server?? what if you get some criminals in your site how will you manage that ?? i think message audit panel & ip log and ability for admin to see ips and ban and read convos is for safety for client and users and even server owners |
|
Please get IP logs. Ignore the garbage arguments for not having it. The people who don’t want it have no users so probably can’t be bothered with it. Anybody with a half decent website with actual users will know the importance of IP logs. Worse case is let admins turn this feature on and off as they choose. |
|
@WebSavvyGuy i agree the people who arnt planning to do troubles or to harms they dont get worried about admins getting their ip or reading their convo me personaly i dont worry about because i know its for safety of users facebook, skype , twitter , whatsapp kik, all chat apps have this features and they read the convo and they get users ip |
|
I’ve never seen people complain about a potential added feature that is beneficial. Even if it was made “optional” (turn on and off logging from the admin panel say)... they would be against it, which makes you wonder what their actual motives are. Most servers already come with access logs, just making it more readable is all we ask. It is legal to give IP addresses to law enforcement agencies. (GDRP or otherwise) That would be one reason to have it. |
|
@WebSavvyGuy i agree with you 100% |
|
Yes, it’s really those people who b*tch and complain about it affecting privacy or GDRP which slows this feature down from being made. They don’t fully understand what GDRP and privacy is. Those two things are more about how you protect the data, not actually possessing it. Almost every server has access logs already. Is the whole world going to shut off their access logs because GDRP was introduced?. Of course not, thats not how it works. |
LOL, are you serious. Cos terrorists just LOVE to tell everyone their secret plans. 99.999% of the time people are talking shit on the internet.
except IP logging is NOT beneficial to users, or administrators.
WHO CARES... really. We tell all our users to setup 2FA. If rocket chat implements IP logging, ive already made the decision i will FORK rocketchat, and create a privacy focused chat server. |
|
@NameTheJew Please stop with your nonsense. You are assuming EVERY single person out there is sophisticated enough to host their own private encrypted chats, or "smart" enough to use a VPN. There are legitimate situations where users have been committing criminal offences and were caught doing so because we had their IP address and provided it to the police/law enforcement agency. Yes, terrorism brought up by the other post is a far fetched example but there are smaller crimes (although serious enough) that require an IP address for law enforcement. Because we had access to IP logs, we were able to assist law enforcement to arrest thousands of users over the years. I won't get into specifics but not only is IP logs beneficial for administrators to protect their own servers, it has proven to be beneficial to protect the general public when working with law enforcement. Personally, i don't really care what happens because we stopped using Rocket.chat due to technical limitations with high volume amount of users but i received this update in my email and needed to respond. Yes, please fork rocketchat and create your own privacy focused chat server where you guys can post all day about how great not having IP logs are...but stop trying to argue against something that is very much needed by many other rocket.chat users. (Most are just asking for it as an OPTION, not something permanent that every adminstrator has to use) Would you be open to it being an optional feature? Would love to hear your answer to that LOL. |
no my concerns are entirely VALID, and represent the interests of all rocket chat USERS. You want to "catch criminals" go join the FEDS (im pretending you haven't already).
then you have NO BUSINESS HERE discussing the future of this software. |
Of course NOT. |
Thats what a site disclaimer is for. You tell users what you have and how you protect it or when you remove it. Whether they believe it or not, it's their choice. I doubt everyone is going to go run and check that Rocket.chat indeed doesn't have IP logging.
If you have the unfortunate circumstance of a "bad" admin, i am sure that said website wouldn't have too many visitors for long. Also, GDRP can go hard on that website, not to mention any law enforcement.
The tool is there to help them if it's needed, you paranoid &!#*.
You should rephrase your statement to say: "Right now, users can feel confident their actions are free from any criminal responsibility." Why don't you just tell all your users to use VPNs if they are so scared of being DOX'd because of their freedom of speech? Oh, it would be an inconvenience to them wouldn't it? Well that's the same answer I have in response to your suggestion of running a private chat server with users manually approved.
I can express my opinion if I want to. You gonna stop me? LOL. Aren't you all for freedom of speech. How contradictory you are now. I may use this product again in the future if there are improvements. They are on the right track. This discussion is a great step in that direction. You are just so absolutely ridiculous. How can people lose confidence in a product if this feature was OPTIONAL. Maybe you are losing confidence in the ability to hide things on the internet and don't like the fact that you can and should be held responsible for your actions if through words on the internet. I am starting to think that is what your website is all about. Probably a platform to express hate crimes, etc. If users are so paranoid about DOX as you say they are, use a VPN. Let's face it your DOX reasoning is just a dumb excuse. Your username is also reflective of the type of person you are so STFU and create that privacy focused server you were talking about earlier. Run along now. |
|
Christ, can the devs lock this discussion with the "heated" reason? It has turned into an absolute cesspool and derailed from the actual discussion / development topic at hand. |
|
so no updates on this apart from a completed heated discussion? |
|
OK, To get this discussion back on track, and give a short overview of the issues (as I see them):
in short I believe the following:
|
|
Thanks a lot.
How should we continue now? |
|
As mentioned before, lets make this OPTIONAL. That would solve those problems with people who are really scared of GDRP (there are many ways to remain GDRP compliant) or having rogue admins (are you serious? lol... re-examine your hiring practices then). An optional feature should pretty much keep everyone happy (except one person here). |
Optional IP logging (e.a. a config options) would not be something I am against. (For example to comply easily with the PATRIOT-act for USA based Hosters)
There already is rate limiting in place on Rocket.Chat, does that not suffice for your needs? |
Not everybody uses Payed admins, (think about non-profit or other volunteer vocations).
I Agree |
|
Don’t get me wrong i understand your point about rogue admins (we use volunteer ones also). But the “chances of one going rogue” is far less than the chances of a person abusing a service criminally. We have worked with the FBI, Homeland Security and Interpol and countless law enforcement agencies many times over the years with our services. The ability to provide them IP addresses has led to hundreds of arrests. Without that valuable piece of information, you can only imagine what users can get away with. I am happy to see you at least agree to an optional solution. Worse case they can make it an “add on” if this really raises some really legitimate concerns (i still don’t see any strong arguments against it as an option) |
|
As it seems there is an agreement around "If it's optional, than it's ok" - please correct me if my understanding is wrong, how do we proceed now with (#13387) ? |
|
So has anyone made an integration or something yet? It's been 3 years since this post has opened. |
Read the previous comment (and note that this is an extremely contentious issue). That PR needs updating to pass. "This branch is out-of-date with the base branch" You can of course take that code and roll your own if you want. |
and others
I have a chat where sometimes trolls come to mess with users. It would be nice to store user IPs and the ability to ban users from same IP.
It also be nice to have the option to make a chat public for non registered users ("readonly mode")
Yes I know there is an open issue #604 ,but just trying to bump it :)
Thanks in advance.
The text was updated successfully, but these errors were encountered: