Hacker News new | comments | show | ask | jobs | submit login

> Stop logging the IP address then. Hopefully default settings in web servers will change.

But in legal matters, you need to identify people and have some kind of audit trail, especially if they tried to breach your system. That makes no sense.




Depends what's on the site. If it's just a static site, there isn't a lot of point trying to investigate a breach, just fix the changes and move on.


Why stop at IP addresses then?

If IP addresses in logs are necessary for audit trails, why aren’t fingeprints?


You put it to a total overexaggerated extreme here.

That doesn’t help.

IP adresses are not 1:1 assigned to a person for a whole lifetime, fingerprints are.

Only with a lot additional effort and connection to other databases, IP adresses can actually be connected with a person, but only for an uncertain period of time, finding out this timespan, and ensuring it’s really only exactly this one person requires even more effort.

So a properly crafted law would have made all these efforts illegal, and put high fines on them, but not the decades old practice of storing ip adresses in logfiles.


Why do you need to store IP addresses in log files?

I understand audit logging for authenticated users, but that's hardly a general case.


Why are ip adresses even considered personal data? They aren’t for most people and situations, unless a lot if other activities are done. All of which would be already illegal without consent by the law. The ip adress i write this from changes every day, and nobody can know if i share it with someone or not.

I want to be protected from marketing firms that sell my email adress , and everyone who uses it to send me mails for whatever product to buy judt because i entered it for some totally different reason. Those shall be fined with 5 figure amounts.

I don’t see how my(and my housemates/office colleagues etc) ip in the logfiles of the webserver which a small business rented for 3€ to upload 3 html filed can be abused (without storing my email and name without consent which is actual personal data and therefore illegal) and i dont want my hairdresser, car mechanic etc be in need to consult a lawyer to understand all that stuff and have a day worth of bureaucracy and adfing a “we have your current ip in the logs” note just because they want me to be able to google their street adresses.

The law is simply not well crafted for no use if the latter is the case.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: