Welcome! Log In Create A New Profile

Advanced

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Christian Theune
September 22, 2020 02:32AM
Hi,

as this is the first time I’m interacting with this list, I’d like to understand how to interpret silence. :)

Would someone mind educating me whether silence means:

- you’re on the wrong list, please go elsewhere (where?)
- the idea is not interesting enough to be considered
- we currently don’t have time to deal with this
- you’re completely wrong doing this and nobody wants to tell you ;)
- you’re not adhering to some rule (sorry if that is the case)
- something else (what?)

Thanks a lot,
Christian

> On 16. Sep 2020, at 21:20, Christian Theune <ct@flyingcircus.io> wrote:
>
> Replying to myself for now ;)
>
> One thing I can imagine being desirable would be to make the number of bits (v4/v6) that are masked configurable.
>
> The current choice of 8 bits for IPv4 and 64-bit on IPv6 is based on our tradition that was considered a reasonable practice with respect to GDPR by courts in Germany. Unfortunately I can’t find a reliable source at the moment, but would take the time to dig one up if needed for the discussion.
>
> Cheers,
> Christian
>
>> On 16. Sep 2020, at 17:28, Christian Theune <ct@flyingcircus.io> wrote:
>>
>> Signed PGP part
>> Hi!
>>
>> first time posting here. I started working on a builtin-way for nginx to provide GDPR conformaing access logs reliably by default:
>>
>> https://github.com/nginx/nginx/compare/branches/stable-1.18...flyingcircusio:ctheune-anonymize-by-default
>>
>> This isn’t ready to be merged at this point as it suffers at least from two things:
>>
>> a) I’m not a C programmer by nature and might be making stupid mistakes. This is “monkey see monkey do code”.
>>
>> b) You likely do not want to have this on by default for everyone, so I’m expecting that this requires a config option (runtime or compile, with a slight preference to runtime from me).
>> The new built-in variable remote_addr_anon should be available by default in any case, though.
>>
>> Some background: we tried implementing this purely by using a mapping approach, but this doesn’t make it a proper default as everybody defining an access log has to mention the proper format or accidentally IPs will leak. This happens over and over and we’d prefer a “privacy by design” approach very much.
>>
>> There is a trac ticket (https://trac.nginx.org/nginx/ticket/868) that already discusses this, however the .1 is IMHO not a good approach to recommend as it suggests a real IP whereas our impression is that nulling the last byte in IPv4 and nulling the last 8 bytes in IPv6 is the proper approach and it’s directly visible that this is an anonymized IP.
>>
>> Let me know what you think about this and - if you’d like to see this in the mainstream code - I’d appreciate if you give me the necessary hints to bring this code to the level of quality that is proper for nginx.
>>
>> Kind regards,
>> Christian
>>
>> --
>> Christian Theune · ct@flyingcircus.io · +49 345 219401 0
>> Flying Circus Internet Operations GmbH · http://flyingcircus.io
>> Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland
>> HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick
>
> --
> Christian Theune · ct@flyingcircus.io · +49 345 219401 0
> Flying Circus Internet Operations GmbH · http://flyingcircus.io
> Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland
> HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick
>

Liebe Grüße,
Christian Theune

--
Christian Theune · ct@flyingcircus.io · +49 345 219401 0
Flying Circus Internet Operations GmbH · http://flyingcircus.io
Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland
HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

(draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Christian Theune 583 September 16, 2020 11:30AM

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Christian Theune 318 September 16, 2020 03:22PM

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Christian Theune 296 September 22, 2020 02:32AM

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Hung Nguyen 284 September 22, 2020 02:44AM

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Christian Theune 315 September 22, 2020 02:56AM

Re: (draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

itpp2012 601 September 22, 2020 03:20AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 235
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready