Submitted by kore in meta (edited )

Hey all,

I was looking in the Postmill source code to see how IPs get stored.

here /u/emma mentions that the IP associated with every post/vote/PM is logged.

But, as alluded to by u/TequilaWolf here, it seems that whitelisted users will not have their IP stored.

I just wanted to verify that at the very least this is true according to the publicly-available source of Postmill. Here for example you can see that the ip for a message is only logged if the user is not whitelisted.

(the form x ? y : z means if x then y else z)

This is also the case for Comments, Votes, and Submissions.

I just wanted to provide this information neutrally in a separate thread, because I do think it is very important.

Obviously this does not prove that Raddle does not log IPs of whitelisted users. It could be a custom instance of postmill (IMO very unlikely), the owner of the server could log IPs when they connect to the server and connected to user accounts by examining the requests to the site, and the hosting company could also log IPs. Whether or not this happens is pretty much unverifiable and it ultimately comes down to trust.

I have a couple of proposals related to this:

  1. Immediately update the Privacy Policy to explain under what conditions IPs are logged more explicitly (and what a whitelisted user is).

  2. Modify the user profile page to include whether that user is whitelisted or not. I will personally try to add this functionality myself if people think this is a good idea. EDIT: Just to make this clearer I would try to make it so only the user themself could see whether they are whitelisted or not.

Open Source For the Win, people! This is what I like so much about it. You can see how it works and change it :)

<3 kore

10

Comments

You must log in or register to comment.

ziq wrote (edited )

Unrelated to postmill, our server has a cron job set up that purges IP addresses.

7

black_fox wrote

thanks for explaining this. i understand better now. i like both of your proposals.

5

f064fb5ddb9041bc8a4cb0024 wrote

Oh, this is great, for a moment I thought that Raddle was like any other forum on the web. I think both of your ideas are great and I think re-writing the privacy policy should be done as soon as possible.

Also, is it totally necessary to control trolls via IP blocking? This leads to a lot of exit nodes being blocked when there are a lot of users under good faith who could use them. If it is totally indispensable, can these IPs be unblocked after X amount of time?

5

emma wrote

I thought that Raddle was like any other forum on the web

I'm curious what you mean by this

can these IPs be unblocked after X amount of time?

There's an option for setting an expiry date when banning, but it's rather cumbersome to use

3

f064fb5ddb9041bc8a4cb0024 wrote

I thought that Raddle was like any other forum on the web

I'm curious what you mean by this

I wanted to say "I thought that Raddle wasn't like any other forum on the web", and I was referring on how they handle and store data.

There's an option for setting an expiry date when banning, but it's rather cumbersome to use

Why is it cumbersome? It does not work properly?

2

emma wrote

Why is it cumbersome? It does not work properly?

you have to pick the expiry date in a calendar, which makes an already tedious banning process worse

2

n_n wrote

Support.

4

An_Old_Big_Tree wrote

Seems like good proposals to me, I hope somebody has the capacity to make the changes!

2