Cryptolog

Cryptolog enhances user privacy by logging ephemeral identifiers rather than actual client IP addresses in Drupal's database tables and syslog.

Cryptolog replaces the server REMOTE_ADDR variable with a 128-bit HMAC of the client IP address (in IPv6 notation), using a salt that is stored in memory and regenerated each day.

Because Cryptolog uses the same unique identifier per IP address for a 24-hour period, it is still possible to do some statistical analysis of the logs such as counting unique visitors per day. In addition, unlike other solutions of setting $_SERVER['REMOTE_ADDR'] to either one static IP address or a completely random IP address, Drupal's flood control mechanisms still function as normal.

Drupal modules will submit the hashed IP address to remote services (e.g. a credit card payment gateway); therefore Cyptolog effectively anonymizes IP addresses sent to third-party services (aside from services which receive HTTP requests directly from the end user).

Note: As long as the salt can still be retrieved, brute force can be used to generate a rainbow table and reverse engineer client IPv4 addresses. However, once the salt has expired and a new salt regenerated, or the web server has been shutdown or restarted, it should not be feasible to determine client IP addresses, aside from using forensic methods on unencrypted swap space etc.

Requirements: One of the following: APCu PHP extension, APC PHP extension, Memcache Drupal module, Memcache Storage Drupal module (Drupal 8), Redis Drupal module (Drupal 8 dev branch), or XCache PHP extension (Drupal 7) are currently required as a memory-based key/value store for the salt. The backend store will be chosen automatically based on which PHP extensions are loaded, with a preference for Memcache which can be shared between servers.

Drupal 7: Please note in addition to enabling the module, you must also enable it in your site's settings.php file; see INSTALL.txt for instructions.

Drupal 8: The Drupal 8 version uses a kernel request event subscriber to modify the client IP address on each request, and therefore does not require modification of the settings.php file.

Acknowledgments: This module was inspired by the Cryptolog Python log filter script.

Similar modules: IP anonymize logs IP addresses as per normal, and then retroactively scrubs them according to a configurable IP address retention period.

Supporting organizations: 

Project Information

Downloads