With the introduction of the new EU GDPR regulations storing IP addresses will require user's content. As far as I know hashing these (if possible) would mitigate this.

The alternative is the user would need to be informed and give consent about having their IP address stored.

https://ico.org.uk/for-organisations/guide-to-the-general-data-protectio...

CommentFileSizeAuthor
#4 votingapi-2974084-4.patch4.51 KBpifagor
#2 votingapi-2974084-2.patch3.59 KBpifagor

Comments

pifagor created an issue. See original summary.

pifagor’s picture

pifagor
Location 🇺🇦 Rivne
commented
Status: Active » Needs review
StatusFileSize
new votingapi-2974084-2.patch3.59 KB
pifagor’s picture

pifagor
Location 🇺🇦 Rivne
commented
Status: Needs review » Needs work
pifagor’s picture

pifagor
Location 🇺🇦 Rivne
commented
Status: Needs work » Needs review
StatusFileSize
new votingapi-2974084-4.patch4.51 KB
pifagor’s picture

pifagor
Location 🇺🇦 Rivne
commented

The patch needs to run update.php
The IP consent message must be displayed at the Drupal core level since Drupal core also uses IP.
I save hash IP. This data cannot be decoded, so I think it will not violate GDPR

  • pifagor committed df456c8 on 8.x-3.x 
    Issue #2974084 by pifagor: Anonymize IP address data to meet EU (GDPR)...
pifagor’s picture

pifagor
Location 🇺🇦 Rivne
commented
Status: Needs review » Fixed

Changes for GDPR have been moved to version 8.x-3.x (dev) of the module.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Andre-B’s picture

Andre-B
Primary language German
Location Offenburg, Germany
commented

I don't think simple hashing will count as anonymization here. the total amount of ipv4 adresses is somewhere around 4.3 billion addresses, while the public adresses are around 3.7 billion.

https://stackoverflow.com/questions/2437169/what-is-the-total-amount-of-...

computing every hash for these ip addresses won't take very long. here are some numbers on consumer grade hardware, no graphics card: https://automationrhapsody.com/md5-sha-1-sha-256-sha-512-speed-performance/

following these results generateStringToHash() takes about 737.8 ms for 1000000 calculations @sha256. so computing time for the whole set of public ip addresses (in minutes):

((3706452992 / 1000000) * 737.8) / 1000 / 60 = 45.577 minutes.

it's very likely rainbow tables already exist for ipv4 addresses. ipv6 is a different pair of shoes..

Further reading: https://security.stackexchange.com/questions/64601/ip4v-rainbow-table

Andre-B’s picture

Andre-B
Primary language German
Location Offenburg, Germany
commented

Following up on this:

in my opinion we should only store the ip addresses for the time that we need them which will boil down to flood protection. usually 24 hours should be enough then. afterwards the data should be discarded. if we need a unique identifier for statistic purpose or something else I'd suggest splitting the ip address of the normal vote by creating a vote_identifier table, containing a uuid, the ip address, the time of voting and the time the ip address can be deleted from that table.

Andre-B’s picture

Andre-B
Primary language German
Location Offenburg, Germany
commented

and another thing: consent for storing the ip address is not always required - there are other rightful ways of doing so like legitimate interest.

mfb’s picture

mfb
they or he
commented

I posted a similar followup comment at #2959128: Anonymize IP address data to meet EU (GDPR) data protection regulations

There are a couple of modules available that resolve IP address privacy with both Drupal core and Voting API module: https://www.drupal.org/project/ip_anon (implements a retention policy to purge IP addresses after some period of time) and https://www.drupal.org/project/cryptolog (replaces IP addresses with 24-hour ephemeral identifiers before they hit Drupal's database, using a keyed HMAC with rotating salt).