Hide IPs behind a button like emails

When you want to view an email in Discourse, it’s hidden behind a button.
image
When a user views an email, it’s stored in the logs.

The thing is, IPs are visible without having to click a button
But, IPs are freely visible to admins without having to click a button and without logging.
image
Instead of showing it, there should be a button similar to the “Show” button for emails.
image

IPs are arguable more sensitive than emails for more users (myself included), so this would be nice to have to know when admins are looking at IPs.

1 Like

There is no point to hide it. It is totally trivial job to find it from logs of server.

And where it can be used to identify users better than email? Quite few uses disposable emails (and those should be ban anyway).

The worst somebody can do with an email is send a bunch of messages which isn’t that bad, you can just block it or report spam.

IPs however can list your location, ISP, and more sensitive info.

If anything the opposite is true. You sign up for an email address and own that account. If the account is attacked then the consequences can be significant. Attack a mailbox just right and the user can lose access to it permanently.

IPs are allocated to you from a pool and your last IP will change as you move between devices and networks - home/school/work/cell connection and coffee shop for example.

I would be much more concerned about who you allow to see your users data, than their ability to unmask an IP address.

1 Like

ISP yes, but where is that a sensitive info?

Location… rarely and it is almost never accurate. Yes I know I’m living in small country and in bigger countries where an ISP can be even town related, plus domestic roaming can be sometimes problematic, the situation can be slightly different, but I doubt anywhere you can be pinpointed accurate. Here in Finland, EU my location is always at least 100 km off.

That is true in Europe and IP didn’t show my location accurate in London (well… that is still part of Europe, sorry :rofl: ), New York or Los Angeles.

Other sensitive info? There is not any.

And still… an admin can find out your IP really easily even when it is not shown on side of Discourse.

From my point of view whole IP is just noise, and the biggest single reason why admins are struggling with error 429 — because so many are sharing same IP.

1 Like