I think it’d be extremely helpful for site moderators if IPs were logged per-post.
I’m an admin on a forum that allows users to share accounts in some circumstances, and I recently ran into a problem moderation-wise after a shared account posted rulebreaking content; we weren’t able to confidently determine which user created the posts.
Along with this, being able to see the IP that a post came from can help in the instance a user’s account is compromised.
There is so much ire against ip tracking, and users sharing accounts seems like a real edge case, that I doubt that will happen, but you can find it in the production.log. You should be able you search for a string in the post to find out.
Wasn’t bunch of IP logging removed due to GDPR related concerns?
I remember something about that, which is why I think that the desire request will not likely be accepted, but I’m fairly certain that the rails logs have I’ll numbers.
No. IPs have nothing to do with GDPR. It matters only if the target is trying to identify users as persons — and that is close to impossible via IPs.
I’m not an expert on GDPR but I’ve heard a lot of fuss about the IP address being personal information and being a violation of GDPR.
And yet it is not nor has ever been 
My IP is right now 84.230.91.162. If Meta will build up a system where they connect it to my name Jakke Lehtonen and using IP purposely (is that a word?) to identify myself that way, that database and use of IP-data falls under GDPR. But not IP per se.
And If/when Discourse saves all IPs and connect them to a user’s real person — IF name is given — it can be under GDPR in meaning Discourse can’t save that data to the end of the world. But because it is next to impossible use IP as identifier on app/website level (operators have more accurate data), it doesn’t matter. And my IP will change tomorrow I guess, and right after that some other finnish user will get that IP, and if he/she is an user here, we are at funny situation .
And that’s why removal or data requests don’t apply server logs.
Only the use, purpose, is important when the target of any act or piece of data is indenty a real person.
IP is always linked to the user signed in with a given IP address. It is not shown publicly but mostly in the backend (admin or server logs)
Of course it is because it is in logs of server too. But IP per se doesn’t identify a real person — that is the main point.
GDPR regulates collecting and using data that can and will be used to identify a person. Sure, we can build up a lot of different databases that can or can’t be legal locally, but it is different ball game than GDPR.
Google Analytics is in deep troubles in Europe, but it is not because of collecting personal data. It is because of Google transfers that data to USA where NSA and some other authorities can have access to that data — and that is against EU-rules.
I’m trying to tell that out there is a lot of confusions when GDPR applies, and it is a real mess. But the main principles is really easy to understand:
IP can’t be used in any of those cases.
This is your real problem. That’s not resolved by adding more logging. You should forbid account sharing and hold the actual owner responsible for everything that happens under their user account.
Agreed. Consider adding one of the plugins that allows users of a group to post under a group identity, while storing the true author of the post in the backend for moderators to inspect.
Lawyer here.
Let’s first settle the debate about whether we are dealing with personal data (yes we are).
IP addresses most definitely are personal data (except in some very rare circumstances - all of which are not present here). It is not relevant whether you figure out the data subject’s identity from an IP addresses because you can still use an IP address to single out a data subject.
People often claim that IP-addresses are not personal data because they are not directly identifying. This is simply not true. In Breyer v. Bundesrepublik Deutschland the European Court of Justice ruled that IP addresses are personal data because the IP can be tied to a person via the ISP. It doesn’t matter whether the forum owner (controller) is able to do this, just as long as it is possible IP-addresses will be considered personal data. For example, when you as a forum owner give IP addresses to the police which then obtains the information of the person behind the IP from the ISP through a court order. Furthermore, GDPR itself clarifies in recital 30 that IP addresses are personal data.
Now, from a legal standpoint you could definitely log IP-addresses to some extent. To what extent greatly depends on the specific circumstances but logging for say a month would be pretty reasonable in order to protect against misconduct. Add proper security safeguards, such as pseudonymizing the IP’s by hashing them etc.
There’s this notion that just because something is personal data you are not allowed to process it without consent. This is fundamentally incorrect. The whole purpose of GDPR is to allow for the processing of personal data and it sets out a certain set of rules.
And it apply only ISPs, because they are the only one who can connect that data to person (and that’s why governments regulates how long that data must be saved AND who get that info). As a lawyer knows very well
That has nothing to do with sites, though.
I think we did exactly this for a customer. Should be a quite simple plugin where post IP gets saved to a post custom field.
It doesn’t only apply to ISP’s, and if you had read the judgement you would know that 
The court ruled that dynamic IP addresses constitute ‘personal data’ even where only a third party (in this case an internet service provider) has the additional data necessary to identify the individual.
It does not matter whether the website themselves it able to identity the data subject, just whether it is possible through the ISP.
This is helpful, thanks for being a lawyer.
This is true, especially these days. I only know of two folks who share a forum account because they are married.
May be ideal to have forum policy against accounts being shared to avoid this risk of not knowing who posted what.
Have also seen legal terms that state forum accounts cannot be inherited as well, that may be a good idea to have that in writing in case that would be a problem.
Is the purpose to prevent account theft, or the use of the same account by multiple people with multiple ip?
The original question was about how to moderate an issue where someone posted something outside of community guidelines, with an account that was shared by more than one person. If posts had a signature of what i.p. address they were published from, then moderators may know who wrote specific posts.
This would only work if account holders notified mods/admins they have given someone else permission to use their account from a different specific address or country.
Second question was about if an account is compromised, as in if login information was stolen. There are automatic notifications sent out in e-mail about unusual logins from different countries.