(draft) Privacy by design - offer more convenient way to anonymize IPs in access log by default

Tue Sep 22 06:31:25 UTC 2020

Hi,

as this is the first time I’m interacting with this list, I’d like to understand how to interpret silence. :)

Would someone mind educating me whether silence means:

- you’re on the wrong list, please go elsewhere (where?)
- the idea is not interesting enough to be considered
- we currently don’t have time to deal with this
- you’re completely wrong doing this and nobody wants to tell you ;)
- you’re not adhering to some rule (sorry if that is the case)
- something else (what?)

Thanks a lot,
Christian

> On 16. Sep 2020, at 21:20, Christian Theune <ct at flyingcircus.io> wrote:
> 
> Replying to myself for now ;)
> 
> One thing I can imagine being desirable would be to make the number of bits (v4/v6) that are masked configurable.
> 
> The current choice of 8 bits for IPv4 and 64-bit on IPv6 is based on our tradition that was considered a reasonable practice with respect to GDPR by courts in Germany. Unfortunately I can’t find a reliable source at the moment, but would take the time to dig one up if needed for the discussion.
> 
> Cheers,
> Christian
> 
>> On 16. Sep 2020, at 17:28, Christian Theune <ct at flyingcircus.io> wrote:
>> 
>> Signed PGP part
>> Hi!
>> 
>> first time posting here. I started working on a builtin-way for nginx to provide GDPR conformaing access logs reliably by default:
>> 
>> https://github.com/nginx/nginx/compare/branches/stable-1.18...flyingcircusio:ctheune-anonymize-by-default
>> 
>> This isn’t ready to be merged at this point as it suffers at least from two things:
>> 
>> a) I’m not a C programmer by nature and might be making stupid mistakes. This is “monkey see monkey do code”.
>> 
>> b) You likely do not want to have this on by default for everyone, so I’m expecting that this requires a config option (runtime or compile, with a slight preference to runtime from me).
>>  The new built-in variable remote_addr_anon should be available by default in any case, though.
>> 
>> Some background: we tried implementing this purely by using a mapping approach, but this doesn’t make it a proper default as everybody defining an access log has to mention the proper format or accidentally IPs will leak. This happens over and over and we’d prefer a “privacy by design” approach very much.
>> 
>> There is a trac ticket (https://trac.nginx.org/nginx/ticket/868) that already discusses this, however the .1 is IMHO not a good approach to recommend as it suggests a real IP whereas our impression is that nulling the last byte in IPv4 and nulling the last 8 bytes in IPv6 is the proper approach and it’s directly visible that this is an anonymized IP.
>> 
>> Let me know what you think about this and - if you’d like to see this in the mainstream code - I’d appreciate if you give me the necessary hints to bring this code to the level of quality that is proper for nginx.
>> 
>> Kind regards,
>> Christian
>> 
>> --
>> Christian Theune · ct at flyingcircus.io · +49 345 219401 0
>> Flying Circus Internet Operations GmbH · http://flyingcircus.io
>> Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland
>> HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick
> 
> --
> Christian Theune · ct at flyingcircus.io · +49 345 219401 0
> Flying Circus Internet Operations GmbH · http://flyingcircus.io
> Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland
> HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick
> 

Liebe Grüße,
Christian Theune

--
Christian Theune · ct at flyingcircus.io · +49 345 219401 0
Flying Circus Internet Operations GmbH · http://flyingcircus.io
Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland
HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20200922/1c0c72fe/attachment-0001.bin>