Project

General

Profile

Actions

Feature #82905

closed

Epic #84776: Initiative GDPR

anonymize IPs in belog

Added by Daniel Ruf over 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Logging
Target version:
Start date:
2018-02-28
Due date:
2018-05-28
% Done:

0%

Estimated time:
PHP Version:
Tags:
GDPR, security, logging
Complexity:
medium
Sprint Focus:

Description

It should be possible to anonymize IPs in the backend log to be GDPR compliant.

So far I did not see any option to set
xxx.xxx.xxx.0
xxx.xxx.0.0
xxx.0.0.0

or track no IP at all

Is this somehow possible with the config?


Related issues 1 (0 open1 closed)

Follows TYPO3 Core - Feature #84053: Anonymize IPsClosedGeorg Ringer2018-02-27

Actions
Actions #1

Updated by Susanne Moog over 6 years ago

  • Category set to Logging
Actions #2

Updated by Markus Klein over 6 years ago

Not possible currently, but definitely something we should do.

Actions #3

Updated by Markus Klein over 6 years ago

Can you implement that feature?

Actions #4

Updated by Daniel Ruf over 6 years ago

Markus Klein wrote:

Can you implement that feature?

Do you mean me?
So far I just work on the frontend side at work so generally I do not directly know where I should / could start with this.
What can I do to help with this and what do I and others need to think about an actual implementation / solution for this?

Actions #5

Updated by Fedir RYKHTIK over 6 years ago

  • Tags set to GDPR, security, logging
  • Complexity set to medium

I've started a discussion about possible implementation of this feature : https://decisions.typo3.org/t/gdpr-ip-anonymization/307

Actions #6

Updated by Susanne Moog about 6 years ago

  • Target version changed from 9.0 to 9.2
Actions #7

Updated by Daniel Ruf about 6 years ago

When will be 9.2 available and how can we make older versions GDPR conform?
Still 2018-04-10?

Actions #8

Updated by Georg Ringer about 6 years ago

Actions #9

Updated by Markus Klein about 6 years ago

This shall be based on the stuff introduced by #84053

Actions #10

Updated by Markus Klein about 6 years ago

Actions #11

Updated by Markus Klein about 6 years ago

  • Due date set to 2018-02-28
  • Start date changed from 2017-11-02 to 2018-02-28
  • Follows Feature #84053: Anonymize IPs added
Actions #12

Updated by Oliver Hader about 6 years ago

  • Status changed from New to Accepted
  • Priority changed from Should have to Must have
Actions #13

Updated by Susanne Moog about 6 years ago

  • Target version changed from 9.2 to 9.3
Actions #14

Updated by Daniel Ruf about 6 years ago

https://typo3.org/typo3-cms/roadmap/
9.3 URL Routing for Pages Estimated: 2018-06-12

So this is definitely too late to be GDPR compliant which is not great.

Which alternative solution can you recommend until this is implemented in the core?

Actions #15

Updated by Georg Ringer about 6 years ago

I will try to come up with something if not in core then.

Actions #16

Updated by Daniel Ruf about 6 years ago

Georg Ringer wrote:

I will try to come up with something if not in core then.

Sounds good. Let me know how we can support you.

Side note: I did not mention IPv6 but it should be clear that also IPv6 addresses have to be anonymized (last few bytes) then.

Actions #17

Updated by Georg Ringer almost 6 years ago

  • Parent task set to #84776
Actions #18

Updated by Georg Ringer almost 6 years ago

just to give you an update: It is already possible to remove syslog after given amount of time with a scheduler task. With #84781 I will build a task which anomymizes the IP after given amount of time. this uses the new API implemented with #84053

Actions #19

Updated by Georg Ringer almost 6 years ago

  • Due date changed from 2018-02-28 to 2018-05-28
Actions #20

Updated by Georg Ringer almost 6 years ago

i close this issue of duplicate of #84781. I don't think that it is useful to anonymize it my default as those date is used. with the new scheduler task it could be even set to "1 day" to anomymize after one day which would be really fine.

Actions #21

Updated by Georg Ringer almost 6 years ago

  • Status changed from Accepted to Closed
Actions

Also available in: Atom PDF