Feature #82905

Epic #84776: Initiative GDPR

anonymize IPs in belog

Added by Daniel Ruf almost 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Logging
Target version:
Start date:
2018-02-28
Due date:
2018-05-28
% Done:

0%

PHP Version:
Tags:
GDPR, security, logging
Complexity:
medium
Sprint Focus:

Description

It should be possible to anonymize IPs in the backend log to be GDPR compliant.

So far I did not see any option to set
xxx.xxx.xxx.0
xxx.xxx.0.0
xxx.0.0.0

or track no IP at all

Is this somehow possible with the config?


Related issues

Follows TYPO3 Core - Feature #84053: Anonymize IPs Closed 2018-02-27

History

#1 Updated by Susanne Moog almost 2 years ago

  • Category set to Logging

#2 Updated by Markus Klein almost 2 years ago

Not possible currently, but definitely something we should do.

#3 Updated by Markus Klein almost 2 years ago

Can you implement that feature?

#4 Updated by Daniel Ruf almost 2 years ago

Markus Klein wrote:

Can you implement that feature?

Do you mean me?
So far I just work on the frontend side at work so generally I do not directly know where I should / could start with this.
What can I do to help with this and what do I and others need to think about an actual implementation / solution for this?

#5 Updated by Fedir RYKHTIK almost 2 years ago

  • Tags set to GDPR, security, logging
  • Complexity set to medium

I've started a discussion about possible implementation of this feature : https://decisions.typo3.org/t/gdpr-ip-anonymization/307

#6 Updated by Susanne Moog over 1 year ago

  • Target version changed from 9.0 to 9.2

#7 Updated by Daniel Ruf over 1 year ago

When will be 9.2 available and how can we make older versions GDPR conform?
Still 2018-04-10?

#8 Updated by Georg Ringer over 1 year ago

#9 Updated by Markus Klein over 1 year ago

This shall be based on the stuff introduced by #84053

#10 Updated by Markus Klein over 1 year ago

#11 Updated by Markus Klein over 1 year ago

  • Due date set to 2018-02-28
  • Start date changed from 2017-11-02 to 2018-02-28
  • Follows Feature #84053: Anonymize IPs added

#12 Updated by Oliver Hader over 1 year ago

  • Status changed from New to Accepted
  • Priority changed from Should have to Must have

#13 Updated by Susanne Moog over 1 year ago

  • Target version changed from 9.2 to 9.3

#14 Updated by Daniel Ruf over 1 year ago

https://typo3.org/typo3-cms/roadmap/
9.3 URL Routing for Pages Estimated: 2018-06-12

So this is definitely too late to be GDPR compliant which is not great.

Which alternative solution can you recommend until this is implemented in the core?

#15 Updated by Georg Ringer over 1 year ago

I will try to come up with something if not in core then.

#16 Updated by Daniel Ruf over 1 year ago

Georg Ringer wrote:

I will try to come up with something if not in core then.

Sounds good. Let me know how we can support you.

Side note: I did not mention IPv6 but it should be clear that also IPv6 addresses have to be anonymized (last few bytes) then.

#17 Updated by Georg Ringer over 1 year ago

  • Parent task set to #84776

#18 Updated by Georg Ringer over 1 year ago

just to give you an update: It is already possible to remove syslog after given amount of time with a scheduler task. With #84781 I will build a task which anomymizes the IP after given amount of time. this uses the new API implemented with #84053

#19 Updated by Georg Ringer over 1 year ago

  • Due date changed from 2018-02-28 to 2018-05-28

#20 Updated by Georg Ringer over 1 year ago

i close this issue of duplicate of #84781. I don't think that it is useful to anonymize it my default as those date is used. with the new scheduler task it could be even set to "1 day" to anomymize after one day which would be really fine.

#21 Updated by Georg Ringer over 1 year ago

  • Status changed from Accepted to Closed

Also available in: Atom PDF