Hello friends! How can I completely disable writing IP addresses to the database?
Today, IP storage has no benefit (many people use VPNs). However, there are legal risks associated with the processing of personal data and GDPR requirements.
I would be grateful for technical advice on how to disable the collection of IP addresses for my Ghost, which runs on a VPS server on Ubuntu.
Unfortunately, you can’t do this easily. Actually those IP addresses on database are not used anywhere in Ghost at all. We need a change on Ghost that only stores the data Ghost reads from geolocation column (which are country, country_code and region), and drop all other information.
I would like to open a PR for that, but too busy with other things. But I think the best is to bring this to GitHub repository with an issue or PR. Community forum doesn’t make it visible to Ghost team.
Related: Opt-In for IP/Geolocation Collection
I opened an issue on Github to raise this to the attention of Ghost development team:
Hopefully this will be fixed soon, either with a PR from the community or by Ghost team.
Thank you, muratcorlu.
I would like to drop ALL info with IP, including country, country_code and region. This is absolutely useless information that should not be collected automatically. This information imposes excessive obligations on the site owner to store personal data.
If any user of a site really needs to have information about his geolocation, then he can manually add this data to the settings of his personal profile. There is no need to collect this data automatically.
I don’t think knowing country of the member imposes any obligations to the site owner. And I think that level information is useful, especially in the days we are fighting with signup spam. If we drop other unnecessary information, I think it will be more than enough for now.
Knowing the country and region will not help in solving the problem of spam registrations. You wrote about it yourself in the mentioned topic. All spam comes from fake addresses. The IP address may point to Turkey, and the actual source of spam may be in the United States. And vice versa.
There are countries where there is no clear indication of which information from a user is considered personal data and which is not considered. In this case, any information that the site collects from the user (including the IP address indicating the country) is sensitive personal information and falls under the law on the protection of personal data.
So, it is better to disable automatic collection of IP addresses in the base. I think it’s technically not difficult to do this, we just need to change the code that is responsible for writing the IP address to the sql-file.
Murat has opened an issue for this on Github. I have communicated with the Ghost team, who gave the go-ahead for a PR.
However, as with all things open source…we’ll get there when we get there. I’d love to see this change as well, but need to find time to implement this. A retroactive clean-up job also comes with a ton of risks, so that will need to be carefully crafted.
You’re more than happy to take a stab at it yourself, of course.
Thank you, Jannis! I’ll be looking forward to it.