I disagree. Like I said earlier :
Web server logs were not tied to user credentials in any way, they were used for debugging purposes and could not have been used to identify users.
I disagree. Like I said earlier :
Web server logs were not tied to user credentials in any way, they were used for debugging purposes and could not have been used to identify users.
You disagree and yet you agreed 100% and made the change. I thought the point the preceding parent comment is making is that you should have thought of that beforehand. Yet you seemed to already come to a judgement about it yet then quickly agreed to reverse yourself.
Sounds like a clear "lack of a depth of understanding" to me.
From your faq: "We maintain zero logs of your activities. We don't track IP addresses, …"
Front page says "zero logs"
Some logs, including specifically datapoints you have promised not to log, but you mean well (?) is pretty different from zero logs
Fwiw, zero logs in that context is usually in the relation to requests through the VPN, whereas this discussion is about requests on their homepage? Or did I misunderstand something here?
I have a static IP address; and most connections tend to have long-lived leases anyways. It can easily be used to identify me, even if you don't explicitly tie it to my account.
[flagged]
I went ahead and took action on the criticism as soon as I saw the parent comment. All apache access logs are piped to /dev/null now.
I'm not here to debate, the reason I posted here is to hear what people thought and see how I could improve my platform based on the criticism.
Look into the Apache module called mod-remove-IP, it's old and hasn't had any changes for years, but it works much better than just disabling in the logs because it will also persist those removals throughout any frameworks. Also with Apache you cannot as easily destroy your error logs which sometimes have IPS in them. Consider nginx as an alternative
Consider Caddy as an alternative. Nginx is no better. Both Apache httpd and nginx are old and don’t support newer protocols like HTTP/3. Maybe I’m wrong.
Another issue is with Apache httpd’s routing. Removing the IP messes up routing sometimes when using mod_rewrite.
Sure they do:
https://nginx.org/en/docs/quic.html
https://apisix.apache.org/docs/apisix/http3/
well damn... old dog new tricks. Maybe it's my distro that's old.
I appreciate your opinion on anonymity, but, it's nothing more than, "trust me bro". And being a US company that further tingles the spidy sense.
The US isn't the sole transgressor against privacy. EU has made that pretty clear in the last month.
What happened in the last month? Genuine question
Look up Chat Control.
Chat Control was first proposed in 2022 and is still in parliament. Some try to push it through again and again but it gets blocked. I don’t see why it should be different this time and so far nothing has actually changed for EU citizens.