Before migrating to Lemmy, I decided to request a copy of the data Reddit has on me.

To my surprise, the export includes a file ip_logs.csv with a list of all IP addresses that I used to connect to Reddit for the last 3-4 months!! That seems quite unnecessary.

  • @[email protected]
    link
    fedilink
    English
    31 year ago

    Not 100% applicable here, but some websites use stored ip addresses as a safety measure, since a stored ip address’ location can be compared against that of the current login attempt. This way, a guy trying to steal your account from the other side of the world would be flagged and you’d be alerted via email and such.

    • @[email protected]
      link
      fedilink
      English
      21 year ago

      You’re asolutely right, IP addresses are kind of a grey area since the are needed for lot of troubleshooting and debugging.
      Nevertheless, you can always strive to reduce the stored data.
      For your application, you wouldn’t even need to store the historic IP adresses, just a rough geo-location and maybe a mobile/landline/whatever-flag and comparing the current login attempt to that. Even saves you some performance by not repeating the geo-lookups everytime.
      Implement your failed-login counter separately by account and source IP and you’ve got decent security without linking an account to an IP.