Ask coding questions

← Back to all posts
Is gathering (or simply collecting) IP addresses REALLY illegal (against replit's rules)
h
Baconman321 (1060)

I know other people have said yes, but I went a bit more into depth. In no way am I trying to break replit's rules, but IP logging is quite important in programming so I'm not just going to accept a simple "yes" answer.

Note that I do not know exactly who said IP logging is illegal, but I am going to assume staff said so.

Whether or not they were pointing to the terms or pointing out a new rule they made up will change the accuracy of my research in this question.

My main research article was this: https://iapp.org/news/a/are-ip-addresses-personal-information-under-ccpa/

So, after reading the entire terms of service (yeah, it wasn't too boring though), I realize that there is nothing that explicitly says "you cannot log IP addresses". The closest I came up with was in section 5 (I think) under 13 where it says "you cannot collect and/or harvest any personally identifiable information". Some people state that an IP address is "personally identifiable information", but as I found out it actually depends.

Because replit is in California, IP addresses being considered "personally identifiable information" falls under the CCPA (the California Consumer Protection Act). According to the CCPA, if the IP points to a single household and/or building or something of the such then it falls under "personally identifiable information". If that's the case, then collecting IP's is like walking in a minefield. Collect an IP that points to a household and BOOM, you break the terms of service.

The real reason why I am asking this is because a lot of thing I might make could require IP tracking. I understand why they [replit] might prevent people from collecting IP's (some collectors may not take proper caution to secure this information). If the people who enforce the rule is simply pointing to the terms, then my research applies because an IP may not be personal information. If they are making the rule themself and they are a valid staff member, then because replit reserves the right to restrict service my research wouldn't apply.

Another thing I find quite bothering is that a lot of third-party services a user might use probably use IP logging in one way or another. Because technically you are held responsible for third-party services you use, then you could simply get banned for using google analytics. If that's the case then replit shouldn't even provide web hosting because not logging IP's is quite hard to follow and it's almost impossible to enforce.

Simple question though, applying to the research above, is IP logging really illegal (or against replit's rules)?

If so, I recommend a "reputation system", or a heavily enforced "watch" program that makes sure it isn't used maliciously but makes IP collection legal.

I would prefer a response from a higher-up authority (like amasad), but I know that the chances of that happening is pretty low.

Comments
hotnewtop
Coder100 (17045)

ahem
https://replit.com/site/terms

please, this is a simple question that can be resolved with a quick read of the TOS.

Second, IP collection is a common thing that almost all big sites use. It's literally something that is vital to analytics. If you don't want tracking, don't use the internet lol

Baconman321 (1060)

@Coder100

So, after reading the entire terms of service

I read it.

What kind of fool person would argue or ask about what they can/can't use on a service without reading the TOS first?

When I meant illegal I meant against the terms of service.

And yes, your second "fact" (IDK what to call it) is the reason why repl shouldn't think of banning IP logging.

Coder100 (17045)

well, from past mod actions, you should not be performing any IP logging of any sort. It is 'harmful to minors' imo

anyways a project of that size should not be hosted on replit

this is not legal advice

@Baconman321

Coder100 (17045)

but because of such fine lines on the TOS, maybe you could? Just never post it on repltalk because that would be 'harmful to minors' from how I interpret it @Baconman321

Baconman321 (1060)

@Coder100 Yea, I might ask a higher authority first.

Read what I responded to ch1cken (or however you say his/her name). It's really just to add a feature that will allow only 1 IP to use a link I'd generate.

In fact, the project wouldn't even be accessible to the public!

It's supposed to serve certain files if you have a certain URL to get in (to prevent public information leaks about myself if I was doing programming for a school assignment).

Baconman321 (1060)

@Coder100 Yea. Uhm, I posted another comment before this comment check that out about what I have to say.

Coder100 (17045)

tbh just don't host this project on replit until u get a reply @Baconman321

Baconman321 (1060)

@Coder100 I'm thinking about making it, I haven't made it yet.

Baconman321 (1060)

@Coder100 LOL mah school blocks *vpn* so when I clicked original reply it was blocked (cuz "vpn" was in the address :/)

ch1ck3n (1622)

If a user agrees the terms of your site then yes (I think)

Baconman321 (1060)

@ch1ck3n I want to create a site hosting secret projects.

You're not supposed to have access to it unless I give them a link or smthing like that, but yeah for those who are looking I'll let em know that I collect IP's (I might make a link IP-specific. AKA: it only works on one IP then becomes invalid).

I hope that what you said is true because I most of the time already alert people that I use cookies/local storage or smthing of the sort.

tussiez (1518)

Haha, Google Analytics does this everywhere. This is why I have an adblocker.

tussiez (1518)

@tussiez Google is in Calif lol

Baconman321 (1060)

@tussiez Yes, but still. If IP logging is illegal then using google analytics is illegal too because terms also apply to third party services you are using.

tussiez (1518)

@Baconman321 Well, GA is everywhere. Don't see any lawsuits..
Also, why do you need to collect IPs?

xxpertHacker (860)

@tussiez Late af, but GA truncates and/or anonymized IPs and related data before logging it. Maybe it's for legal reasons? Maybe it's because knowing the exact IPs is usless? I don't work for Google, so I don't know.

From my interpretation, it is legal to temporarily use a client's IP, e.g.: if you were you show the user their own IP, or use it until a web page was closed, this should be legal, but once you write it into a text file on a server or something of the sort, then all bets are off.

@Baconman321 Anyone who uses VPN or TOR (such as myself), regularly has their IP swapped, so wouldn't this render your service usless, and cause it to accumulate garbage IP data?

Maybe an auth system would be better? It would be more likely to maintain a 1:1 ratio of real computers to accounts.

Baconman321 (1060)

@xxpertHacker True, VPNS (and TOR) render IP'S useless, but my IP logging would be for personal reasons (only access from one IP). Sure, my IP may change, but the idea I had in my head for this wasn't more than an idea.