Is gathering (or simply collecting) IP addresses REALLY illegal (against replit's rules)
I know other people have said yes, but I went a bit more into depth. In no way am I trying to break replit's rules, but IP logging is quite important in programming so I'm not just going to accept a simple "yes" answer.
Note that I do not know exactly who said IP logging is illegal, but I am going to assume staff said so.
Whether or not they were pointing to the terms or pointing out a new rule they made up will change the accuracy of my research in this question.
My main research article was this: https://iapp.org/news/a/are-ip-addresses-personal-information-under-ccpa/
So, after reading the entire terms of service (yeah, it wasn't too boring though), I realize that there is nothing that explicitly says "you cannot log IP addresses". The closest I came up with was in section 5 (I think) under 13 where it says "you cannot collect and/or harvest any personally identifiable information". Some people state that an IP address is "personally identifiable information", but as I found out it actually depends.
Because replit is in California, IP addresses being considered "personally identifiable information" falls under the CCPA (the California Consumer Protection Act). According to the CCPA, if the IP points to a single household and/or building or something of the such then it falls under "personally identifiable information". If that's the case, then collecting IP's is like walking in a minefield. Collect an IP that points to a household and BOOM, you break the terms of service.
The real reason why I am asking this is because a lot of thing I might make could require IP tracking. I understand why they [replit] might prevent people from collecting IP's (some collectors may not take proper caution to secure this information). If the people who enforce the rule is simply pointing to the terms, then my research applies because an IP may not be personal information. If they are making the rule themself and they are a valid staff member, then because replit reserves the right to restrict service my research wouldn't apply.
Another thing I find quite bothering is that a lot of third-party services a user might use probably use IP logging in one way or another. Because technically you are held responsible for third-party services you use, then you could simply get banned for using google analytics. If that's the case then replit shouldn't even provide web hosting because not logging IP's is quite hard to follow and it's almost impossible to enforce.
Simple question though, applying to the research above, is IP logging really illegal (or against replit's rules)?
If so, I recommend a "reputation system", or a heavily enforced "watch" program that makes sure it isn't used maliciously but makes IP collection legal.
I would prefer a response from a higher-up authority (like amasad), but I know that the chances of that happening is pretty low.
please, this is a simple question that can be resolved with a quick read of the TOS.
Second, IP collection is a common thing that almost all big sites use. It's literally something that is vital to analytics. If you don't want tracking, don't use the internet lol
So, after reading the entire terms of service
I read it.
What kind of
fool person would argue or ask about what they can/can't use on a service without reading the TOS first?
When I meant illegal I meant against the terms of service.
And yes, your second "fact" (IDK what to call it) is the reason why repl shouldn't think of banning IP logging.
@Coder100 Yea, I might ask a higher authority first.
Read what I responded to ch1cken (or however you say his/her name). It's really just to add a feature that will allow only 1 IP to use a link I'd generate.
In fact, the project wouldn't even be accessible to the public!
It's supposed to serve certain files if you have a certain URL to get in (to prevent public information leaks about myself if I was doing programming for a school assignment).
@ch1ck3n I want to create a site hosting secret projects.
You're not supposed to have access to it unless I give them a link or smthing like that, but yeah for those who are looking I'll let em know that I collect IP's (I might make a link IP-specific. AKA: it only works on one IP then becomes invalid).
@tussiez Late af, but GA truncates and/or anonymized IPs and related data before logging it. Maybe it's for legal reasons? Maybe it's because knowing the exact IPs is usless? I don't work for Google, so I don't know.
From my interpretation, it is legal to temporarily use a client's IP, e.g.: if you were you show the user their own IP, or use it until a web page was closed, this should be legal, but once you write it into a text file on a server or something of the sort, then all bets are off.
@Baconman321 Anyone who uses VPN or TOR (such as myself), regularly has their IP swapped, so wouldn't this render your service usless, and cause it to accumulate garbage IP data?
Maybe an auth system would be better? It would be more likely to maintain a 1:1 ratio of real computers to accounts.