:pdx_elk: on Nostr: I was just going to post this locals only on my instance (we run hometown and usually ...
I was just going to post this locals only on my instance (we run hometown and usually deal with this stuff purely internally), but I think this could be interesting/useful to others.
The kolektiva breach has had me researching options on mitigating risks of IP leaks. Currently we store the IP address for one day, but that IP address does live on in our encrypted backups for 7 days.
I looked at removing IP logging all together, and we could do that, but it will break rate limiting either locking us our of the site or allowing malicious people to DoS our endpoints more easily.
So, I propose two things:
* wiping all IP data just before the DB is dumped for a backup. There is little need to store the IPs in the backups at all
* Use Tor if you can. Tusky works great with Orbot on Android and then your IP won't ever show up in the DB at all
Locals, lets discuss if we want to adopt these changes locals_only.
Others, I hope it helps someone.
The kolektiva breach has had me researching options on mitigating risks of IP leaks. Currently we store the IP address for one day, but that IP address does live on in our encrypted backups for 7 days.
I looked at removing IP logging all together, and we could do that, but it will break rate limiting either locking us our of the site or allowing malicious people to DoS our endpoints more easily.
So, I propose two things:
* wiping all IP data just before the DB is dumped for a backup. There is little need to store the IPs in the backups at all
* Use Tor if you can. Tusky works great with Orbot on Android and then your IP won't ever show up in the DB at all
Locals, lets discuss if we want to adopt these changes locals_only.
Others, I hope it helps someone.