It's official, I'm dumb.

Because I believe in transparency, When I do something wrong, I will admit it, and today I want to admit that I did something unintentional and wrong.

Around 3 months ago, I was happy to announce that I finally achieved no IP logging in my nginx access logs. I took the code online and tested it and I thought those IPs were not real (did not look them up to validate it) and today I was checking the logs and found the IPs, so I said hey, let's validate it and I noted my IP then went to access log to search it, and it was in there. So technically I spent the last months lying about no IP logging. I did not mean to, as I said it was not intentional, but it happened. So I know you now might not trust me, I understand that. But I chose to admit it instead of fixing it in the shadows, so right now I'm working on solving it

But on the good side, the 24 hours log policy is working, so it's the IP part only.

UPDATE: Ok, I closed both access_log and error_log, so no IPs, URLs or user agents collected at all. Will this be my new privacy policy? Or maybe anonymizing IP is enough? I will see if I can live without logs at all, then I will close it all together.

UPDATE OF THE UPDATE: Okay, fuck it, no logs at all. For whatever reason, I can't modify the format of logging in nginx, and people on Reddit did not respond to my help post (over a day now) so I set both access_log and error_log to off. And even in docker itself. However, I may re-enable logging back in case of errors.

#news #thoughts


Like my work?, support me: https://donate.esmailelbob.xyz