Rocket.chat: [Improvement] IP Anonymization in Livechat
Is your feature request related to a problem? Please describe.
The Rocket.Chat livechat stores the IP addresses of customers. But IP addresses are privacy-related data and should be handled carefully. A way to avoid special treatment of those data is to anonymize the data. Data analytics tools like Google Analytics are aware of this issue and ship special IP anonymization features.
Describe the solution you'd like
I suggest to allow IP anonymization (e.g. like https://support.google.com/analytics/answer/2763052?hl=en) for all livechats. Thereby no IP addresses are stored and Rocket.Chat providers do not have to deal with such privacy-related customer data.
Rocket.Chat admins should be able to turn anonymization on/off.
janrudolph
All 7 comments
Anyone working on this? it has a bearing on GDPR compliance.
There is zero need for the IP to be stored/displayed.
At the least there should be an 'off' switch to disable collection/storage.
reetp
on 29 Nov 2018
I've been discussing this with reetp (@ not working) in your support channel. since we're hosting RC for councils in the UK this is an urgent requirement for us, we'll need to hack some workaround in the meantime.
Not to be overly critical but I'm unsure why it is included in the first place, as I can't see why it would ever be useful in a LiveChat support context (though there may of course be valid reasons that I can't think of)
An update on the scheduled time for delivery would be much appreciated
alf-FS
on 29 Nov 2018
Hi @reetp and @alf-FS!
I'm going to take a look at this issue, I'll give you an update soon.
Thanks.
renatobecker-zz
on 29 Nov 2018
We've hacked our way around it for now by putting the following in our Dockerfile:
RUN sed -i -r -e \
's/^(\s*userData\.ip\s*=\s*).*/\1"IP address not collected";/g' \
/app/bundle/programs/server/packages/rocketchat_livechat.js
And we also have a function to wipe IP addresses from mongo:
def cleanup_data(dburl,dbname):
client = MongoClient(dburl)
visitors = client[dbname].get_collection('rocketchat_livechat_visitor')
visitors.update_many({"ip": {"$exists": True}}, {"$unset": {"ip":""}})
however if there are any other locations within mongo where IP is stored I'd be keen to know. Cheers
alf-FS
on 5 Dec 2018
Hi @alf-FS!
The IP address has been stored inside the visitors collection, only.
We're discussing internally aiming to provide a better solution for this case.
What I can say now is that it's a WIP, already.
Thanks.
renatobecker-zz
on 5 Dec 2018
Just making sure this is an optional feature. We rely on validating the IP address of incoming messages to correlate web visits with access logs and other information. It should be up to the site operator (privacy policy, terms and conditions, cookie policy, etc) to enable "anonymization" of the IP address. Removing the IP address from the live chat data does absolutely nothing if the web server has an access_log or error_log enabled.
wreiske
on 17 Jan 2019
Hi @wreiske.
Yeah, it's an optional feature as you can see below.
Thanks.
renatobecker-zz
on 17 Jan 2019
Related issues
lunitic
路
3Comments
mddvul22
路
3Comments
mattlin
路
3Comments
brendanheywood
路
3Comments
marceloschmidt
路
3Comments
Most helpful comment
Hi @reetp and @alf-FS!
I'm going to take a look at this issue, I'll give you an update soon.
Thanks.