Server: Improvement - sharing files via public link: showing remote IP

Hi, I'm GitMate.io!

It seems you've just enabled the issue triaging. I'm just scraping all issues from your repository and will give you some more information about this in a few minutes or so.

Because of the rate limit we can't scrape all information (including all comments and authors) right now - our system is already set up to scrape this in the next days over which the predictions will become more precise every day.

If you want me to use a different account for triaging your issues, simply create one and log in with it.

Sit tight!

Sit tight, have a cigar, watch TV ... those "triage" robot are so bad, slow, illogic than i wonder why people continue to use them.

Sit tight, have a cigar, watch TV ... those "triage" robot are so bad, slow, illogic than i wonder why people continue to use them.

Sorry for the stress. We are in the process of setting it up.

@nextcloud/security @nickvergessen Does it make sense to log this? I'm uncertain if this would maybe have security or privacy implications?

cc @nextcloud/sharing @schiessle

Sorry for the mess. We are in the process of setting it up.
Don't worry, just kidding, but those robot IA will never do a correct job with your repo.
There is so many foreigners like me trying to "speak" a correct English ... how could a robot asses the idea behing a badly written statements ?!!

Don't worry, just kidding, but those robot IA will never do a correct job with your repo.
There is so many foreigners like me trying to "speak" a correct English ... how could a robot asses the idea behing a badly written statements ?!!

We are trying it out and see if it help or not. Just want to give it some try. Having at least a rough categorization helps to triage the huge amount of incoming tickets being distributed across the team.

Be aware, that showing the IP means actually storing the IP and thus might conflict with the DSGVO/GDPR.

European GDPR, art 22 art 25, art 33, art 37 with concept of "Privacy by design" and " explicit and positive consent" cover the IP logging.

• Sign-in validation in two step is needed as a proof of explicit and valid consent.

Concept of "privacy by using" authorize any log if:

• data security is overseen by a DPO (Data Protection Officer) clearly identify with a direct contact.
• data deletion can be managed by user when deleting account
• In case a data breach, DPO action is pro-active and users are warned.

It's not about the user sharing the file. It's about the IP downloading the file, which will be stored and shown to other users. And thus prior to storing, you need to give the user the privacy information, depending on your reason to store, get the consent from the user, have a solution to transfer the stored data to the user and the delete the data, when requested or when then storing period is over.

Everything above (excluding the consent) should be supported by nextcloud in order to include this feature. Also this feature should be opt in.

In my mind, the logging is admin reserved.
As the server admin is, most of the time the DPO, it respect the GDPR.
The only little thing needed also is a write or rewrite of the users disclaimer.

Yeah it's request from time to time, I don't feel like doing this, but I understand that people want to know if different people downloaded, or just one.

However since GDPR I'm even more sceptical.
Anyway, duplicate of https://github.com/nextcloud/activity/issues/98

If you do want to dig out who has accessed a specific file, you certainly can without bothering nextcloud. You know nextcloud is just an app running on the webserver platform (apache2 for example) and the webserver retains file access log anyhow.
So the procedures are:
1) know the link to shared file, for example, https://your.domain.name/index.php/s/s0meRand0mHa5h5tring.
2) grep s0meRand0mHa5h5tring in /var/log/apache2/access.log