| ▲ | pred_ 2 days ago | |
> Avoid Cloudflare. They log traffic. That sounds like a GDPR violation if the logs include PII like IPs and if it's not opt-in. Is that really the case? | ||
| ▲ | traceroute66 2 days ago | parent [-] | |
> That sounds like a GDPR violation if the logs include PII like IPs and if it's not opt-in. Is that really the case? Cloudflare retain what they call "limited transaction and debug log data" for 25 hours. Cloudflare state that IPs are truncated and the truncated IPs are deleted after 25 hours BUT for "randomly sampled network packets" they will retain the full IP for "network troubleshooting purposes". Even so, as we know, a truncated IP can still be used to track and trace people ... Compare and contrast to Quad9 who explicitly consider IP addresses as GDPR PII ("Quad9 regards Internet Protocol ("IP") addresses associated with its users to be Personally Identifiable Information ("PII")") Quad9 states IPs are only ever in RAM "for the few microseconds to milliseconds necessary to service the user's query" They also state "Quad9 does not collect or record IP addresses, nor does it collect or hold any proxy for or representation of IP addresses, nor does it collect or hold any other unique identifier of individuals in lieu of IP addresses." Which is why I said Quad9 have a much better privacy policy. | ||