Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ybceo 2 days ago

I disagree. Like I said earlier :

Web server logs were not tied to user credentials in any way, they were used for debugging purposes and could not have been used to identify users.

pear01 2 days ago | parent | next [-]

You disagree and yet you agreed 100% and made the change. I thought the point the preceding parent comment is making is that you should have thought of that beforehand. Yet you seemed to already come to a judgement about it yet then quickly agreed to reverse yourself.

Sounds like a clear "lack of a depth of understanding" to me.

a day ago | parent [-]
[deleted]
procaryote 2 days ago | parent | prev | next [-]

From your faq: "We maintain zero logs of your activities. We don't track IP addresses, …"

Front page says "zero logs"

Some logs, including specifically datapoints you have promised not to log, but you mean well (?) is pretty different from zero logs

ffsm8 2 days ago | parent [-]

Fwiw, zero logs in that context is usually in the relation to requests through the VPN, whereas this discussion is about requests on their homepage? Or did I misunderstand something here?

organsnyder 2 days ago | parent | prev | next [-]

I have a static IP address; and most connections tend to have long-lived leases anyways. It can easily be used to identify me, even if you don't explicitly tie it to my account.

drink_machine 2 days ago | parent | prev [-]

[flagged]

ybceo 2 days ago | parent [-]

I went ahead and took action on the criticism as soon as I saw the parent comment. All apache access logs are piped to /dev/null now.

I'm not here to debate, the reason I posted here is to hear what people thought and see how I could improve my platform based on the criticism.

basedrum 2 days ago | parent | next [-]

Look into the Apache module called mod-remove-IP, it's old and hasn't had any changes for years, but it works much better than just disabling in the logs because it will also persist those removals throughout any frameworks. Also with Apache you cannot as easily destroy your error logs which sometimes have IPS in them. Consider nginx as an alternative

reactordev 2 days ago | parent [-]

Consider Caddy as an alternative. Nginx is no better. Both Apache httpd and nginx are old and don’t support newer protocols like HTTP/3. Maybe I’m wrong.

Another issue is with Apache httpd’s routing. Removing the IP messes up routing sometimes when using mod_rewrite.

yareally a day ago | parent [-]

Sure they do:

https://nginx.org/en/docs/quic.html

https://apisix.apache.org/docs/apisix/http3/

reactordev a day ago | parent [-]

well damn... old dog new tricks. Maybe it's my distro that's old.

navigate8310 2 days ago | parent | prev [-]

I appreciate your opinion on anonymity, but, it's nothing more than, "trust me bro". And being a US company that further tingles the spidy sense.

joemazerino 2 days ago | parent [-]

The US isn't the sole transgressor against privacy. EU has made that pretty clear in the last month.

sallveburrpi 2 days ago | parent [-]

What happened in the last month? Genuine question

joemazerino 14 hours ago | parent [-]

Look up Chat Control.

sallveburrpi 14 hours ago | parent [-]

Chat Control was first proposed in 2022 and is still in parliament. Some try to push it through again and again but it gets blocked. I don’t see why it should be different this time and so far nothing has actually changed for EU citizens.