Up to Main Index Up to Journal for June, 2018 JOURNAL FOR WEDNESDAY 13TH JUNE, 2018 ______________________________________________________________________________ SUBJECT: Minor updates, GDPR compliance of WolfMUD servers DATE: Thu 14 Jun 04:07:24 BST 2018 It’s been two weeks since I unleashed WolfMUD v0.0.9 — so far, no screaming. I always take that as a good sign. I still need to sort out the release scripts and make files. For v0.0.9 I fixed them up so that they were ‘good enough’ to get the release out. Development on WolfMUD is quiet at the moment. I’m not idle, just working on writing tests, testing and fixing bugs. As a result there probably won’t be any new user viable features for a while — except for GDPR changes, see below. This may be disappointing to some, however it will make WolfMUD better in the long run. Since the release I’ve found a bug in text.TitleFirst which could trigger a panic. I’ve updated some comments in frontend/frontend.go which were out of date with reality. The refactoring of the compare test helper method resulted in the values of have and want in the error message being swapped, now fixed. While working on tests for recordjar.Write I realised some tests were missing from recordjar.Read — now added. Error messages for the recordjar.Read tests have been improved. Changes have been pushed out to the public dev branch for those interested. I have sat on these changes for a bit as I’d hoped to get more done. A few people have expressed concerns about WolfMUD and the GDPR. Specifically the fact that WolfMUD records the IP address of connections in the log. The IP addresses are anonymous, in the sense that they cannot be used to identify a real person. When a user logs into their account they cannot be identified as no identifiable information is recorded about the player — if I registered an account as diddymus@wolfmud.org the email address is never recorded — only a salted hash of it. In fact you don’t have to use an email address, “The five boxing wizards jump quickly!” is quite acceptable. The only identifiable information could be the player’s name used in-game — if they were to use a very well known and unique name or their real name like ‘JohnSmith’ — note also that in-game names do not have to be unique. The only way an IP address could be traced back to an individual would be with the help of that person’s internet provider, or with the cooperation of the user themselves. The only reason for the IP addresses is to monitor for malicious activity and cyberattacks. Having said all that, I will be taking a break from testing to make some changes. Firstly, I will be adding a configuration setting[1] to disable the logging of IP addresses in the logs, for those concerned about storing IP addresses. Secondly, I’ll be adding log rotation — so that the logs can be removed automatically after a number of days, reducing the retention time of any IP addresses logged. Thirdly, I’ll be changing the frontend to provide a way of displaying a terms of service. Some of these ideas may change and develop as the are implemented. Though this is a lot of extra work for myself, I hope that by implementing these measures, people will be happier running a WolfMUD server. Please note I am not a lawyer and none of this is legal advice. If you have any comments or ideas then please email me privately: diddymus@wolfmud.org -- Diddymus [1] This might possibly turn into a ‘store only the first n octets of IP address’ setting. This seems a good idea and recommended by the drafted updates to RFC6302: RFC6302: Logging Recommendations for Internet-Facing Servers https://tools.ietf.org/html/rfc6302 The draft updates can be found at this long URL: https://tools.ietf.org/html/draft-andersdotter-intarea-update-to-rfc6302-00 Up to Main Index Up to Journal for June, 2018