Up to Main Index Up to Journal for June, 2018
JOURNAL FOR WEDNESDAY 13TH JUNE, 2018
______________________________________________________________________________
SUBJECT: Minor updates, GDPR compliance of WolfMUD servers
DATE: Thu 14 Jun 04:07:24 BST 2018
It’s been two weeks since I unleashed WolfMUD v0.0.9 — so far, no screaming. I
always take that as a good sign. I still need to sort out the release scripts
and make files. For v0.0.9 I fixed them up so that they were ‘good enough’ to
get the release out.
Development on WolfMUD is quiet at the moment. I’m not idle, just working on
writing tests, testing and fixing bugs. As a result there probably won’t be
any new user viable features for a while — except for GDPR changes, see below.
This may be disappointing to some, however it will make WolfMUD better in the
long run.
Since the release I’ve found a bug in text.TitleFirst which could trigger a
panic. I’ve updated some comments in frontend/frontend.go which were out of
date with reality. The refactoring of the compare test helper method resulted
in the values of have and want in the error message being swapped, now fixed.
While working on tests for recordjar.Write I realised some tests were missing
from recordjar.Read — now added. Error messages for the recordjar.Read tests
have been improved.
Changes have been pushed out to the public dev branch for those interested. I
have sat on these changes for a bit as I’d hoped to get more done.
A few people have expressed concerns about WolfMUD and the GDPR. Specifically
the fact that WolfMUD records the IP address of connections in the log. The IP
addresses are anonymous, in the sense that they cannot be used to identify a
real person. When a user logs into their account they cannot be identified as
no identifiable information is recorded about the player — if I registered an
account as diddymus@wolfmud.org the email address is never recorded — only a
salted hash of it. In fact you don’t have to use an email address, “The five
boxing wizards jump quickly!” is quite acceptable. The only identifiable
information could be the player’s name used in-game — if they were to use a
very well known and unique name or their real name like ‘JohnSmith’ — note
also that in-game names do not have to be unique. The only way an IP address
could be traced back to an individual would be with the help of that person’s
internet provider, or with the cooperation of the user themselves.
The only reason for the IP addresses is to monitor for malicious activity and
cyberattacks.
Having said all that, I will be taking a break from testing to make some
changes. Firstly, I will be adding a configuration setting[1] to disable the
logging of IP addresses in the logs, for those concerned about storing IP
addresses. Secondly, I’ll be adding log rotation — so that the logs can be
removed automatically after a number of days, reducing the retention time of
any IP addresses logged. Thirdly, I’ll be changing the frontend to provide a
way of displaying a terms of service. Some of these ideas may change and
develop as the are implemented.
Though this is a lot of extra work for myself, I hope that by implementing
these measures, people will be happier running a WolfMUD server.
Please note I am not a lawyer and none of this is legal advice. If you have
any comments or ideas then please email me privately: diddymus@wolfmud.org
--
Diddymus
[1] This might possibly turn into a ‘store only the first n octets of IP
address’ setting. This seems a good idea and recommended by the drafted
updates to RFC6302:
RFC6302: Logging Recommendations for Internet-Facing Servers
https://tools.ietf.org/html/rfc6302
The draft updates can be found at this long URL:
https://tools.ietf.org/html/draft-andersdotter-intarea-update-to-rfc6302-00
Up to Main Index Up to Journal for June, 2018