Reddit keeps your IP address for at least 4 months! - eviltoast

Before migrating to Lemmy, I decided to request a copy of the data Reddit has on me.

To my surprise, the export includes a file ip_logs.csv with a list of all IP addresses that I used to connect to Reddit for the last 3-4 months!! That seems quite unnecessary.

    • alphafalcon@feddit.de
      link
      fedilink
      English
      arrow-up
      19
      ·
      1 year ago

      Because collecting data that is not strictly necessary is almost always a bad move. IP addresses might be relatively harmless, but might link you to other activities.

      You personally might be okay with reddit knowing your IP addresses, but some people might get into trouble.

      Take the insane anti-abortion laws in some US states. If an IP address from those states accesses pro-choice subreddits, that might be enough for law enforcement to start harassing someone.

      • KluEvo@wirebase.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Not 100% applicable here, but some websites use stored ip addresses as a safety measure, since a stored ip address’ location can be compared against that of the current login attempt. This way, a guy trying to steal your account from the other side of the world would be flagged and you’d be alerted via email and such.

        • alphafalcon@feddit.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          You’re asolutely right, IP addresses are kind of a grey area since the are needed for lot of troubleshooting and debugging.
          Nevertheless, you can always strive to reduce the stored data.
          For your application, you wouldn’t even need to store the historic IP adresses, just a rough geo-location and maybe a mobile/landline/whatever-flag and comparing the current login attempt to that. Even saves you some performance by not repeating the geo-lookups everytime.
          Implement your failed-login counter separately by account and source IP and you’ve got decent security without linking an account to an IP.

    • Darkard@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      1 year ago

      What your IP address was at any given time cam be used by the people they sell this data to. They will look at a certain date at what your IP was and then pair that up with any other IP address they have from other sites. With that they can pair up this information to build a profile on you.

      They could for example take Facebooks IP data which is easily linked directly to you, and match that with your Reddit profile. Now they know which Facebook user has which Reddit account and they can track your engagement across the two. Then add in the trackers in reddits advertising and they know what ads you have seen. Then add in Amazon’s data and they know what you have bought after seeing which ads on Reddit

      It’s all part of the web of information that companies will collate and cross reference to build up detailed information on you to sell to 3rd parties