[pierrelf]

> No data is collected, not even your IP address

What a refreshing footer, lovely project too, happy to see some developer adoption of BlueSky. It's been pretty boring hanging out there, still nowhere near the amount of content Mastodon has.

Hopefully projects like these will bring some attention and legitimacy to the platform

[ge96]

I was wondering about not tracking ip address. If you use a 1-way hash from ip address, that would work right regarding being able to get unique views and not know IP?

[graypegg]

According to the response headers at least, nginx is reverse-proxying to an express app. (at least it seems that way from: https://github.com/badlogic/skyview/blob/main/server.ts#L46, but maybe nginx is also configured to serve static files first as well as reverse proxy.)

Without the nginx config, you can't really know what's going on, but at least the express app isn't storing any information beyond what it needs to actually respond. The nginx log probably lists IP addresses so the footer is possibly incorrect.

Not going to be hyper pedantic though, cool stuff @badlogic!

[badlogic]

The express app is really only used during local dev. In prod, only the bot part is relevant.

The site is served statically via Nginx, with a log_format that doesn't use any PII in it. That's part of my Docker setup, which is not in the repo, so I guess people have to "trust" me (which is not ideal of course).

The whole thing runs on a Hetzner server, so while I do not log any PII, Hetzner logs at least the IP and keeps that info for a while. So I guess I lied :(

[graypegg]

Totally commendable!! You’re collecting as little as possible which is great! Nice job with the product, I’ll be using it a ton :)

[bonton89]

Isn't the ip address space so small that you can just hash the whole set and easily reverse it? Maybe some kind of salt could resolve that.

[cmeacham98]

It's still trivial to hash the full set of IPs with a salt appended.

I'd personally just collect IPs with no other details - it's not really invasive in my opinion, and saying you don't collect IPs leaves you open to being wrong when you accidentally leave the web server log enabled.

[graypegg]

There's this odd fixation lately on IP Addresses being a very private, very scary thing to see logged, and I'm not sure why.

It's obviously information somewhat linked to you and a geographic location, so de-anonymising possibly but it's also how packets are routed back to you. I don't expect web services to treat my information as public, but I do expect them to at least have an access log privately.