[Koha] [discussion] Privacy issue (bug 3280)

[MJ Ray]

Ian Walls <koha.sekjal at gmail.com>
> IP address is not sufficiently rigourous to identify and individual or even
> a location (TOR network and all that).  It's routinely mis-used as such an
> identifier.  I don't see any benefit to adding it to Koha's outgoing
> emails, since it cannot be relied upon, and it could put people at risk of
> ill-advised legal sanction.
> 
> If there is a strong use case for it, it would need to go behind a syspref,
> with the default value set to "disable".  But personally I don't think it's
> worth including.

I don't either.  IP addresses are usually registered to a person
(including legal persons like companies) and/or a place (which is
inexact because one of my Norfolk IP addresses is incorrectly thought
to be in Somerset, while another is somewhere in Yorkshire...), so
they're roughly like phone numbers.

The Koha user_id is more identifying and more likely to be owned by
the person triggering the email.  Having Koha send out an IP address
in a cleartext email seems like a possible breach of privacy law in
some situations, handing over what might be someone else's phone
numbers... sorry, IP address numbers.

The argument that people need to be able to tell IP addresses to
terrorist lawmakers seems unrelated: that information can be logged on
the server if wanted.  The email recipient and intermediate handlers
do not need to know the requestor's IP address under the terror laws
I've seen, only where they got it from.

So, no IP address, but if you think you must, syspref default disabled.

Regards,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/