Thanks @Juan-G -- I wanted to say as such to @frgilb but could not find the appropriate clauses
Here are some additional clauses (thanks @Jay-Moonah for looking into this earlier this week):
“Processing shall be lawful only if and to the extent that at least one of the following applies: […] (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
-- Article 6, Paragraph 1, Point F
“The processing of personal data to the extent strictly necessary and proportionate for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data, and the security of the related services offered by, or accessible via, those networks and systems, […] by providers of electronic communications networks and services and by providers of security technologies and services, constitutes a legitimate interest of the data controller concerned. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems.”
-- Recital 49 (excerpt)
That said, where IP address is used in a fashion that isn't exposed to anyone of significance (regular users or admins), then I see no reason to utilise the IP, keep it for any lengthy period of time, or at least secure it properly.
To that end, please see gh#6539 (attached) to see how I've addressed the first point.
I would argue that the storage of IP addresses per user (via User.logIP()) is required in order to prevent unauthorized access or cyber-attacks, although I use that term fairly loosely. I've identified the following use cases:
Admin approval for registration (if an IP is already associated with a uid) -- useful for combating sockpuppetry
Get similar uids during admin approval stage -- again, sockpuppetry-mitigation
Search by IP -- used by moderators to find existing sockpuppets.
With GDPR consent required for all users, this is no longer an issue as they would be consenting to their storage of IP addresses for this purpose, and we do delete on user deletion, so this satisfies the "Right to be Forgotten".
julianlam created this issue in NodeBB/NodeBB
Do not explicitly save IP address in ip:recent
@julian said in How to be noticed of new posts by email?:
"following/watching" settings in the category
Thanks for the reply.
I had misunderstanding how this plugin works, now I got it.
It works now
Just for other users if they see this topic in the future: You should go to each Category you created before or create after that, click on Subscribe green button and the plugin should work for you like me.
For example in my website I have 3 categories called Q/A, Free Discussion and Announcements. I should subscribe in all these three and then just wait for another user to create topic.
Your email sending should work of course.
Again thanks @julian for helping me.