So in essence, it disallows logging IP address for any purpose, be it security, debugging, rate-limiting etc. because you can't give consent in advance for this, and no other sentence in Art. 6.1 applies.
Moreover, to reason about this, one also needs to take into account Art 6.2 which means there might be an additional 27 laws you need to find and understand.
Note, however, that recital 30 which you quoted is explicitly NOT referenced by Art. 6, at least according to this inofficial site: https://gdpr-info.eu/art-6-gdpr/
This particular case might be solved through hashing, but then there are only 4.2bn IPs so easy to try out all hashes. Or maybe it's only OK with IPv6?
I find this vague or at least hard to reconcile with technical everyday reality, and doing it well can take enormous amounts of time and money that are not spent on advancing anything of value.
That's not true. IP addresses might be processed in regards to article 6.1 c) or 6.1 f) but only for these very narrowly defined use cases and in accordance with article 5. So, purge your logs after 14/30 days and don't use the ip address for anything else and you will be fine.
There are rulings that access providers are/were allowed to save full IP addresses for up to 7 days to handle misuse of services etc. and any longer storage seems unnecessary and unlawful.
In other cases there were recommendations of up to 30 days, ideally with anonymized addresses where the last one or two triplets are automatically being removed. I've also seen 30 days as kind of the default setting for automatic log purging with shared webhosters.
Our lawyer told us that he estimates that saving full IP addresses for 14 days in logfiles would be fine in regards of preventing/tracking misuse of services or attacks against the infrastructure.
If this would ever come to court it would most probably be up to the judge to see whether this is really fine or already too much. Therefore we had to document the process and why we think 14 days is reasonable and so on.
The GDPR lacks a specific time frame and I think that's okay. There's always some "wiggle room" in European laws, it's about not misusing that room and sincerely acting in the best interest of everybody.
> So in essence, it disallows logging IP address for any purpose, be it security, debugging, rate-limiting etc. because you can't give consent in advance for this, and no other sentence in Art. 6.1 applies.
In addition to the other answers, I want to point out that recital 49 says that it is possible under legitimate interest (6(1)f).
> So in essence, it disallows logging IP address for any purpose, be it security, debugging, rate-limiting etc. because you can't give consent in advance for this, and no other sentence in Art. 6.1 applies.
No, it doesn't. Subsections b, c, and f roughly cover this. On top of that, no one is going to come at you with fines for doing regular business things as long as you don't store this data indefinitely long, sell it to third parties, or use it for tracking. As laid out in Article 1.1.
On top of that, for many businesses existing laws override GDPR. E.g. banks have to keep personal records around for many years.
Those are minor if certificates errors are not ignored.
Since the original issue is that the ssl errors are ignored, then all those https downloads are downgraded to http downloads in practice (no need to mitm to attack).
Or to say it another way, due to ignoring ssl errors, all those https urls were giving a wrong sense of security as reviewers would think them secure when they were not (due to lack of validation of ssl).
You still need to MITM the connection though. I think this is more of a risk if you live in dictatorship states, but even a rogue ISP or Wi-Fi hotspot would do. So yeah, definitely not theoretical.
Is it because Apple’s motivation is perceived to be selling protection to its hardware customers where as Google’s primary motivation is perceived to be to get a monopoly in the surveillance business?
From other comments it _sounds_ like Google's system is done as a single proxy, which is bizarre to me because it means google can see every site that is loaded which even for google seems on the nose.
Apple's service is explicitly designed to prevent this exact problem. There's a write up for it on apple's security site (possibly part of the system security doc?). There are intentionally two layers, the connection from the device -> apple's servers, and then the connection from apple's servers to Akamai or cloud flare (or some other CDN). The connection to apple's servers is encrypted to a key from the 2nd layer CDN so apple can't read it, that request is forwarded to the CDN which decrypts it makes the request, then encrypts the response to the client's key and sends that to apple, apple forwards that encrypted blob on to the originating device which can then decrypt it.
The end result is apple cannot ever see the destination or response, and the backend CDN can't see the device that made the request. That should be the design of _any_ privacy conscious proxy service (including all the questionable "privacy!" VPNs). That's kind of why I'm surprised that the claim is that Google's service is a single layer - it's so blatantly invasive.
As justinclift points out elsewhere in this discussion, the article may have misreported that:
> We are considering using 2 hops for improved privacy. A second proxy would be run by an external CDN, while Google runs the first hop. This ensures that neither proxy can see both the client IP address and the destination.
This is what I was unclear on - I couldn't tell if this was one-hop (and so tremendously invasive "privacy"), or two hops through an independent 3rd party (and so actually a privacy feature).
In that case the complaints other comments people are making are simply wrong. There isn't a privacy concern here, I think google has just burned so much trust that the _assumption_ is now that the goal is tracking.
It is not ok for Apple or Google to do this while at the same time operating an ad business.
If they feel this is in the best interest of the end user, then they should divest of either their ad business or control of the browser. Neither company is willing to do this. This IP move is anticompetitive as it consolidates even more control of the ad ecosystem in a handful of companies. Google’s response that they are placed at the same disadvantage as other third parties is not accurate. Google controls the browser and so has full control to communicate any data between the browser and their servers, bypassing the proxies.
There is only one thing that drives these companies and that is maximizing profits for the benefit of their investors. This objective is fine. However, it is disingenuous for either of these companies to hide behind the defense that they care about the privacy of end users.
If Apple cared about the privacy rights of all humans, why do they share all data belonging to their customers in China with the Chinese government. The only reason is profits. Google also shares all their customer’s data with any government that asks.
If there were a thousand companies that each had access to a tiny sliver of a consumers data, we would have a system that naturally protects end user privacy. However, with a few companies controlling the vast majority of the consumer tech landscape, we now have a system where a few for-profit companies are keepers of our data and already sell out when their profits are at stake.
I enjoy reading a lots, but I prefer dialogs over long descriptions. I don't visualize how the characters / places can looks from descriptions. Unless the writing is really clear, I may struggle if the layout of the scene is important (say a crime scene with a description of the room, its exits, ...).
I sometimes skip description of the characters physique because I know that I won't remember it a few page later, and it usually do not matter in the story anyway (and if it matters, it is usually reminded to the reader because aphantasia is not the only reason a reader may not remember how a character is dressed or looks like).
I also prefer heavy dialogue in my reading. Books that are primarily world building an be a struggle. I read a lot, averaging about 40 pages a day, every day, but I also indiscriminately put books down and move on, so it helps to keep me engaged in the habit. I have to maintain a large backlog, though, but it's never been an issue.
edit/ I'm also entertaining the idea of getting into graphic novels and seeing how I respond to them.
https://gdpr.eu/eu-gdpr-personal-data/
They are explicitly listed as example of PII.