I’ve wanted a badge that shows the instance uptime and couldn’t find any, so I created one. It’s available at https://uptime.lemmings.world/{your-domain}.svg and gets its data from fediverse.observer.

Examples:

The documentation is available at https://uptime.lemmings.world. Feel free to use it for your instance if you wish to.

  • Rikudou_Sage
    cake
    OPA
    link
    English
    29 months ago

    Well, if you mean shields.io, they don’t have access to your IP if you use the .svg endpoint of uptime.lemmings.world, they only have IP of the server. If you mean my service, well, I don’t even log the IP address.

    This is literally everything that’s in the logs in case of a successful response:

    Logs showing only some system information and nothing about the requester at all

    Also, IP address on its own is not GDPR protected, it’s only GDPR protected when it’s identifiable. So even if I had your IP in my logs, I wouldn’t have to let you know, because I have no other personally identifiable information.

    Source: I was part of the process of implementing GDPR for an app whose whole purpose is pretty much managing personal data.

    • poVoq
      link
      fedilink
      29 months ago

      Hmm, I don’t think what you said it true from the perspective of an Lemmy instance provider that embeds these functionally tracking pixels. What or what not you do with the logged IPs doesn’t really matter for the purpose of GDPR compliance of the Lemmy server operator.

      • Rikudou_Sage
        cake
        OPA
        link
        English
        39 months ago

        Well, feel free to read GDPR yourself, I did multiple times, as did my colleagues as did our lawyers. If some piece of information cannot be tied to an individual, it’s not a personally identifiable information (PII). Let’s say your name is Matthew. If I have Matthew stored in my database, I don’t have to ask for your permission. If my database has the information that @poVoq@slrpnk.net has a first name “Matthew”, it’s a PII and I have to ask for your consent (or have a valid business reason to require your first name).

        From the perspective of a Lemmy instance provider, they’re indeed responsible for their user’s PII. But in any case, I would only receive the IP address of someone, which I couldn’t tie to any other PII and thus it’s not a PII in itself.

        If you disagree, all I can say is that you should read GPDR yourself, because I’m quite sure that I’m correct, because we’ve spent quite a lot of money and time on this exact issue a few years ago.

        • poVoq
          link
          fedilink
          19 months ago

          An IP can nearly always be tied to an individual, as it is linked to a physical location. IANAL, maybe you are right in regards to the GDPR, but from a privacy perspective it is still a really bad idea to embed this kind of potential tracking into your website with no way for users to opt out.

          • Rikudou_Sage
            cake
            OPA
            link
            English
            29 months ago

            Feels like a moot point, especially here on Lemmy (or Fediverse in general), where almost everything you send is automatically sent to hundreds of other servers. But, well, I promise I don’t care about your IP and don’t store it even in system logs. Would it calm you a bit if I included a privacy policy?

            • poVoq
              link
              fedilink
              1
              edit-2
              9 months ago

              The data send to other servers via Federation is not critical private information like an IP address, however you are right that due to the way Lemmy loads images from other instances, IP addresses are currently leaked to other servers. But I hope that will be improved with a better image proxy in the next version (Lemmy 0.19.x in combination with Pictrs 0.5.x).

              It’s nice that you promise to not abuse this and I trust that you are not lying about it, but this is a general problem and I don’t think services like this should be used as your instance’s users are usually not aware of the implications.