Imagine an online, public service, that allows you to communicate with others (for example a simple chat, game, whatever ).
The users connect to each others via p2p. Based on this, you can easily get the ip address of any user directly connected to you. P2p is used to reduce server load, but information is still verified (for example using RACS), so let's assume the data is always safe.

(please remember, this is just a imagined Szenario)

Now the question: AFAIK, the IP address is a sensitive information. Would p2p in this scenario still be 'legal' in the EU given the latest changes in the laws?

  • 2

    - You agree that your ip address will be sent to other users of this product during p2p communication
    - you agree to connect to other users' devices directly, without our servers proxying or masking your connection or any related data
    - .....

    I think that'd do it. Although I'm no lawyer
  • 1
    Am I wrong or would this service disallow all users that are incapable of modifying their NAT?
  • 1
    @ruhe well, there is still the option of STUN/TURN servers. P2P RACS also could handle this issue using the referee.
  • 0
    @Emphiliis Wow, I never heard of STUN/TURN. That really sounds cool
  • 1
    There is nothing wrong with collecting IP addresses and forward them to other users as long as

    1) there is a legitimate reason to do so
    2) inform your users that you collect their IP, why you collect their IP and how you use their IP. Users must accept this to use your service
    2.1) Users may at any time withdraw their acceptance or request that you delete all data about them and at that time you must be able to remove their IP address from every node it has spread to.
  • 0
    @ruhe UPnP would work for most private routers.
  • 0
    I2p, anyone? It's basically the working principle of the whole network, except with added encryption and anonimity on top.
Add Comment