Logs Privacy Concerns

The cluster centers on debates about server logs containing PII, GDPR/CCPA compliance risks, skepticism toward no-logging claims, and challenges in verifying or trusting log policies.

➡️ Stable 0.6x Security

3,311

Comments

Years Active

Top Authors

#7042

Topic ID

Activity Over Time

2007

2008

2009

2010

2011

2012

2013

117

2014

121

2015

123

2016

126

2017

143

2018

400

2019

342

2020

276

2021

314

2022

287

2023

258

2024

231

2025

292

2026

Top Contributors

tptacek (21) tyingq (14) jacquesm (13) viraptor (13) mirimir (9)

Keywords

HAVE SERVER HOW THOSE OK CCPA E2E UI THE HN logs logging log pii data sensitive raw audit store access

Sample Comments

Fnoord • Jun 28, 2022 • View on HN

Do you save logs? If yes, there's your PII.

f1codz • Apr 27, 2022 • View on HN

What is the concern with these logs? Do they contain end user information? May be IP, anything else?

fabulist • Dec 18, 2015 • View on HN

Unless someone tampered with the logs, of course.

aiiane • Nov 30, 2020 • View on HN

+1 this seems like a GDPR/CCPA nightmare when it comes to potentially spewing user data into logs.

jimktrains2 • May 13, 2018 • View on HN

Are you also against access logs?

jtsiskin • May 29, 2021 • View on HN

Assuming you trust they aren’t saving any logs..

nudgeOrnurture • Aug 7, 2025 • View on HN

you could explain that to ChatGPT and it would agree but then again, if you HAVE TO keep the logs ...

SilasX • Jun 30, 2013 • View on HN

You can't. It's not a technical problem, because you can always log access. The problem is trusting the logger to be configured properly and to correctly report results.I pointed this out on the original HN discussion:https://news.ycombinator.com/item?id=5964763

dylan604 • Jun 16, 2025 • View on HN

what exactly would this be breaking? it's an analysis of logs, not providing access to services.

swiley • Jun 4, 2021 • View on HN

SCRAPE THE SERVER LOGS, THEY CAN'T TELL AND YOUR USERS WILL THANK YOU.