Head Topics

PyPI says bye-bye to as much IP address data as it can

Ireland News News

PyPI says bye-bye to as much IP address data as it can
Ireland Latest News,Ireland Headlines
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 70 sec. here
  • 3 min. at publisher
  • 📊 Quality Score:
  • News: 31%
  • Publisher: 61%

Subpoenaed PyPI says bye-bye to as much IP address data as it can

IP data for journal entries – an append-only transaction log – because these were only exposed to administrators.

"Other places where we currently still need IP data include rate limiting, and fallbacks until we have backfilled the IP data with hashes and geo data," said Fiedler."Our modern approach has evolved from using the IP data at display time to find the relevant geo data, to storing the geo data directly in the database."– adding an arbitrary value – and then hashing them – running the data through a one-way scrambling function that creates a value called a hash.

Fiedler explains that while hashing is supposed to be non-reversible, it still may be possible to undo IP address hashes by brute force because the known address space is so small. "By applying a salt, we require someone to possess both the salt and the hashed IP addresses to brute force the value," he said."Our salt is not stored in the database while the hashed IP addresses are, we protect against leaks revealing this information."of the IP address for requests via a custom header, along with broad GeoIP data , and is using that instead of the raw IP address.

Fiedler says the PyPI team will be weighing whether it can remove IP data from event history records after a period of time and whether the service can handle all its requests via CDN.asked Fastly whether it has received subpoenas for PyPI IP address data. We've not heard back. ®

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

Ireland Latest News, Ireland Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

US government hits PyPI with demands for data on developersUS government hits PyPI with demands for data on developersPyPI subpoenaed: US govt demands data on five developer accounts
Read more »

US government hits PyPI with demands for data on developersUS government hits PyPI with demands for data on developersPyPI subpoenaed: US govt demands data on five developer accounts
Read more »

Migration figures: Rishi Sunak denies he's lost control of rising migrationMigration figures: Rishi Sunak denies he's lost control of rising migrationThe PM says net migration is 'too high' after data shows the UK population rose by 606,000 last year.
Read more »

Don’t be fooled by Meta’s fine for data breaches, says Johnny RyanDon’t be fooled by Meta’s fine for data breaches, says Johnny RyanGDPR “was hailed as the new global standard for data protection and privacy” when it was introduced, writes johnnyryan. Yet five years on, “Europe remains unable to police big tech’s use of people’s data”
Read more »

Cadbury Flake too crumbly for 99s, moan ice cream sellersCadbury Flake too crumbly for 99s, moan ice cream sellersCadbury Flake makers' Mondelēz International say action is being taken to address the crumbly issue.
Read more »



Render Time: 2025-04-15 09:11:19