I found the story of Hive (the social network) fascinating in that it was basically that idea of someone jumping in, learning the ropes, building a platform. And getting crushed under how much knowledge and effort, ultimately money, is needed to run a decent platform.
Their team was truely incompetent, but looking under the surface they were really a group of a few amateurs trying to do something, and it's only after the backlash that they realized a whole team of well experienced engineers is needed for anything touching user info.
I'd imagine trying to run a raw phpBB on the web today would be in the same vein ?
Also under GDPR IP address retention can fall under that in your logs depending on how you manage the info, same way analytics would need attention.
It should really be more simple, and I wish we'd have more people just building small sites here and there without having to care much about these details.
If you require logins you don't need to store the IP address for preventing abuse. The user gives you the identifier on login. The IP is a quite bad id anyways since it changes alot.
Yes, that feels simple enough, and would work for a small at home BBS.
It gets messy when you have a number of users and need to know why a specific user is sending you 150 requests per min for 3 hours: you'll insta ban that user, but still need to understand what happened. Did they get their login info leak and the whole internet is having a field day with it ? Is it an issue with your system and their browser is stuck in a weird loop ? Are you session management backend going bust and they're actually all different logged users ?
You'll only know if you have the IP, parts of the headers and some more debugging info, and activating the debug after the fact is often not good enough.
For regular forums, you need the IP address for helping to protect against SPAM and making sure banned users stay banned. Analytics can help see if you're having issues with the server, or if someone is putting unnecessary load (client-side analytics staying flat, but server-side rapidly increasing, or similar).
Or you can just rely on manually approving all of the new accounts. It's not like you need to cater to the bunch of new users that have an inmediate need to post _today_ and just cannot wait 1 week for a mod to approve their initial posts.
Collecting IP address will not reduce the need for manual moderation, nor even reduce bot spam...
(I do admin a topic-specialized technical web forum which has been running for over 20 years, which doesn't even need to ask for cookie consent.. but of course, has never been legally tested, so YMMV)
You have a problem user, named Aragorn. You ban him. Two months later, he makes a new account named Estel. How do you associate his new account with his old account, so you know not to approve it? I've done moderating of an phpBB forum and having the IP address and being able to see who else was posting from that IP address was helpful (because you can look at the writing style and decide they're doing ban evasion).
First, for at least this past decade, I have found it impossible that the same user will keep the same IP address for over two months. Storing the IP address _does not help at all_.
Second, the new user is subject to approval and all his messages are moderated until a couple of posts. If he starts posting decent material, why would you care he was banned 2 months ago -- are you really that punitative?
And if he just posts decent, insightful material for his 5 messages, gets approved and then descends back immediately into trolling, well, at least it's been a couple of months and then the couple of weeks he was under moderation of total silence, plus you have gained whatever contributions he made under moderation. I am yet to see a troll that will repeat this process (which requires insightful contributions in-between each iteration of trolling) for more than a year. That's way less moderating effort that it takes to handle new users at all...
IP is still a super valuable info, even as it changes every so often.
You'll see strangely repetitive user coming from different AWS's IP blocks. User showing constant sessions from 5 or 6 IP blocks that seem to belong to different countries. Or users having a pretty consitent IP but asks for help right after a new login happened on a different IP.
It can be replaced with other info, but it's still a simple and pretty powerful bit to know about your users.
I've heard about them when it was discovered they screwed their S3 permissions, but otherwise there was a small interview (way after the incidents) with the founder that covered a lot of what/why/how they were doing:
Some forums just got better, IMHO, just from maybe having richer contributions and distilled but still healthy communities with good moderation. Fewer drive-bys, less low quality content. I mean, I consider HN to be more forum than social media and a similar effect can be seen here - kind of a refuge due to relative obscurity and good moderation. That exists in other interest domains as well, with perhaps even more value from smaller and more focused participants.
But then, how can one argue for a git reset hard, if it seems that people are willingly preferring places where everyone is over the places where only someone is?
I have tried to at various points in the past. What usually happens is that spammers will come and post crap, and those will be 90-99% of all the posts.
What's stopping anyone today to have a community around a forum? phpBB still exists...