Is it ethical or even legal to track user data/metrics using IP [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Software Engineering Stack Exchange.

Closed 6 years ago.

Improve this question

This one is a bit tough. It is publicly available information, is it not? But it's can also be used maliciously. So is it legal/ethical to store and/or gather information on users based on IP? It's mostly for curiosity, but it would also be important for marketing purposes, and maybe something to anonymously post on the homepage.

One use for this is detecting attacks and, for some products, limiting your release to one part of the world. I can see no real downsides from a business point of view, but I can also see how it would make users feel uncomfortable, and may actually be illegal.

Right now, I'm simply storing the user-agent and ip strings in a slightly randomized line-break format, so if a vulnerability is found by a web bot, there's less of a chance for ips to be properly scraped. But I'd like to eventually compile a map of users, and put a little dot where each user logged in. It would be a world-wide map, so the fine details would not be disclosed. But for some reason, I feel like I'm guilty of something or will get into trouble for collecting this data.

On the legal side of things, I've noticed articles similar to this: http://www.adexchanger.com/the-debate/why-ip-tracking-is-a-bad-idea/, and I've read about companies like Google and Facebook getting into hot water with users for collecting data.

I am in the United States, and the server will most likely operate somewhere in the US, but I have the impression that the per-country laws pertained to the client visiting.

Answer 1

You asked two very different questions.

Is tracking user metrics by IP legal?

I'm about 98% sure that keeping your log of HTTP requests and extracting the IP address of each session, and then building a geographic distribution of where your users are based on said IP address is perfectly legal everywhere in the globe.

But asking "is this thing that I'm doing legal" is asking for legal advice, and you shouldn't get legal advice from strangers on the internet. As far as I know you could be under a court order making it a misdemeanor or felony for you to even use a website. If you want legal advice, find a lawyer.

Is tracking user metrics by IP ethical?

Yes. Absolutely, emphatically yes. People complain about some of the tracking that Google and Facebook do, but that's the explicit contract those same users make when they use those websites.

The only possible requirement you might have is to honor "do not track" settings in web browsers, and to take some reasonable effort to both secure individually identifiable records and dispose of them once you no longer have a need.

(In the early days of the web, EVERY http request was tracked and logged. Most still are by default, although most admins have the logs set to delete very quickly so they don't have to deal with subpoenas from law enforcement.)