Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

Categories

Supported by
Bestel Een wereld vol denkers door Sebastiaan Mathôt via bol.com

Personal Identifiable Information Handling for JATOS on DigitalOcean

LY88LY88
in JATOS

Hello!

I am considering installing JATOS on a DigitalOcean droplet for my experiment. I understand from your documentation that JATOS itself does not log or store participants' IP addresses unless explicitly programmed to do so. However, I would like to clarify a few points about IP address handling in this setup:

  1. If JATOS is hosted on a DigitalOcean droplet, could participants’ IP addresses be visible to or logged by DigitalOcean as part of their infrastructure operations?
  2. Does JATOS rely on or expose participant IP addresses to the hosting provider in any way during standard operation?
  3. Would you recommend any specific configuration or measures (e.g., anonymizing logs, masking IPs) to ensure participant privacy when using a DigitalOcean-hosted JATOS instance?

Thank you so much in advance! I truly appreciate any advice or guidance you can offer.

Best,

Luowei

Comments

  • krikri

    Hi Luowei!

    Let me answer your questions one by one:

    If JATOS is hosted on a DigitalOcean droplet, could participants’ IP addresses be visible to or logged by DigitalOcean as part of their infrastructure operations?

    Definitely. All network traffic goes by DigitalOcean. They will log one way or another all IP addresses of requests coming in.

    Does JATOS rely on or expose participant IP addresses to the hosting provider in any way during standard operation?

    JATOS does not expose any IP addresses willingly to the hosting provider. But, like I said before, all network traffic goes via DO already. JATOS does not have to expose anything - DO has it already. But on the positive side, if you encrypt your network traffic with JATOS (which is highly recommended) then DO does not know the content of the requests.

    Would you recommend any specific configuration or measures (e.g., anonymizing logs, masking IPs) to ensure participant privacy when using a DigitalOcean-hosted JATOS instance?

    If you care for privacy a lot I'd recommend installing JATOS on a local machine, that you can control, maybe at your institute/university. If you still want to use DO, encryption is the most important measurement. Usually HTTPS encryption is done with a proxy like Apache or Nginx (e.g. https://www.jatos.org/JATOS-with-Nginx.html). If you want to be even more secure, you can encrypt the data stored by JATOS on the host: use a MySQL database and encrypt it.

    And use JATOS version 3.9.4 - versions before have a vulnerability.

  • LY88LY88

    Thank you so much for the information! I will look into it more.

    Best,

    Luowei

Sign In or Register to comment.
Sebastiaan Mathôt » v2.0.18 » Copyright 2011 — 2019 » Vanilla flavored » License