While I understand ur position as TC server admin. IP Addresses are not sufficient for reliable identity for those troublemakers, and could be a double edge sword for those legitimate average Joe users, here's why;
While is true raw IP are very useful, dynamic IPs do exist and are everywhere; Many users have dynamically assigned IPs by their internet providers which can change frequently in time, even just at a router reset. Thus, correlating identity based solely on IP is unreliable and rarely used or valuable outside enviroments of CRUISE servers (atleast from my point of view as a hoster). While IPs do change, they are still useful to geolocate a user, which could lead to problems like doxxing, profiling, tracking, etc.
Shared IPs do exist: NAT (Network Address Translation) and carrier-grade NAT can cause multiple users to appear as having the same IP, in households, cafes, universities, you name it.
while some VPNs can be detected, any dedicated enough users can and will bypass detection in servers, making it more unrealiable. plus, identifying VPN use doesn't imply malicious intent it may reflect legitimate privacy concerns that we are discussing now.
legal compliance about IPs are risky (GDPR/CCPA): IP addresses are personally identifiable information (PII). Under laws like the GDPR, collecting or storing these without explicit informed consent is illegal at least under EU standards, consent must be freely given, specific, informed, and unambiguous with valid legal basis (like preventing fraud, which unless we talk about TC Money, it isn't valid IMO). If these data is handled by random people that can either start a host or rent a host without acknowledging that the wrong use of this information can and will be punished, then this is highly flawed and unnecessary legal risk. If it could happen once, it will happen twice and it's a big mess once it does happen. Furthermore,
your totally valid, safety concerns to keep the servers a safe place is beyond that legal spectrum and are not valid at all.
Data Minimization Principle, privacy laws require that only the minimum data necessary for a function be collected. IP addresses rarely meet the standard unless there is a clear and proven threat, which is far from a needed function to just run a host if you're not the one hosting it in your own PC.
False positives could also misidentify a player due to shared IPs or reused hardware or just same internet provider frequenly changing IPs (e.g., in internet cafes or family-shared PCs) can wrongly flag innocent users. Which is of course irrelevant for non-cruise servers ofc.
Better alternative is rate limiting, behavior-based detection through more detailed history in player data, and server-side anti-cheat logic are far more effective and privacy-respecting than relying on raw IP info.
let me remind you legal consent requires that users are clearly told and fully understand what data is collected, why, how it's stored, who sees it, and for how long.
The idea of using raw IPs as central tools for moderation and user identity creates significant privacy, legal, and technical concerns, and gives too much power to admins/mods that could also have access to a host (myself I have many people allowed to my host). While it's understandable that server hosts want tools to fight abuse, this approach is: Legally risky.(especially in the EU, California, and other privacy-regulated regions), and hardly manageable.
It is technically flawed from the getgo as a defense against determined bad actors that could render it useless, and could be really harmful to normal day to day user trust, and unnecessary, since more privacy-respecting and effective methods could be developed and already exist and are being used in other games/platforms.
Just to clarify... are we valuing "TC Money" multi accounts, over actual privacy concerns? tracking? doxxing? profiling? c'mon, all done with the data LFS provides to anyone that can start a host. Just to make it clear, if it happened once, it would most likely happen twice and if nothing is done about it, it could happen in the background silently done by malicious hosters.
by the way, LFS is not just Cruise. And removing the possibility to see IPs as a hoster would mostlikely be irrelevant in most servers, where a ban its just enough 99% of the times. And keeping this would represent an important breach of privacy and security of normal users that don't use VPNs or don't have the technical knowledge to protect themselves online against any type of doxxing, cyber-attacks, etc. A determined bad user won't care about IP bans anyway.
sources described here:
https://gdpr.eu/eu-gdpr-personal-data/
https://gdpr-text.com/read/article-4/
https://oag.ca.gov/privacy/ccpa
https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1798.100.&lawCode=CIV
