Do these medium sized file storage guys save ips of everyone who downloads a rar/zip etc file

1. Default behaviour: servers capture request metadata, including IPs

Web servers and hosting stacks typically record HTTP request metadata (client IP, user agent, URI) "out of the box," so a file download request will normally generate a log entry containing the downloader’s IP unless the operator has explicitly disabled or modified logging at the server level ^{[1] [3]}.

2. What medium-sized file-hosting products say and do in practice

Commercial file-hosting and EFSS vendors advertise comprehensive audit logs that include who accessed what, when and from which IP address—FileCloud and FileCloud-hosted services explicitly state audit trails include IP addresses and file activity, and providers like Files.com log login attempts and API events ^{[4] [5] [6]}. Hosting providers such as GoDaddy document that IP address data is captured for administration and analytics and that customers can control logging on VPS/dedicated instances ^{[2] [8]}.

3. Why operators keep these logs: administration, security, compliance and liability

Operators retain IP-level logs for operational reasons—troubleshooting, abuse investigation, DLP and security auditing—and because some enterprise and regulatory use-cases demand immutable audit trails that include IP metadata ^{[9] [4]}. Law Stack Exchange reporting also notes a commercial and legal incentive to retain logs: providers that advertise "no logs" may expose themselves to increased liability or make takedown enforcement and forensic work harder ^[1]. Some jurisdictions may impose obligations or expectations around retention even if not uniformly enforced in the U.S. ^[1].

4. Not all providers treat IPs the same: anonymization, retention policy and user controls

There are real differences: some hosts anonymize IPs at the platform level (Hetzner stores obfuscated IPs by default) or offer log rotation and disabling choices for customers ^{[7] [2]}. Enterprise-targeted EFSS solutions often give administrators explicit controls to retain, export, or lock audit logs for compliance ^{[4] [5]}. Conversely, public “share-a-file” sites built on standard web servers will typically have raw access logs tying requests to IPs until those logs are rotated or purged ^{[1] [10]}.

5. Practical answer: do they save IPs for every ZIP/RAR download?

Yes—by default most medium-sized file storage services and the hosting layers beneath them will log the IP address of a client that requests a file, so a download of a .zip/.rar normally produces an IP-bearing server log entry; whether that entry is linked to a specific file in an easily queryable audit trail, how long it is retained, and whether the IP is anonymized or exposed to admins depends on the vendor’s platform and hosting configuration ^{[1] [3] [4]}. There is no universal rule—some providers explicitly log and expose download-level or login-level IPs ^{[6] [4]}, others anonymize or give customers the option to disable/rotate logs at the hosting layer ^{[7] [2]}.

6. Bottom line for privacy and risk assessment

Assume downloads are logged unless the provider’s privacy docs, product controls, or hosting configuration clearly state otherwise; for true anonymity users must rely on technical mitigations (VPNs/proxies) and verify the provider’s retention/anonymization policies because many services preserve IPs for operational, security and compliance reasons ^{[3] [2] [7]}. If a definitive claim about a specific service is needed, the operator’s documentation or hosting provider policy should be consulted, because available reporting shows variation across vendors and hosting models ^{[4] [7]}.