Support » Plugin: Remove Comment IPs » Add settings for comment_IP and storage duration

  • Would be nice to have the possibility to

    • override the comment_author_IP to be used (I prefer to set the IP to 127.0.0.1)
    • perhaps even only anonymize the existing IP by deleting one or two octets
    • set the maximum storage duration of the original IP address – 60 days seems a bit too much to be really compliant with DGPR

    Right now I altered these values directly in the plugin, but that’s not really a good solution…

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Dan

    (@geekysoft)

    Right now I altered these values directly in the plugin, but that’s not really a good solution…

    I’m open to adding these as configurable parameters. However, I’d like to learn more about why you’d want to change them before making any changes. The defaults have been really carefully selected to not need changing.

    override the comment_author_IP to be used (I prefer to set the IP to 127.0.0.1)

    You risk having a plugin block access from the loopback interface that way. This could cause all sorts of problems for you.

    0 was chosen as it’s the default value in WordPress for an unspecified IP address, it resolves to 0.0.0.0 in most of PHP’s functions for handling IP addresses, and it’s the documented default return value for get_comment_author_IP().

    perhaps even only anonymize the existing IP by deleting one or two octets

    Please provide a use case for a partial IP. Keep in mind that IPv4 depletion means IP assignments have become very granular, so you can’t tell much — if anything — from a partial IP these days. E.g. my current home IP address is located in Spain according to GeoIP databases, but I’m actually in Norway. —and that is with the full IP address. I can’t really see any use for a partial IP, so the plugin just gets rid of them at the end of the 60 day period.

    set the maximum storage duration of the original IP address – 60 days seems a bit too much to be really compliant with DGPR

    This isn’t legal advise. I’m not a lawyer. You’re allowed/have a legitimate purpose for storing IP addresses under the GDPR for the purpose of detecting and preventing fraud, and for network and operational security. It can take days or a weeks before an IP is recognized as an aggressive spammer, and a spam-fighting plugin can retroactively act and remove comments submitted by the IP in question. Likewise, a comment moderator can spot the same IP posting many comments under different names but from the same IP. You really have a legitimate interest in storing the IP for a year or two!

    Two months was chosen after reviewing literally hundreds of privacy policies and finding that of those who specifically mentioned comment IP removal, they did so after two or three months. E.g. “We store the IP addresses along with any submitted comments for two months to prevent spam, fraud, and abuse.” Anti-spam plugins seem to be capped at retroactively deleting things after 4–6 weeks. 60 days seemed to fit well with the ecosystem and with how other websites already handle this.

    OK, using local IP is probably indeed not the best idea, forget about that 🙂

    IP addresses are considered personal data in various countries, that’s why storing them over a longer period might be an issue under GDPR. I wouldn’t take a bet that today’s privacy policies will be valid unaltered after 25 May when it comes to storage duration. GDPR requires the retention period to be as short as possible – for some, 60 days might easily be allowed, for others not. Having a possibility to configure that would simply add flexibility on the safe side here.

    The reliability of GeoIP is another story, but for the time being this is what we have available. And it is way better than using language or other settings from the browser…
    Anonymizing the IPs would be a compromise between complete loss and (possibly illegal in terms of GDPR) storage. Personally I wouldn’t allow an Antispam tool te delete retroactively simply because an IP address all over sudden appears on blacklists; either Spam is identified when it arrives or it will have to be cleaned up manually. Bigger sites might have other opinions here, that’s only my view. Maintaining partial IPs still reduces the number of possible spam posts when checking retroactively, in any case it’s better than having no IP at all. Finding the right balance between anonymizing the original IP and deleting it completely after some time will be a tedious and individual task for every WP site owner.
    (I got inspired by Matomo (formerly Piwik) which already has an option to delete the last one or two octets from the IP before storing it in the database.)

    Plugin Author Dan

    (@geekysoft)

    The reliability of GeoIP is another story, […] I got inspired by Matomo (formerly Piwik) which already has an option to delete the last one or two octets from the IP before storing it in the database.

    The two are actually two sides of the same issue. Partial IPs allowed Piwik to still get good GeoIP lookups, but that isn’t really the case anymore. I can’t really see any use for a partial IP anymore.

    Could you please attach the diff of your modifications so I can see what variables you’ve changed? I’ll add this to my todo list for 2018-W22.

    Plugin Author Dan

    (@geekysoft)

    You can test the changes in trunk now.

    https://plugins.trac.wordpress.org/browser/remove-comment-ips/trunk

    See the HACKING file for details.

    I’d also ask to make the storage duration configurable. Here in Germany there are a lot of questions about the GDPR. But one thing many lawyers agree with is that one should really store IPs for a very short period of time. Some recommend seven days for example. So it would very useful if the settings could be changed.

    Thanks for this plugin, btw!

    @geekysoft Would you mind setting up a GitHub repository for the plugin? Pull requests are so much easier than manual patches. I can provide you with Grunt examples for GitHub to SVN workflow.

    Plugin Author Dan

    (@geekysoft)

    The next release will have a filter for tweaking the deletion time.

    @somevapourtrails. This isn’t legal advice but don’t panic. There is exceptions for fraud and abuse detection and prevention, as well as for maintaining and auditing system security. Keeping IP addresses around for a month or two for these purposes isn’t any cause to worry. As long as you don’t use the data for any other purpose, you’ll be fine.

    @pputzer WordPress.org colab infrastructure is terrible for plugins. However, you can just send me a standard patch file. Open source did just fine long before GitHub, and patch handling isn’t a lost art.

    @themnbvcx-1 did you get a chance to test the changes?

    Open source sure did, but there’s a reason why Linus wrote Git. Sending patches via contact forms or posting them in here is not something I’ll fiddle around with.

    Plugin Author Dan

    (@geekysoft)

    Open source sure did, but there’s a reason why Linus wrote Git. Sending patches via contact forms or posting them in here is not something I’ll fiddle around with.

    Let’s do it Linus’ way then. I’ll setup a patch submission mailing list and you can send your patch there. 😜

    No, but seriously. Just attach your patches here. You haven’t even mentioned what changes you wish to make.

    Sorry for the late reply, I wasn‘t subscribed to the topic. As for „my“ changes, I was thinking about filter hooks as has been suggested in this thread.

    Unfortunately, these forums do not allow any kind of attachment. I‘d help out if it‘s quick do, but I don‘t have time to manually mangle large patches into forum poste, sorry 🙁

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Add settings for comment_IP and storage duration’ is closed to new replies.