Support » Plugin: WP-Polls » Data privacy issue (IP address stored)

  • Resolved Jaegers.Net

    (@jaegersnet)


    Hi there,

    I really appreciate your plugin as it just does, what it is for.

    But unfortunately it’s violating several data privacy laws, especially within the EU as it stores IP addresses.

    Is there a way to prevent this, or at least to anonymize them (by removing the last two or three digits)?

    Best regards,

    Michael

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Lester Chan

    (@gamerz)

    If the IP address is not stored, there is no way to prevent people from clearing their cookie and re-voting again. That sort of negate the purpose of the feature of the plugin.

    If you prefer to still got ahead with this, you can replace this two lines:

    
    https://github.com/lesterchan/wp-polls/blob/master/wp-polls.php#L1338-L1339
    
    
    $pollip_ip = get_ipaddress();
    $pollip_host = @gethostbyaddr($pollip_ip);
    

    With

    
    $pollip_ip = '';
    $pollip_host = '';
    
    • This reply was modified 4 years, 8 months ago by Lester Chan. Reason: fixed typo
    Thread Starter Jaegers.Net

    (@jaegersnet)

    Hi,

    thanks for your reply.

    I fixed it in a slight other way by masking the IP Address (last byte) and removing the hostname:

    $pollip_ip = get_ipaddress();
    $pollip_host = preg_replace('/^[^\.]*\./', 'xxx.', @gethostbyaddr($pollip_ip));
    $pollip_ip = preg_replace('/\.\d+$/', '.xxx', $pollip_ip);

    And on line 378

    $get_voted_aids = $wpdb->get_col( $wpdb->prepare( "SELECT pollip_aid FROM $wpdb->pollsip WHERE pollip_qid = %d AND pollip_ip = %s", $poll_id, preg_replace('/\.\d+$/', '.xxx', get_ipaddress()) ) . $log_expiry_sql );

    This seems to work fine, so far, even if users within the same subnet might not be able to vote.

    Best regards,

    Michael

    Plugin Author Lester Chan

    (@gamerz)

    That works as well =)

    Thread Starter Jaegers.Net

    (@jaegersnet)

    After reviewing the Database entries, I modified the code a little bit as there are IPv6 addresses and ip addresses as hostnames.

    So just for those, who want to fix it also:

    line 378:

    $get_voted_aids = $wpdb->get_col( $wpdb->prepare( "SELECT pollip_aid FROM $wpdb->pollsip WHERE pollip_qid = %d AND pollip_ip = %s", $poll_id, preg_replace('/[\.:]\d+$/', '.xxx', get_ipaddress()) ) . $log_expiry_sql );

    and somewhere near line 1338

    $pollip_ip = get_ipaddress();
    $pollip_host = preg_replace('/^[^\.]*\./', 'xxx.', @gethostbyaddr($pollip_ip));
    if ($pollip_host == $pollip_ip)
      $pollip_ip = $pollip_host = preg_replace('/[\.:]\d+$/', '.xxx', $pollip_ip);
    else
      $pollip_ip = preg_replace('/[\.:]\d+$/', '.xxx', $pollip_ip);

    This should be fine.

    Best regards,

    Michael

    can you push a gdpr compliant version of this to use so we do not all have to update those scripts šŸ˜‰

    • This reply was modified 4 years, 7 months ago by johannes89.
    Plugin Author Lester Chan

    (@gamerz)

    I heard about GDPR but I have no time to take a look at it. Feel free to send a pull request https://github.com/lesterchan/wp-polls and I will merge it.

    Well I am not really a php dev so I cannot do this myself.

    Quick question, can you just use the coding from Jaegers.Net and put it into your codebase, maybe with an settings checkbox to anyomize the ip adresses etc.?

    Plugin Author Lester Chan

    (@gamerz)

    All this require work and time, something which I can’t afford right now. Sorry about. The gdpr is kinda very irritating for hobby projects.

    Plugin Author Lester Chan

    (@gamerz)

    Thanks šŸ™‚ Highly appriciate your work.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Data privacy issue (IP address stored)’ is closed to new replies.