lesterchan / wp-polls

Adds an AJAX poll system to your WordPress blog. You can also easily add a poll into your WordPress's blog post/page.
https://wordpress.org/plugins/wp-polls/
93 stars 78 forks source link

GDPR fix may not be great #112

Open archon810 opened 6 years ago

archon810 commented 6 years ago

Hey @lesterchan,

I just looked at https://github.com/lesterchan/wp-polls/commit/7c5149ac95e1331f0300769a553d08e0389eba43, and from what I can tell you're now substituting the last part of the IP with xxx, like so:

substr( $ip, 0, strrpos( $ip, '.' ) ) . '.xxx'
: string = 123.456.789.xxx

Am I correct in understanding that this will prevent anyone on the same subnet from voting, meaning a single vote will dupe with 255 other IPs, thus potentially disqualifying people in the same office, home, or even unrelated groups of people. And it's done for everyone, not just people in EEU.

I don't know what the right solution here is, and whether salting and storing a one-way hash as an identifier goes against GDPR, but it's something to consider.

Thoughts?

lesterchan commented 6 years ago

I am not an GDPR expert. But it seems to me one way hash still can identify the user as all the same hashes means it is from the same user. so it might not be GDPR compliant.

This way was told by a few EU users. So I implemented it. So unfortunately, the subnet issue is a trade off.

lesterchan commented 6 years ago

@archon810 since you are a heavy user of this plugin, what do you think? I will probably probably go read yo more when I am back! Oh and Hi!

archon810 commented 6 years ago

I wonder if there's another way to somehow be compliant, or at least restrict the GDPR compliance to EEU countries via some library. Maybe GeoIP?

lesterchan commented 6 years ago

Haha the reason I put this sort of “hack” quickly is because I have only two days to do it. And when the deadline comes, I will be in japan (still is) without time to fix it.

Do you think a setting will help? Like GDPr compliant yes? If yes just use the mast the last subnet. If not we just log the full IP?

archon810 commented 6 years ago

Well, not really because it's the visitor's location that matters, not the company's that's hosting the poll. We still have to cater to EEU users even though we're in the US. So a setting like that is pointless, since it needs to be on, but only for EEU users.

lesterchan commented 6 years ago

I see. But most GeoIP services are chargeable and if a heavy site uses it, it will hit the free limit pretty soon!

lesterchan commented 6 years ago

It seems you can still store the IP if the site consents it. I wonder will it be better to revert this and hook on to the privacy policy page in 4.9.6 to tell this plugin uses your ip to prevent double voting.

lesterchan commented 6 years ago

It seems WordPress Comments now also anonymize IP. https://core.trac.wordpress.org/ticket/43442

lesterchan commented 6 years ago

It seems other ratings/voting plugins are hashing the IP. So I have done that =)

archon810 commented 6 years ago

What's the plan for the public release?

lesterchan commented 6 years ago

@archon810 probably need more people to test it!