GDPR fix may not be great

[archon810]

Hey @lesterchan,

I just looked at https://github.com/lesterchan/wp-polls/commit/7c5149ac95e1331f0300769a553d08e0389eba43, and from what I can tell you're now substituting the last part of the IP with xxx, like so:

substr( $ip, 0, strrpos( $ip, '.' ) ) . '.xxx'
: string = 123.456.789.xxx

Am I correct in understanding that this will prevent anyone on the same subnet from voting, meaning a single vote will dupe with 255 other IPs, thus potentially disqualifying people in the same office, home, or even unrelated groups of people. And it's done for everyone, not just people in EEU.

I don't know what the right solution here is, and whether salting and storing a one-way hash as an identifier goes against GDPR, but it's something to consider.

Thoughts?

[lesterchan]

I am not an GDPR expert. But it seems to me one way hash still can identify the user as all the same hashes means it is from the same user. so it might not be GDPR compliant.

This way was told by a few EU users. So I implemented it. So unfortunately, the subnet issue is a trade off.

[lesterchan]

@archon810 since you are a heavy user of this plugin, what do you think? I will probably probably go read yo more when I am back! Oh and Hi!

[archon810]

I wonder if there's another way to somehow be compliant, or at least restrict the GDPR compliance to EEU countries via some library. Maybe GeoIP?

[lesterchan]

Haha the reason I put this sort of “hack” quickly is because I have only two days to do it. And when the deadline comes, I will be in japan (still is) without time to fix it.

Do you think a setting will help? Like GDPr compliant yes? If yes just use the mast the last subnet. If not we just log the full IP?

[archon810]

Well, not really because it's the visitor's location that matters, not the company's that's hosting the poll. We still have to cater to EEU users even though we're in the US. So a setting like that is pointless, since it needs to be on, but only for EEU users.

[lesterchan]

I see. But most GeoIP services are chargeable and if a heavy site uses it, it will hit the free limit pretty soon!

[lesterchan]

It seems you can still store the IP if the site consents it. I wonder will it be better to revert this and hook on to the privacy policy page in 4.9.6 to tell this plugin uses your ip to prevent double voting.

[lesterchan]

It seems WordPress Comments now also anonymize IP. https://core.trac.wordpress.org/ticket/43442

[lesterchan]

It seems other ratings/voting plugins are hashing the IP. So I have done that =)

[archon810]

What's the plan for the public release?

[lesterchan]

@archon810 probably need more people to test it!