[theme-reviewers] Hidden IP field in theme contact form

Paul Appleyard paul at spacecat.com
Sun May 12 04:48:41 UTC 2013 

And I would ask:

Why the hell is he putting it as a hidden field in the form - why is he 
just not getting the IP after the form is submitted? (NB: he has a 
function that sorts through a bunch of proxy IP aliases to get the 
proper IP address)

Regardless, I ALMOST ALWAYS record the IP address with help form 
submissions. It's an innocuous piece of data, but it can sometimes be 
helpful in sorting out the issues the person is enquiring about. Every 
little extra piece of relevant data assists you in resolving whatever 
issue they are raising. And remember, submitting that form is not a 
passive act - generally you are providing a reply-to email address, your 
name, contact number and so on (just checked the ticket in question - it 
asks for full name and email address)

It's really (in this case) a non-issue. That information does not get 
sent UNLESS you are already ACTIVELY PROVIDING your name and email address.

NOW, if the theme was secretly logging user agent, ip address etc to a 
remote endpoint, THEN I would be worried..

Paul Appleyard

PS, sorry for the excessive caps.

On 11/05/2013 9:41 AM, Chip Bennett wrote:
> I would ask:
>
> 1) What is the legitimate purpose of sending the Theme end user's IP 
> address with a support/feedback email?
> 2) What is the legitimate purpose of failing to disclose to the end 
> user that IP address is being disclosed with that email?
> 3) What other options exist to maintain functionality, without 
> disclosing IP address?
>
> I'm trying to understand the spam protection afforded by sending the 
> user's IP address with the email sent from within the user's 
> dashboard? Why not set up an API handshake or something, instead?
>
>
> On Fri, May 10, 2013 at 7:12 PM, Bryan Hadaway <bhadaway at gmail.com 
> <mailto:bhadaway at gmail.com>> wrote:
>
>     There's nothing wrong with it being hidden in and of itself, the
>     word "hidden" here is having a certain negative connotation
>     applied to it that is faulty. I've never seen a form EVER that
>     announced your IP will be recorded or shown any such field or even
>     so much as had a privacy policy link nearby.
>
>     I think we all assume that our IP address is being recorded pretty
>     much anytime we do anything (of course, the novice is probably not
>     privy to this). I guarantee there are a couple hundred plugins
>     that collect IPs without some prominent way of disclosing that,
>     both of the plugin user and the visitor's of that person's website
>     including Automattic plugins.
>
>     There's seemingly no precedent here for this, are you admins going
>     to set one, that's always fun right?
>
>     Why not just ask this person why the contact form needs an IP
>     field, I'm 99% sure its for spam, statistical reasons or both at
>     which point how is that any different than GA or other stat
>     scripts that collect IP addresses for location info?
>
>     It's an interesting conversation sure, but an easier way to solve
>     this might be to ask what can a person possibly do maliciously
>     with a list of random IPs that are essentially meaningless to any
>     intent considering the author won't know or care about any of
>     these users in the sense of trying to "do something".
>
>     If your thoughts are it doesn't matter, the user needs to know
>     that their IP address is recorded regardless of the use you're
>     opening a can of worms and creating a precedent that rightfully
>     needs to then be opened up to all themes, plugins, WordPress.org
>     (comment forms) itself and further. The reach is too far and we
>     shouldn't really have a say in such matters.
>
>     The reason I HATE when issues like this come up is because if you
>     single one person out, you better scrutinize everyone else too,
>     but that often doesn't happen.
>
>     _______________________________________________
>     theme-reviewers mailing list
>     theme-reviewers at lists.wordpress.org
>     <mailto:theme-reviewers at lists.wordpress.org>
>     http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20130512/7abb6cde/attachment-0001.html>

More information about the theme-reviewers mailing list