<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body wsmode="reply" text="#000000" bgcolor="#FFFFFF">
And I would ask:<br>
<br>
Why the hell is he putting it as a hidden field in the form - why is
he just not getting the IP after the form is submitted? (NB: he has
a function that sorts through a bunch of proxy IP aliases to get the
proper IP address)<br>
<br>
Regardless, I ALMOST ALWAYS record the IP address with help form
submissions. It's an innocuous piece of data, but it can sometimes
be helpful in sorting out the issues the person is enquiring about.
Every little extra piece of relevant data assists you in resolving
whatever issue they are raising. And remember, submitting that form
is not a passive act - generally you are providing a reply-to email
address, your name, contact number and so on (just checked the
ticket in question - it asks for full name and email address)<br>
<br>
It's really (in this case) a non-issue. That information does not
get sent UNLESS you are already ACTIVELY PROVIDING your name and
email address.<br>
<br>
NOW, if the theme was secretly logging user agent, ip address etc to
a remote endpoint, THEN I would be worried..<br>
<br>
Paul Appleyard<br>
<br>
PS, sorry for the excessive caps.<br>
<br>
<div class="moz-cite-prefix">On 11/05/2013 9:41 AM, Chip Bennett
wrote:<br>
</div>
<blockquote
cite="mid:CAPdLKqdoc949hmP6o6DGWjH=vw31fB6GkJ9mnA-eCTuYZPACYQ@mail.gmail.com"
type="cite">
<div dir="ltr">I would ask:
<div><br>
</div>
<div style="">1) What is the legitimate purpose of sending the
Theme end user's IP address with a support/feedback email?</div>
<div style="">2) What is the legitimate purpose of failing to
disclose to the end user that IP address is being disclosed
with that email?</div>
<div style="">3) What other options exist to maintain
functionality, without disclosing IP address?</div>
<div style=""><br>
</div>
<div style="">I'm trying to understand the spam protection
afforded by sending the user's IP address with the email sent
from within the user's dashboard? Why not set up an API
handshake or something, instead?</div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, May 10, 2013 at 7:12 PM, Bryan
Hadaway <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bhadaway@gmail.com" target="_blank">bhadaway@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>There's nothing wrong with it being hidden in
and of itself, the word "hidden" here is having
a certain negative connotation applied to it
that is faulty. I've never seen a form EVER that
announced your IP will be recorded or shown any
such field or even so much as had a privacy
policy link nearby.<br>
<br>
</div>
I think we all assume that our IP address is being
recorded pretty much anytime we do anything (of
course, the novice is probably not privy to this).
I guarantee there are a couple hundred plugins
that collect IPs without some prominent way of
disclosing that, both of the plugin user and the
visitor's of that person's website including
Automattic plugins.<br>
<br>
</div>
There's seemingly no precedent here for this, are
you admins going to set one, that's always fun
right?<br>
<br>
</div>
Why not just ask this person why the contact form
needs an IP field, I'm 99% sure its for spam,
statistical reasons or both at which point how is that
any different than GA or other stat scripts that
collect IP addresses for location info?<br>
<br>
</div>
It's an interesting conversation sure, but an easier way
to solve this might be to ask what can a person possibly
do maliciously with a list of random IPs that are
essentially meaningless to any intent considering the
author won't know or care about any of these users in
the sense of trying to "do something".<br>
<br>
</div>
<div>If your thoughts are it doesn't matter, the user
needs to know that their IP address is recorded
regardless of the use you're opening a can of worms and
creating a precedent that rightfully needs to then be
opened up to all themes, plugins, WordPress.org (comment
forms) itself and further. The reach is too far and we
shouldn't really have a say in such matters.<br>
</div>
<div><br>
</div>
The reason I HATE when issues like this come up is because
if you single one person out, you better scrutinize
everyone else too, but that often doesn't happen.<br>
</div>
<br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a moz-do-not-send="true"
href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a moz-do-not-send="true"
href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers"
target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
theme-reviewers mailing list
<a class="moz-txt-link-abbreviated" href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a>
<a class="moz-txt-link-freetext" href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a>
</pre>
</blockquote>
<br>
</body>
</html>