[theme-reviewers] Hidden IP field in theme contact form

Chip Bennett chip at chipbennett.net
Fri May 10 23:41:02 UTC 2013 

I would ask:

1) What is the legitimate purpose of sending the Theme end user's IP
address with a support/feedback email?
2) What is the legitimate purpose of failing to disclose to the end user
that IP address is being disclosed with that email?
3) What other options exist to maintain functionality, without disclosing
IP address?

I'm trying to understand the spam protection afforded by sending the user's
IP address with the email sent from within the user's dashboard? Why not
set up an API handshake or something, instead?


On Fri, May 10, 2013 at 7:12 PM, Bryan Hadaway <bhadaway at gmail.com> wrote:

> There's nothing wrong with it being hidden in and of itself, the word
> "hidden" here is having a certain negative connotation applied to it that
> is faulty. I've never seen a form EVER that announced your IP will be
> recorded or shown any such field or even so much as had a privacy policy
> link nearby.
>
> I think we all assume that our IP address is being recorded pretty much
> anytime we do anything (of course, the novice is probably not privy to
> this). I guarantee there are a couple hundred plugins that collect IPs
> without some prominent way of disclosing that, both of the plugin user and
> the visitor's of that person's website including Automattic plugins.
>
> There's seemingly no precedent here for this, are you admins going to set
> one, that's always fun right?
>
> Why not just ask this person why the contact form needs an IP field, I'm
> 99% sure its for spam, statistical reasons or both at which point how is
> that any different than GA or other stat scripts that collect IP addresses
> for location info?
>
> It's an interesting conversation sure, but an easier way to solve this
> might be to ask what can a person possibly do maliciously with a list of
> random IPs that are essentially meaningless to any intent considering the
> author won't know or care about any of these users in the sense of trying
> to "do something".
>
> If your thoughts are it doesn't matter, the user needs to know that their
> IP address is recorded regardless of the use you're opening a can of worms
> and creating a precedent that rightfully needs to then be opened up to all
> themes, plugins, WordPress.org (comment forms) itself and further. The
> reach is too far and we shouldn't really have a say in such matters.
>
> The reason I HATE when issues like this come up is because if you single
> one person out, you better scrutinize everyone else too, but that often
> doesn't happen.
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20130510/751b5ec5/attachment.html>

More information about the theme-reviewers mailing list