[wp-trac] [WordPress Trac] #40871: Remove IP Address Anonymization From WP_Community_Events

WordPress Trac noreply at wordpress.org
Fri May 26 18:50:06 UTC 2017

#40871: Remove IP Address Anonymization From WP_Community_Events
 Reporter:  iandunn         |      Owner:
     Type:  enhancement     |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  Administration  |    Version:  trunk
 Severity:  normal          |   Keywords:
  Focuses:                  |
 The new Events widget (#40702) sends the user's IP address (not the WP
 server's) to api.w.org to geolocate them and provide them with nearby
 events. Before sending the IP, it anonymizes it to the network ID, to
 mitigate privacy concerns.

 There are some cases where
 [https://wordpress.slack.com/conversation/C02RQBWTW/p1494970649912769 the
 location of the anonymized IP is several hundred kilometers away from the
 location of the full IP], which can result in events not being returned,
 or the wrong events being returned.

 Removing the anonymization would avoid that problem, but
 events-in-wp-admin/#comment-23298 could raise privacy concerns from some
 users]. I think the UX tradeoffs are worth it in this case, though,

 1. There's [https://wordpress.org/plugins/community-events-privacy/ a
 plugin that will fully remove the IP] from any requests to the Events
 1. Core already uses the w.org CDN to serve some assets, so w.org already
 sees the user's full IP. Sending it in this request too wouldn't
 fundamentally change anything.

 Related #40794

Ticket URL: <https://core.trac.wordpress.org/ticket/40871>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list