[wp-trac] [WordPress Trac] #40871: Remove IP Address Anonymization From WP_Community_Events
WordPress Trac
noreply at wordpress.org
Fri May 26 18:50:06 UTC 2017
#40871: Remove IP Address Anonymization From WP_Community_Events
----------------------------+-----------------------------
Reporter: iandunn | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: trunk
Severity: normal | Keywords:
Focuses: |
----------------------------+-----------------------------
The new Events widget (#40702) sends the user's IP address (not the WP
server's) to api.w.org to geolocate them and provide them with nearby
events. Before sending the IP, it anonymizes it to the network ID, to
mitigate privacy concerns.
There are some cases where
[https://wordpress.slack.com/conversation/C02RQBWTW/p1494970649912769 the
location of the anonymized IP is several hundred kilometers away from the
location of the full IP], which can result in events not being returned,
or the wrong events being returned.
Removing the anonymization would avoid that problem, but
[https://make.wordpress.org/community/2017/03/23/showing-upcoming-local-
events-in-wp-admin/#comment-23298 could raise privacy concerns from some
users]. I think the UX tradeoffs are worth it in this case, though,
because:
1. There's [https://wordpress.org/plugins/community-events-privacy/ a
plugin that will fully remove the IP] from any requests to the Events
endpoint.
1. Core already uses the w.org CDN to serve some assets, so w.org already
sees the user's full IP. Sending it in this request too wouldn't
fundamentally change anything.
Related #40794
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40871>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list