Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#40871 closed enhancement (maybelater)

Remove IP Address Anonymization From WP_Community_Events

Reported by: iandunn's profile iandunn Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.8
Component: Administration Keywords: has-patch
Focuses: Cc:

Description

The new Events widget (#40702) sends the user's IP address (not the WP server's) to api.w.org to geolocate them and provide them with nearby events. Before sending the IP, it anonymizes it to the network ID, to mitigate privacy concerns.

There are some cases where the location of the anonymized IP is several hundred kilometers away from the location of the full IP, which can result in events not being returned, or the wrong events being returned.

Removing the anonymization would avoid that problem, but could raise privacy concerns from some users. I think the UX tradeoffs are worth it in this case, though, because:

  1. There's a plugin that will fully remove the IP from any requests to the Events endpoint.
  2. Core already uses the w.org CDN to serve some assets, so w.org already sees the user's full IP. Sending it in this request too wouldn't fundamentally change anything.

Related #40794

Attachments (1)

40871.diff (2.0 KB) - added by iandunn 7 years ago.

Download all attachments as: .zip

Change History (8)

@iandunn
7 years ago

#1 @iandunn
7 years ago

  • Keywords has-patch added

#2 @hardeepasrani
7 years ago

Thanks for taking care of this. :)

#3 @mrwweb
7 years ago

Justification on ticket seems sound to me.

This ticket was mentioned in Slack in #core by iandunn. View the logs.


7 years ago

#5 @iandunn
7 years ago

  • Resolution set to maybelater
  • Status changed from new to closed

Doh, it looks like I misdiagnosed the problem. The problem was actually that the ip2location lookup for the IP returned the wrong result. That's bound to happen from time to time, since IP geolocation is only a rough estimate, and changes often. I notified ip2location, so that they can fix their database.

It's possible that there will be other cases in the future where the anonymization will distort the results, but we can cross that bridge when we have specific examples to test.

If that does happen, some of today's discussion on Slack might be helpful. It seems like using a smaller $netmask, like 255.255.255.248, might work well to keep the IP partially anonymous, but reduce the chance of incorrect results.

This ticket was mentioned in Slack in #core by iandunn. View the logs.


7 years ago

#7 @netweb
7 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.