Make WordPress Core

Opened 5 weeks ago

Last modified 3 weeks ago

#44078 new enhancement

Add an email pseudonymization function that preserves first letter and TLD

Reported by: allendav Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Privacy Keywords: gdpr needs-patch
Focuses: Cc:

Description (last modified by allendav)

In addition to the existing behavior of wp_privacy_anonymize_data( 'email', $email_address) which returns deleted@…, it would be useful, e.g. for debug logging to have another type that would return pseudonymized email addresses that retain a little bit of the original address, e.g.


could become something like


Where the number of * corresponds to the letters removed, and only the first letter of the email address and the TLD are retained.

See also https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-8-pseudonymization/

Change History (4)

#1 @allendav
5 weeks ago

  • Description modified (diff)

#2 @lakenh
5 weeks ago

I'm not sure if I would consider this pseudonymous with my email, especially for users with custom email domains (like myself). For example, an email I use on several WordPress installs would spit out the following out of this function: w*@*****.me

That's still rather unique, imo.

I think a better way would be to either standardize or randomize character lengths. We could still keep the TLD for debugging purposes though, if really necessary. So let's say the standard could be 8 chars for the address and 6 chars for the domain everytime, plus the TLD:

********@******.me is much more anonymous, without losing much debug value.

Perhaps we could look into rounding up to standard characters too, say maybe in tiers of 8 chars (that would preserve even more debug value)

#3 @desrosj
5 weeks ago

  • Component changed from General to Privacy

Moving to the new Privacy component.

#4 @desrosj
3 weeks ago

Related: #43175.

Note: See TracTickets for help on using tickets.