WordPress.org

Make WordPress Core

Opened 9 months ago

Last modified 6 weeks ago

#45889 new enhancement

Include Session Tokens as personal information in data exports and erasure

Reported by: lakenh Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: has-patch needs-unit-tests
Focuses: administration Cc:
PR Number:

Description (last modified by garrett-eclipse)

#44161 raised some concerns about if we missed any personal data when the personal information export was released. Upon further investigation, the core-privacy team found multiple places in the user_meta table that still contains information that we should include in exports.

The currently known ones are the following:

  • Session Tokens: Contains IP address and user agent
  • Community Events: Contains IP address

*Community Events data will be handled via #43921

The scope of this ticket isn't about removing/anonymizing this information, instead just including it within the current user export and erasure tools.

Attachments (4)

45889.diff (1.3 KB) - added by nickylimjj 6 months ago.
session_token_export.png (155.6 KB) - added by nickylimjj 6 months ago.
45889.2.diff (1.3 KB) - added by nickylimjj 6 months ago.
export-with-session token.png (147.9 KB) - added by nickylimjj 6 months ago.

Download all attachments as: .zip

Change History (11)

#1 @desrosj
9 months ago

  • Component changed from Privacy to Users
  • Focuses privacy added
  • Milestone changed from Awaiting Review to Future Release

One thing to be careful with here is the erasing the IP and user agent information used for sessions would cause an issue with sessions becoming invalidated. This would need to either be communicated to the user or, instead of erasing in the current process, a second step could be provided for erasing the sessions.

#2 follow-up: @garrett-eclipse
9 months ago

One question I had about the use of IP in the Community Events is would an anonymized IP be sufficient to geolocate an area to surface community events from? If so we could avoid needing to include it in export and erasure by anonymizing it prior to storing in the usermeta table which would make it no longer PII. Just a thought.

With Session Tokens I don't believe they would be as secure if the IP was anonymized and might not work at all so wouldn't go down that route with them.

#3 in reply to: ↑ 2 @garrett-eclipse
9 months ago

  • Component changed from Users to Privacy
  • Description modified (diff)
  • Focuses administration added; privacy removed
  • Summary changed from Include personal information from within the user_meta table in data exports to Include Session Tokens as personal information in data exports and erasure
  • Version changed from 5.0.2 to 4.9.6

As #43921 already exists with an existing patch we'll continue work for the Community Events Location information through that ticket. As such I've updated this ticket to change it's focus to be specific to Session Tokens.

And to answer my question from previous garrett-eclipse:

One question I had about the use of IP in the Community Events is would an anonymized IP be sufficient to geolocate an area to surface community events from? If so we could avoid needing to include it in export and erasure by anonymizing it prior to storing in the usermeta table which would make it no longer PII. Just a thought.

*This was answered on the other ticket indicating that the IP address is already partially anonymized as was indicated on this ticket comment;
https://core.trac.wordpress.org/ticket/40794#comment:22

#4 @garrett-eclipse
9 months ago

  • Keywords needs-patch added

@nickylimjj
6 months ago

#5 follow-up: @nickylimjj
6 months ago

  • Keywords has-patch needs-unit-tests added; needs-patch removed

Added a patch to export session tokens data. $token-props defined based on ticket but would require investigating into where in codebase it is defined. Did a cursory check but can't seem to find it in the __constructor for abstract base class WP_Session_Tokens nor class WP_User_Meta_Session_Tokens.

#6 in reply to: ↑ 5 @nickylimjj
6 months ago

Replying to nickylimjj:

Added a patch to export session tokens data. $token-props defined based on ticket but would require investigating into where in codebase it is defined. Did a cursory check but can't seem to find it in the __constructor for abstract base class WP_Session_Tokens nor class WP_User_Meta_Session_Tokens.

To any helpful debugger, the attachment is an example of the key-values for the session_tokens metadata if anyone is familiar where value's type is defined.

@nickylimjj
6 months ago

#7 @rconde
6 weeks ago

Thanks @nickylimjj it would be great to have this feature included in a next version of WP, as IP addresses fall as private data under the GDPR.

Your patch works great so at least it's something to be fully compliant.

Note: See TracTickets for help on using tickets.