For those who have the "opportunity" to deal with GDPR … and are implementing PW FieldtypeComments it's worth making a Privacy assessment.
When a visitor submits a comment, is going to visibly provide personal data: the commenter's name (or nickname) and email.
Going a bit deeper, we can see that a cookie named CommentForm is created, it stores visitor's name and email, with session long duration. If you wish more details, this cookie is entirely managed at javascript level in comments.js. Of course this cookie is very helpful as it pre-fills the comment form with commenter's information to speed up future comments submissions.
Let's make a step further and have a look to field_comments table inside the database. As you can see (PhpMyAdmin), in addition to the commenter's name (cite) and email, FieldtypeComments is also tracking the commenter's IP address. Uh..!
Should we ring an alarm bell ... and remove all the comments from our blog … ? Of course not ...
The simplest approach would be to make sure your privacy policy and cookie policy are taking into account all those aspects, including IP tracking, to make your visitors aware which personal data you process, why and for how long do you keep them. In light of that, it gets important to ask the commenter an explicit consent to personal data processing by a checkbox when submitting the comment form.
More specifically regarding IP tracking you may ask yourself if you really need to track the www.mycfavisit.com commenter's IP address. You should also get information if you-have-to-do-it because of your country laws.
If you concluded that you are not interested or obliged to track commenter's IP address, how to disable it ?
Commenter's IP address is gathered in function processInput() of CommentForm.php in FieldtypeComments module.
$comment->ip = $this->wire('session')->getIP();
Unfortunately I could not find any preset option to stop it, but (... obviously!) it is sufficient to change it to:
$comment->ip ='';
However do not forget not to modify the original FieldtypeComments in wire/modules/Fieldtype/FieldtypeComments, but copy it to site/modules/FieldtypeComments. Please refer to the initial part of this tutorial for the detailed steps to duplicate the module and make PW aware of which module version to use.
An alternative to entirely disable ip tracking could be to anonymize it.
Through the function here below. Please note, in this function I could not test if ipv6 anonymizing works as expected.
class A {publicstaticfunction anonymizeIp(string $ip){
$ipv4Mask ="255.255.255.0";//strip last octect
$ipv6Mask ="ffff:ffff:ffff:0000:0000:0000:0000:0000";//strip last 80 bits
$ipLen = strlen(inet_pton($ip));
$ipMask = $ipLen ==4? $ipv4Mask :($ipLen ==16? $ipv6Mask :'');return inet_ntop(inet_pton($ip)& inet_pton($ipMask));})
And here we are! Happy Privacy to everybody !
It might make sense if you're looking to aggregate e.g. geo location based of of the ip, but I'd expect it's there rather for spam protection reasons. So you can block actual IPs if you're flooded with comments. Securing your system against potential attacks is a solid foundation to gather the data without any consent even under the gdpr. The more important factor for that is just how long it's justified to save the IP for that reason.
Disable or Anonymize IP Tracking in FieldtypeComments
in Tutorials
Posted
It might make sense if you're looking to aggregate e.g. geo location based of of the ip, but I'd expect it's there rather for spam protection reasons. So you can block actual IPs if you're flooded with comments. Securing your system against potential attacks is a solid foundation to gather the data without any consent even under the gdpr. The more important factor for that is just how long it's justified to save the IP for that reason.