FlatPress support forum

With regard to the GDPR, it is unfortunately a very big problem that FlatPress saves the IP with the comments. Here Flatpress should get a setting during the configuration, whether you want to save the IP completely, anonymously or not at all.

I have implemented an emergency solution on my site, but of course this cannot be the permanent solution. Simply remove this line in the comments.php and no more IP's will be saved

Hey where do I find the comments.php file so I can remove this. This is a security risk

It's only a security risk for your wallet if you run your website in Europe

The comments.php is in the root of your FlatPress

On your website: /blog/comments.php

To remove the IP address from already existing comments, see https://wiki.flatpress.org/doc:tech:fil ... s#comments

This is an important topic, thanks for the suggestion.
I opened an issue.

All the best,
Arvid

Since I'm back, I wanted to remind you of this "little thing". It's still current in 1.3.1. I'll explain here in more detail why this is so important to me:
-->> https://madekozu.de/2024/08/07/flatpres ... -eindruck/

Hello everyone,

I don't find saving the public IP address that dramatic. It is more useful if you want to defend yourself against liability claims if the comment contains illegal content. You could refer to Art. 6 Abs. 1 S. 1 lit. f DSGVO in your privacy policy.

There may be a suitable template in the numerous generators for data protection declarations.

Another possibility: a server-side shortening of the client IP so that only the first two blocks remain.

If you want, you can copy a customized core.utils.php from the zip archive into the fp-includes/core/. I have neutered the utils_ipget() function there. Akismet Anti-Spam may then not work correctly. If you have an Akismet account, you are welcome to test this and report back.

With best regards
Frank

Thank you for your answer.

Storing the IP is definitely a problem, because it requires the visitor's permission BEFOREHAND.

In order to be able to collect the IP address in the comment function, site operators must therefore obtain the consent of the users beforehand. To do this, they can place a note in the comment column stating which data they collect when writing a comment. Users should have to actively confirm this note via opt-in. In this context, webmasters should also place a link to their data protection information.

Source: https://www.e-recht24.de/dsg/12686-komm ... resse.html

The real problem is not the question of whether I am allowed to do it or not - but the fact that they are stored unencrypted and, with the standard installation, can be viewed by anyone, which corresponds to passing on the data to third parties. The same applies to the email address provided in the comment.

Hello everyone,

Here is the new core.utils, which does not throw any errors in the logs.
New features:
- the IPv4 client IP is anonymized in the last two blocks
- an IPv6 address is formed from the user agent and browser language for anonymization

This has the advantage that nothing has to be adjusted in the other scripts.
Optionally, you can assign a true in the array $fp_config ['general'] ['use-remote-ip'] to use the real client IP.

@Madekozu: would you like to test the customized core.utils and let us know here?
If there are no objections, this change will be incorporated into the FlatPress repo

Best regards
Frank

runs