New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Opt-Out does not disable tracking / has no effect if IP-hashing is active #125
Comments
Yes, That's right. Just the hashes IP address enabled in the plugin, because it is one of the GDPR criteria. |
First of all: I am not a lawyer, just repeating things I picked up from other projects: |
To be more reliable, we can apply this in the next version. |
Ouch. If the information in this bug report is correct then this is a rather serious problem. It is pretty mean to trick your users into thinking they can lawfully use the plugin while in fact they cannot, as the opt out does not actually do what it is supposed to do. This is definitely not an "improvement" but a serious bug and should not be labeled "wontfix". |
I see that there have been a number of updates recently. Has this been resolved so that it is now again possible to use WPStatistics in a GDPR compliant way? |
Thank you for your all comments and explanations about this problem. They will be considered in the next versions. We are trying hard to make WP Statistics GDPR compliant as soon as possible. We are going to represent our documents to explain the compliance soon. |
Great that you are looking into this! I am looking forward to using WP-Statistics again once it it GDPR complaint. Please keep this issue open until the problem has actually been resolved, so that other users can see it. Thank you! |
Also it would be good to remove the |
At the moment we've got a way to allow users to "opt-out" (398), according to the standard Text this is supposed to affect "any future tracking".
As far as I can see the Cookie however only hashes the users IP but doesn't prevent any other information to be recorded - right? So the plugin is still tracking the user, just not recording the unhashed IP (which results in no change if hashing is enabled globally). Shouldn't at least things like Referrer, User-Agent, etc also be stripped if a no-track-cookie is present?
The text was updated successfully, but these errors were encountered: