WordPress.org

Making WordPress.org

Opened 3 months ago

Closed 3 months ago

#5573 closed defect (invalid)

"anonymized" users should be blocked to prevent use

Reported by: Ipstenu Owned by:
Milestone: Priority: normal
Component: General Keywords:
Cc:

Description

Currently when a user asks to have their account pulled (ie turned anonymized), we blank out the email and anon them as much as possible. BUT we do not change the account status to blocked.

Since they've asked us not to use/keep their data anymore, we should similarly block the accounts and reset passwords to prevent lingering cookies from allowing them to give us more data. It rather defeats the purpose of their request, eh? :)

Change History (5)

This ticket was mentioned in Slack in #forums by ipstenu. View the logs.


3 months ago

#2 @dd32
3 months ago

  • Passwords are already reset/removed out during erasure
  • Cookies become invalid once the password is removed

The case that triggered this was an erasure which was requested moments after creating content, leading the the idea that perhaps the user had created the content after erasure.

Blocking these accounts doesn't seem like it'll be much benefit, and it'll also mean that the anonymised profile activity history is no longer displayed to most users which could be an issue when a contributor wants to check other threads from the author or something..

#3 @Ipstenu
3 months ago

Passwords are already reset/removed out during erasure
Cookies become invalid once the password is removed

There have been other cases where the cookies aren't becoming invalid or this timing issue happens. Banned users have been able to, 24 hours later, submit plugins just for an example.

Making another status that, similarly, can be checked as-is for an invalid account could make this more reliable. I've reported that a number of times, with no change.

#4 @dd32
3 months ago

I'm going to close this ticket, as there's no actual bug here with anonymous users.

Blocked users however, yes, there's a mess with those which I'll fix via #4691 today.

#5 @dd32
3 months ago

  • Resolution set to invalid
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.