Privacy Update for Antispam Bee
This post originally appeared in Sergej Müller’s Google+ profile (in German) and is no longer accessible there. It’s now kept here by the Pluginkollektiv.
I didn’t want to deploy any more updates for the plugin this year, even though I was testing new antispam filters in the background. However, several users have asked me which plugin functions in this country are really safe from a privacy point of view? I have nothing to hide and have always described all functions in the online manual and provided them with corresponding privacy notices, which I have now revised. But I will summarize everything in clear words, no marketing blah-blah…
Two services as support
AB does not save IPs, but for exactly 2 functions Antispam Bee uses external services: “Consider public spam database” and “Block or allow certain countries”. In both cases the Antispam Bee plugin transfers the user’s IP to the service to get back a certain information. Compared to Akismet, the Antispam-Plugin does not communicate the complete comment and blog data, but the assumed minimum, the loose IP. By the way: Both functions are optional: Disabled by default, they can be turned off and on at any time according to user request.
Country check OK
Ok, according to the current law you are not allowed to transfer an IP without castrating it. So today I released an update which anonymizes the IP when using the option “Block or allow certain countries”. For country detection you can shorten the IP, this is no problem. So this option would be harmless in terms of data protection.
Former Project Honey Pot
The situation is different when using the setting “Consider public spam database” (so-called DNSBL check). Previously set to the Project Honey Pot, since 2 versions it is the free spammer database Tornevall. Since the spammer databases always work with original IPs, it makes no sense to start the request with an anonymized IP. Therefore:
In blogs within EU countries, the option “Consider public spam database” must not be used. When activating this feature, Antispam Bee (only) transfers the commentator’s IP in unabridged form to an external service to check for spam.
Even without the activated DNSBL check Antispam Bee detects most spam. The DNSBL check of comments was/is a good fallback. Many will continue to use the option, the others will have to do without it. I will not remove the function, because the plugin is used worldwide.