Disable hit counter/last-accesss dates?

The last access date doesn’t log any personal data about a user clicking a link at a specific time. It updates a single date, and every visit (regardless of visitor) updates the same date. I very much doubt that would cause any privacy issues as there is no personal data captured.

Both it and the hit counter are to be used to determine if a URL is still being used.

You can find information about how to disable it here:

https://redirection.me/developer/wordpress-hooks/

So, to set the value to false and bypass the counter, would it take something like this?

function no_redirection_counter() {
	return 'false';
}
add_filter( 'redirection_redirect_counter', 'no_redirection_counter' );

(This may be completely wrong — I’m not a developer, so trying to do anything with filter hooks is kind of a project, since a lot of the stuff in the Codex is beyond my skill.)

Thanks!

You need to return false, not the English word “false”

So, like this?
`
function no_redirection_counter() {
return false;
}
add_filter( ‘redirection_redirect_counter’, ‘no_redirection_counter’ );’

(I’m sorry if this seems dense — as you can probably tell, this is not remotely my area of expertise!)

Yep, give it a try.

Okay, it appears that worked — at least, testing redirects doesn’t increment the hit counter or update the last access date. Thanks!

(I take your point about using the hit counter to see if redirects are still being used, but in this case, there are a lot of online sources with old versions of the links, so it’s not really practical for me to ‘retire’ old redirects. In a rational world, the last access date wouldn’t constitute a privacy issue, but “rational world” does not describe whatever universe California legislators are apparently living in!)

What is the relevant California legislation that restricts the storing of a date? You are the only person to ask this question, and I have not come across it before.

It’s not the date per se, it’s that California’s new GDPR-style privacy nightmare regards essentially any data about a person’s online activity as personal information, subject to onerous access and deletion requirements. This explicitly includes IP addresses (which are treated as personal identifiers equivalent to a name or phone number), but also transitory data and “inferences” drawn from other data. So, data that allowed a specific user visit to be tied to a particular referring link — even just by inference — gets into an uncomfortable gray area. (The Redirection log data would definitely implicate the new law, even with partially obfuscated IP addresses, because it documents online behavior of specific individuals.)

How zealously they’re going to interpret the statutory language is TBD, but the statutory language is crazy broad.

Ok, thanks. Personally I don’t think either the IP-less log or a transitory date would be affected by this as neither ties a user to a visit, or infers a visit from a particular user. Certainly it would not be possible to provide access to a user’s data, if it was requested, as it doesn’t exist.

Saying that, you should do what you think is best for your site.

I’m sorry to refresh this topic but finally should we be worried about GDPR compliance and the hit counter/last-access dates ?

I’m not in the EU or a lawyer (nor I assume is Mr. Godley), and the finer points of the GDPR are beyond my ken.

On the surface, it does not appear that the counter or last access dates collect anything the GDPR would deem personally identifying information. (The Redirection logs do, since they collect IP addresses and user agent data.)

It’s a muddier question under California law because California law has a very broad definition of “personal information” that also encompasses virtually any information or inferences about an individual’s web browsing or online activity. I have a hard time envisioning a hit counter being deemed personal information even by that expansive standard. However, the last-access date might enable you to determine what outdated link a specific visitor clicked on, which might be deemed to constitute online behavioral information. (Whether the state will actually interpret the law that broadly is unclear, and I don’t think it’s a reasonable interpretation, but the breadth of the statutory definitions is truly bonkers.)

I don’t know if the GDPR regards information about a user’s online behavior to be personally identifying in the absence of some actually identifying data like an IP address. That might come down to how individual member states decide to implement the regulations, and is really a legal question nobody here is in a position to answer for certain.

In any event, the function above will disable the last-access date collection and prevent redirections from incrementing the counter, so you can turn it off that way.

• This reply was modified 4 years, 10 months ago by Ate Up With Motor.

Just to clarify some of those points. The Redirection plugin logs can collect IP information, but that can be disabled from the options page. User agent information does not, on it’s own, identify a user (see the GDPR website itself – https://gdpr.eu/privacy-policy/).

The last access date does not link a specific user to a URL and I do not believe this constitutes any compliance issue. It would be impossible to identify anyone from this data alone.

I am not a lawyer though. It is my understanding that the California law is a weaker version of GDPR, and I am led to believe that the plugin (with customisation from the user) is GDPR compliant.

It should also be noted that collecting user specific information is possible via GDPR (and I assume Californian law), provided you notify your users and give them the ability to remove that information.

• This reply was modified 4 years, 10 months ago by John Godley.

I just want to append to what Mr. Godley says that while California law is to some extent GDPR-inspired, its definitions and standards are in some ways distinctly different — less stringent in certain respects, significantly more onerous in others. Again, I’m not a lawyer, but I would caution any WordPress user not to assume that GDPR compliance is CCPA-compliant or vice versa. (Complying with one will put you in a better position to comply with the other, but each has unique requirements.)

As far as I understand it, the GDPR doesn’t prohibit collecting information for security and troubleshooting purposes, and my non-lawyer’s interpretation is that whatever information Redirection collects falls into that category, particularly if you configure your settings so you only retain the information as long as you reasonably need it and are upfront in your privacy policy about what information you collect.

• This reply was modified 4 years, 10 months ago by Ate Up With Motor.