Just a quick update:
Unfortunately, we have not been able to find a hook in WordPress to block wp_formmaker_cookies until consent is given. Therefore, we currently see no possibility to use Form Maker in the EU in compliance with data protection regulations.
We would therefore be all the more pleased to receive an answer in order to find a solution for users from the EU.
Hello @devowl!
Thank you for your inquiry. I would like to explain our cookie storage process in detail. We store cookies that contain values encoded in MD5 hash, specifically user_ip, user_agent, and site_url data. Additionally, we include the same MD5 hash in the database of the corresponding form on the site. The reason for comparing these two hashes during form submission/loading is primarily to ensure security.
By comparing the hashes, we can verify the integrity of the data and mitigate potential security risks. It allows us to confirm that the submitted form originates from the expected source and that the provided user information remains consistent throughout the process.
If you have any further questions or concerns regarding our cookie storage or security measures, please don’t hesitate to let us know. We are here to assist you.
Hi @nazelisargsyan,
Thank you for your feedback. Unfortunately, I do not understand the benefits for safety.
Example:
User IP: 158.181.82.1
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Site URL: https://example.com/ (cam only be changed by the website operator)
MD5 hash of concatenated values: 9d295784dacba7a1c2de218fcda2a9a2
When I restart my router, my IP address changes (dynamic allocation by the ISP). When I update my browser, my user agent changes. A real website visitor will not be able to prevent both in every case and this leads to a change in the MD5 hash.
What happens if one of these cases occurs? Can forms from Form Marker then no longer be sent by this website visitor?
I also wonder what the security benefits are of having only one website visitor submit a second form if they used exactly the same technical parameters for the first submission. Can you please explain the security benefits of this again?
Thanks for your time!
Best regards,
Jan
Hi @devowl,
Kindly be informed that we utilize stored cookies not only for security purposes but also to generate hashes, which are employed for storing, editing, and deleting data within our database. This process is integral to the operations involving our forms. Please note that this is the extent of information we are able to provide regarding this topic.
If you require further assistance or clarification, please review the provided information and feel free to reach out to us.
Thank you for your understanding.
Regards,
Nazeli
Hi @nazelisargsyan,
Thank you for your feedback. Unfortunately, even after rechecking the code of Form Marker, it is technically incomprehensible to us why the cookie for storing, editing, and deleting should be technically essential within the meaning of EU Directive 2009/136/EC Recital 66. Unfortunately, we cannot find an explanation of the technically essential data processing procedure in your answer.
In a comparison with form plugins from other developers that work without such a cookie for security and technical data storage purposes, it is also not clear to us why this is fundamentally different for Form Marker in terms of technology.
I also take from this thread that Form Marker has no interest in adapting the plugin so that it works without this cookie. We therefore conclude that Form Marker should not be used by EU website operators, if they wish to comply with the applicable data protection regulations, this will be done accordingly in our Consent Management System Real Cookie Banner.
Thank you for your time and effort, anyways!
Best regards,
Jan
