[theme-reviewers] Hidden IP field in theme contact form

Philip M. Hofer (Frumph) philip at frumph.net
Sat May 11 16:59:56 UTC 2013


Expect that every email you make every thing you do on the internet internet has a stamp of your IP on it.

And no, those are not valid.   For the reasons, see above line ^.
And now, in homage.. a Dr. Suess reference.

It’s like telling a blumpheter that he can’t use the squagle on his blumphet because squagles in your opinion are not what you expect him to use to dwiddle.    However, every blumphet on the planet has a squagle. .. no squagles allowed in your house, no sir reee.  You’re just so angry, you’re going to dwiddle the city plibster but to contact that plibster you need to use a blumpheter with a squagle to dwiddle!




From: james 
Sent: Saturday, May 11, 2013 7:28 AM
To: theme-reviewers at lists.wordpress.org 
Subject: Re: [theme-reviewers] Hidden IP field in theme contact form

Now you are just being silly. Obviously there are security measures that WordPress implements that has no need of disclosing every little thing that it does. But we're not talking about WordPress security. We're talking about a theme developer deciding they want to track information about me within my own admin. These are two entirely different things. 

The issue here is user expectations and rights. As a user I expect that WordPress does various things to keep my site secure and stable. As a user, when I installa theme I expect it will change the appearance of my site and perhaps even add various settings within my admin that I my manage said theme. I do not expect that a random developer has the right to track what, how or from where I manage my admin. I can also completely respect a developer creating a system by which if a user needs support they can request it right from their admin and that the request could reasonably send data about my install to help the developer with troubleshooting. But I would also expect the developer to disclose what data will be submitted so I have the option to not use that said system if the data being gathered makes me uncomfortable.

These are all reasonable expectations and since the role of the Theme Repo is to protect users and not theme developers it seems very much valid. Of course you are certainly welcome to your opinion but it does not invalidate my own.


James Laws 
wpninjas.com
twitter.com/jameslaws


---- On Sat, 11 May 2013 09:19:00 -0500 Philip M. Hofer (Frumph)<philip at frumph.net> wrote ---- 




  There are so many things in ‘hidden fields’ all over the place within WP’s admin.   This argument is seriously invalid.

  I suppose you want the wp_nonce_field functionality open as well too then huh?



  From: james 
  Sent: Saturday, May 11, 2013 7:16 AM
  To: theme-reviewers at lists.wordpress.org 
  Subject: Re: [theme-reviewers] Hidden IP field in theme contact form

  I shall not. :P


  James Laws 
  wpninjas.com
  twitter.com/jameslaws


  ---- On Sat, 11 May 2013 09:15:27 -0500 Philip M. Hofer (Frumph) <philip at frumph.net> wrote ---- 



    Get over it.


    From: james 
    Sent: Saturday, May 11, 2013 5:48 AM
    To: theme-reviewers at lists.wordpress.org 
    Subject: Re: [theme-reviewers] Hidden IP field in theme contact form

    My two cents? I don't care what the reasons are for tracking IP or any other data. You are in my WordPress admin. You are adding things into my Control Panel that I use to administer my website. I am the supreme king in there and anything you do in my admin should be fully disclosed, period. Every other argument is pointless to me until that is settled. My admin, my rights. Add it, don't add it, but tell me what you are doing when you come into my house. :)


    James Laws 
    wpninjas.com
    twitter.com/jameslaws


    ---- On Sat, 11 May 2013 07:14:15 -0500 Daniel Fenn <danielx386 at gmail.com> wrote ---- 



      And the fact that webservers collect ip addresses as well. (apache,
      litespeed etc)

      On 5/11/13, Philip M. Hofer (Frumph) <philip at frumph.net> wrote:
      > Yeah, really not having an issue with it, there’s no rule or regulation
      > against sending the IP hidden or otherwise. Mail’s generally have the
      > originators IP in them to begin with, this is just making sure the IP of the
      > ‘real’ originator since it will be coming from the users server’s location
      > in the headers of the mail.
      > Just to point out that regular vanilla WordPress collects IP’s of comments
      > without notifying.
      > From: Bryan Hadaway
      > Sent: Friday, May 10, 2013 4:56 PM
      > To: theme-reviewers at lists.wordpress.org
      > Subject: Re: [theme-reviewers] Hidden IP field in theme contact form
      >
      > 1. To block known bad IPs (like Akismet), to build location stats on your
      > users (no different than GA, nothing unethical about it that I can tell at
      > first glance).
      >
      >
      > 2. This would be better asked as why disclose that info? I've never seen a
      > form on any website EVER, do this. That includes .org and .com. I've seen
      > little snippets about why your email address is needed, but I've absolutely
      > NEVER seen in a form in any context EVER have a little "PS: We also collect
      > your IP for spam and banning purposes." And I sincerely doubt you or anyone
      > else on this list has ever seen that besides buried deep in the bowels of
      > the TOS or Privacy Policy fine print that doesn't really apply in this
      > context anyways.
      >
      >
      > 3. Because the options are stored in the db, not sent to someone's inbox. An
      > inbox that perhaps would rather avoid being filled with potentially
      > thousands of spam emails or even if they went to the spam folder. Also, I'm
      > sure there are other serious professionals like myself who aren't negligent
      > enough to simply delete their spam emails without scanning them for false
      > positives first.
      >
      >
      > Hey, maybe this person really does somehow have malicious intent, though I
      > can't imagine how, but ultimately I'm protected the precedent, not the
      > individual use-case which I think most of us understand is the larger
      > concern when these issues come up.
      >
      >
      > As to the last bit, that's programmer speak that goes right over my head.
      >
      >
      >
      > --------------------------------------------------------------------------------
      > _______________________________________________
      > theme-reviewers mailing list
      > theme-reviewers at lists.wordpress.org
      > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
      >


      -- 
      Regards,
      Daniel Fenn
      _______________________________________________
      theme-reviewers mailing list
      theme-reviewers at lists.wordpress.org
      http://lists.wordpress.org/mailman/listinfo/theme-reviewers




----------------------------------------------------------------------------
    _______________________________________________
    theme-reviewers mailing list
    theme-reviewers at lists.wordpress.org
    http://lists.wordpress.org/mailman/listinfo/theme-reviewers

    _______________________________________________ 
    theme-reviewers mailing list 
    theme-reviewers at lists.wordpress.org 
    http://lists.wordpress.org/mailman/listinfo/theme-reviewers 




------------------------------------------------------------------------------
  _______________________________________________
  theme-reviewers mailing list
  theme-reviewers at lists.wordpress.org
  http://lists.wordpress.org/mailman/listinfo/theme-reviewers

  _______________________________________________ 
  theme-reviewers mailing list 
  theme-reviewers at lists.wordpress.org 
  http://lists.wordpress.org/mailman/listinfo/theme-reviewers 





--------------------------------------------------------------------------------
_______________________________________________
theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20130511/bef4272d/attachment.html>


More information about the theme-reviewers mailing list