Does the Theme documentation even disclose that it includes this tracking code? If not, it's a double-whammy: no user disclosure, and no user consent.<div><br></div><div>Note that this *should* have come up in Theme Check already, under INFO, due to the http:// links. Adding an explicit test to Theme Check would probably be okay, but perhaps not scalable, if other similar services start cropping up.</div>
<div><br></div><div>On a related note: doesn't it rather defeat the purpose of API and auth keys, to have those keys in clear-text, in a freely available, open-source product? That's really more of a question for PressTrends, I guess.</div>
<div><br></div><div>Chip<br><br><div class="gmail_quote">On Thu, Mar 8, 2012 at 9:00 AM, Yulian Yordanov <span dir="ltr"><<a href="mailto:yul.yordanov@gmail.com">yul.yordanov@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#333333">
<font size="-1"><font face="Trebuchet MS">Understood. In this
particular case there is no such options just that code, which
frankly speaking I found by chance. There might be other themes
with it as well, especially if the theme-package has a lot of
files. <br>
It may be useful if Theme Checker prints some info about
presence of this function, so the reviewer will be aware to
check how it's implemented. <br>
</font></font><div><div class="h5"> <br>
On 08.3.2012 15:35, Chip Bennett wrote:
<blockquote type="cite">Exactly: user-configurable, and disabled by default
(i.e. OPT-IN).
<div><br>
</div>
<div>(I wondered when we'd see our first PressTrends
implementation get submitted...)</div>
<div><br>
</div>
<div>Chip<br>
<br>
<div class="gmail_quote">
On Thu, Mar 8, 2012 at 6:25 AM, George Mamadashvili <span dir="ltr"><<a href="mailto:georgemamadashvili@gmail.com" target="_blank">georgemamadashvili@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I think it should be disabled by default, and theme author
may include option to enable it if user want to share data.<br>
<br>
<div class="gmail_quote">
<div>
<div>On Thu, Mar 8, 2012 at 4:12 PM, yulian
yordanov <span dir="ltr"><<a href="mailto:yul.yordanov@gmail.com" target="_blank">yul.yordanov@gmail.com</a>></span>
wrote:<br>
</div>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div>Currently reviewing a theme which has
tracking code in its functions from a service called
"PressTrends" <a href="http://presstrends.io/" target="_blank">http://presstrends.io/</a>
This service fetches details about users to theme's
author for statistical purposes, but I'm wondering
is it's OK for a theme in WP repository?<br>
<br>
That's how the code looks like:<br>
<br>
<span style="font-family:courier new,monospace">//
Add your PressTrends and Theme API Keys</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$api_key
= '-----';</span> (deleted by me)<br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$auth
= '------';</span> (deleted by me)<br style="font-family:courier new,monospace">
<br>
<span style="font-family:courier new,monospace">$data
= get_transient( 'presstrends_data' );</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">if
(!$data || $data == ''){</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$api_base
= '<a href="http://api.presstrends.io/index.php/api/sites/add/auth/" target="_blank">http://api.presstrends.io/index.php/api/sites/add/auth/</a>';</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$url
= $api_base . $auth . '/api/' . $api_key . '/';</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data
= array();</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$count_posts
= wp_count_posts();</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$count_pages
= wp_count_posts('page');</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$comments_count
= wp_count_comments();</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$theme_data
= get_theme_data(get_stylesheet_directory() .
'/style.css');</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$plugin_count
= count(get_option('active_plugins'));</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$all_plugins
= get_plugins();</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">foreach($all_plugins
as $plugin_file => $plugin_data) {</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$plugin_name
.= $plugin_data['Name'];</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$plugin_name
.= '&';</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">}</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['url']
= stripslashes(str_replace(array('<a>http://</a>', '/',
':' ), '', site_url()));</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['posts']
= $count_posts->publish;</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['pages']
= $count_pages->publish;</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['comments']
= $comments_count->total_comments;</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['approved']
= $comments_count->approved;</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['spam']
= $comments_count->spam;</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['theme_version']
= $theme_data['Version'];</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['theme_name']
= $theme_data['Name'];</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['site_name']
= str_replace( ' ', '', get_bloginfo( 'name' ));</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['plugins']
= $plugin_count;</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['plugin']
= urlencode($plugin_name);</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$data['wpversion']
= get_bloginfo('version');</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">foreach
( $data as $k => $v ) {</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$url
.= $k . '/' . $v . '/';</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">}</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">$response
= wp_remote_get( $url );</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">set_transient('presstrends_data',
$data, 60*60*24);</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">}}</span><br style="font-family:courier new,monospace">
<span style="font-family:courier new,monospace">add_action('admin_init',
'if_presstrends');</span><span><font color="#888888"><br clear="all">
<br>
<br>
-- <br>
<font style="font-family:trebuchet ms,sans-serif" size="2">Yulian Yordanov<br>
<a href="http://post-scriptum.info/" target="_blank">post-scriptum.info</a></font><br>
<br>
</font></span><br>
</div>
</div>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br>
</blockquote>
</div>
<br>
<br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
theme-reviewers mailing list
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a>
</pre>
</blockquote>
<br>
</div></div><span class="HOEnZb"><font color="#888888"><div>-- <br>
<font><span style="font-family:Trebuchet MS,sans-serif">Yulian
Yordanov
<br>
<br>
<a href="mailto:yul.yordanov@gmail.com" target="_blank">yul.yordanov@gmail.com</a></span>
<br>
<a style="font-family:Trebuchet MS,sans-serif" href="http://post-scriptum.info/" target="_blank">post-scriptum.info</a></font></div>
</font></span></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>