<div dir="ltr"><div><div><div><div><div><div><div><div><div>Let's just layout all the facts.<br><br></div>1. It's common practice for forms to collect IP addresses without disclosing that info <i>inline</i>, whether that be Google, Facebook, Gmail, WordPress or 90% of the other places/things you can do online. This is common, normal and not illegal whatsoever.<br>
<br></div>2. It is solely up to the company whether they disclose specifics in any sort of privacy policy. Generally this is only to cover their ass in the first place, not because it's mandatory.<br><br></div>3. It's at the sole discretion of every person on which websites, services, software, plugins etc they CHOOSE to use and the research time they put in to understand their own privacy/security.<br>
<br></div>Now, it would absolutely be nice if every company/person in the world was fully transparent about everything they did and wrote in-depth documentation for it. That would be ideal, but it's not the law or anyone's right to dictate.<br>
<br></div>This isn't a discussion of ethics. That's subjective and not tangible in this sense. Just because you don't like that a plugin does something and doesn't "disclose" or "document" it doesn't mean they should be forced to or stopped from contributing.<br>
<br></div>While it would be ideal to do everything in one's power to make their users happy, safe and warm and fuzzy, someone could simply create a theme or plugin "as-is" as long as it's GPL, upload it, pass the reviews and then never update it, support it or provide documentation for it. Again, not ideal, but that seems like a basic right that shouldn't be messed with.<br>
<br></div>I think that's what we really need to consider. Just because we might feel "Hey man, your plugin does this or that, that I don't like." does that mean that WP.org should dictate how someone supports their work?<br>
<br></div>Too subjective all around. I feel this is something that can only ever fall under recommended, not required, because where does it end? Should a web designer/programmer add instructions, programmer's comments etc for every single line of code in which someone might find to be a privacy/security flaw or something that could make your site go boom if they tinkered with it? Should they hire a lawyer? Insanity, no one would ever get these things out so that we could use them in the first place.<br>
<br></div>I think theme and plugin authors (especially for free stuff) and even WP.org itself can only do so much. At the end of the day, it's 100% the end-users responsibility to handle their website inside and out.<br>
</div>