<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta content="text/html;charset=UTF-8" http-equiv="Content-Type"></head><body ><div style='font-size:10pt;font-family:Verdana,Arial,Helvetica,sans-serif;'>Now you are just being silly. Obviously there are security measures that WordPress implements that has no need of disclosing every little thing that it does. But we're not talking about WordPress security. We're talking about a theme developer deciding they want to track information about me within my own admin. These are two entirely different things.<div><br></div><div>The issue here is user expectations and rights. As a user I expect that WordPress does various things to keep my site secure and stable. As a user, when I installa theme I expect it will change the appearance of my site and perhaps even add various settings within my admin that I my manage said theme. I do not expect that a random developer has the right to track what, how or from where I manage my admin. I can also completely respect a developer creating a system by which if a user needs support they can request it right from their admin and that the request could reasonably send data about my install to help the developer with troubleshooting. But I would also expect the developer to disclose what data will be submitted so I have the option to not use that said system if the data being gathered makes me uncomfortable.</div><div><br></div><div>These are all reasonable expectations and since the role of the Theme Repo is to protect users and not theme developers it seems very much valid. Of course you are certainly welcome to your opinion but it does not invalidate my own.<br><br><div id="">James Laws<div><a href="http://wpninjas.com" title="The WP Ninjas" target="_blank">wpninjas.com</a></div><div><a href="http://twitter.com/jameslaws" title="James Laws on Twitter" target="_blank">twitter.com/jameslaws</a></div></div><br><div id="1"><br>---- On Sat, 11 May 2013 09:19:00 -0500 <b>Philip M. Hofer (Frumph)<philip@frumph.net></b> wrote ---- <br></div><br><blockquote style="border-left: 1px solid #0000FF; padding-left: 6px;"><div dir="ltr"> <div dir="ltr"> <div style="font-family: 'calibri'; color: #000000; font-size: 12pt"> <div> </div> <div>There are so many things in ‘hidden fields’ all over the place within WP’s admin. This argument is seriously invalid.</div> <div> </div> <div>I suppose you want the wp_nonce_field functionality open as well too then huh?</div> <div> </div> <div> </div> <div style="font-style: normal; display: inline; font-family: 'calibri'; color: #000000; font-size: small; font-weight: normal; text-decoration: none"> <div style="font: 10pt tahoma"> <div><font size="3" face="Calibri"></font> </div> <div style="background: #f5f5f5"> <div style="font-color: black"><b>From:</b> <a href="mailto:james@wpninjas.com" title="james@wpninjas.com" target="_blank" mailid="james%40wpninjas.com" subj="">james</a> </div> <div><b>Sent:</b> Saturday, May 11, 2013 7:16 AM</div> <div><b>To:</b> <a href="mailto:theme-reviewers@lists.wordpress.org" title="theme-reviewers@lists.wordpress.org" target="_blank" mailid="theme-reviewers%40lists.wordpress.org" subj="">theme-reviewers@lists.wordpress.org</a> </div> <div><b>Subject:</b> Re: [theme-reviewers] Hidden IP field in theme contact form</div></div></div> <div> </div></div> <div style="font-style: normal; display: inline; font-family: 'calibri'; color: #000000; font-size: small; font-weight: normal; text-decoration: none"> <div style="font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt">I shall not. :P<br><br> <div>James Laws <div><a href="http://wpninjas.com" title="The WP Ninjas" target="_blank">wpninjas.com</a></div> <div><a href="http://twitter.com/jameslaws" title="James Laws on Twitter" target="_blank">twitter.com/jameslaws</a></div></div> <div> </div> <div><font size="3" face="Calibri"></font><br>---- On Sat, 11 May 2013 09:15:27 -0500 <b>Philip M. Hofer (Frumph) <<a href="mailto:philip@frumph.net" target="_blank" mailid="philip%40frumph.net" subj="">philip@frumph.net</a>></b> wrote ---- <br></div><br> <blockquote style="border-left: #0000ff 1px solid; padding-left: 6px"> <div dir="ltr"> <div dir="ltr"> <div style="font-family: 'calibri'; color: #000000; font-size: 12pt"> <div>Get over it.</div> <div> </div> <div style="font-style: normal; display: inline; font-family: 'calibri'; color: #000000; font-size: small; font-weight: normal; text-decoration: none"> <div style="font: 10pt tahoma"> <div> </div> <div style="background: #f5f5f5"> <div style="font-color: black"><b>From:</b> <a href="mailto:james@wpninjas.com" title="james@wpninjas.com" target="_blank" mailid="james%40wpninjas.com" subj="">james</a> </div> <div><b>Sent:</b> Saturday, May 11, 2013 5:48 AM</div> <div><b>To:</b> <a href="mailto:theme-reviewers@lists.wordpress.org" title="theme-reviewers@lists.wordpress.org" target="_blank" mailid="theme-reviewers%40lists.wordpress.org" subj="">theme-reviewers@lists.wordpress.org</a> </div> <div><b>Subject:</b> Re: [theme-reviewers] Hidden IP field in theme contact form</div></div></div> <div> </div></div> <div style="font-style: normal; display: inline; font-family: 'calibri'; color: #000000; font-size: small; font-weight: normal; text-decoration: none"> <div style="font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt">My two cents? I don't care what the reasons are for tracking IP or any other data. You are in my WordPress admin. You are adding things into my Control Panel that I use to administer my website. I am the supreme king in there and anything you do in my admin should be fully disclosed, period. Every other argument is pointless to me until that is settled. My admin, my rights. Add it, don't add it, but tell me what you are doing when you come into my house. :)<br><br> <div>James Laws <div><a href="http://wpninjas.com" title="The WP Ninjas" target="_blank">wpninjas.com</a></div> <div><a href="http://twitter.com/jameslaws" title="James Laws on Twitter" target="_blank">twitter.com/jameslaws</a></div></div> <div> </div> <div><br>---- On Sat, 11 May 2013 07:14:15 -0500 <b>Daniel Fenn <<a href="mailto:danielx386@gmail.com" target="_blank" mailid="danielx386%40gmail.com" subj="">danielx386@gmail.com</a>></b> wrote ---- <br></div><br> <blockquote style="border-left: #0000ff 1px solid; padding-left: 6px">And the fact that webservers collect ip addresses as well. (apache,<br>litespeed etc)<br><br>On 5/11/13, Philip M. Hofer (Frumph) <<a href="mailto:philip@frumph.net" target="_blank" mailid="philip%40frumph.net" subj="">philip@frumph.net</a>> wrote:<br>> Yeah, really not having an issue with it, there’s no rule or regulation<br>> against sending the IP hidden or otherwise. Mail’s generally have the<br>> originators IP in them to begin with, this is just making sure the IP of the<br>> ‘real’ originator since it will be coming from the users server’s location<br>> in the headers of the mail.<br>> Just to point out that regular vanilla WordPress collects IP’s of comments<br>> without notifying.<br>> From: Bryan Hadaway<br>> Sent: Friday, May 10, 2013 4:56 PM<br>> To: <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank" mailid="theme-reviewers%40lists.wordpress.org" subj="">theme-reviewers@lists.wordpress.org</a><br>> Subject: Re: [theme-reviewers] Hidden IP field in theme contact form<br>><br>> 1. To block known bad IPs (like Akismet), to build location stats on your<br>> users (no different than GA, nothing unethical about it that I can tell at<br>> first glance).<br>><br>><br>> 2. This would be better asked as why disclose that info? I've never seen a<br>> form on any website EVER, do this. That includes .org and .com. I've seen<br>> little snippets about why your email address is needed, but I've absolutely<br>> NEVER seen in a form in any context EVER have a little "PS: We also collect<br>> your IP for spam and banning purposes." And I sincerely doubt you or anyone<br>> else on this list has ever seen that besides buried deep in the bowels of<br>> the TOS or Privacy Policy fine print that doesn't really apply in this<br>> context anyways.<br>><br>><br>> 3. Because the options are stored in the db, not sent to someone's inbox. An<br>> inbox that perhaps would rather avoid being filled with potentially<br>> thousands of spam emails or even if they went to the spam folder. Also, I'm<br>> sure there are other serious professionals like myself who aren't negligent<br>> enough to simply delete their spam emails without scanning them for false<br>> positives first.<br>><br>><br>> Hey, maybe this person really does somehow have malicious intent, though I<br>> can't imagine how, but ultimately I'm protected the precedent, not the<br>> individual use-case which I think most of us understand is the larger<br>> concern when these issues come up.<br>><br>><br>> As to the last bit, that's programmer speak that goes right over my head.<br>><br>><br>><br>> --------------------------------------------------------------------------------<br>> _______________________________________________<br>> theme-reviewers mailing list<br>> <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank" mailid="theme-reviewers%40lists.wordpress.org" subj="">theme-reviewers@lists.wordpress.org</a><br>> <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>><br><br><br>-- <br>Regards,<br>Daniel Fenn<br>_______________________________________________<br>theme-reviewers mailing list<br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank" mailid="theme-reviewers%40lists.wordpress.org" subj="">theme-reviewers@lists.wordpress.org</a><br><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br></blockquote><br></div> <hr> _______________________________________________<br>theme-reviewers mailing list<br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank" mailid="theme-reviewers%40lists.wordpress.org" subj="">theme-reviewers@lists.wordpress.org</a><br><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br></div></div></div>_______________________________________________ <br>theme-reviewers mailing list <br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank" mailid="theme-reviewers%40lists.wordpress.org" subj="">theme-reviewers@lists.wordpress.org</a> <br><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br></div></blockquote><br></div> <p> </p><hr> _______________________________________________<br>theme-reviewers mailing list<br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank" mailid="theme-reviewers%40lists.wordpress.org" subj="">theme-reviewers@lists.wordpress.org</a><br><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br></div></div></div> _______________________________________________ <br>theme-reviewers mailing list <br><a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank" mailid="theme-reviewers%40lists.wordpress.org" subj="">theme-reviewers@lists.wordpress.org</a> <br><a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a> <br></div></blockquote><br></div></div></body></html>