[wp-hackers] Revisiting phone home and privacy

[Lynne Pope]

2009/12/8 Jacob Santos <wordpress at santosj.name>

> In what way does WordPress.org or Automattic having your URL affect the
> security and privacy of your site?
>

It compromises privacy because users are not being given the option to send
or not send information about their site. It compromises security when users
disable update checks in order to avoid sending information they don't wish
to send.

The specific response I got from the people I was working with was that
business information, such as which plugins they use, is nobody's business
except theirs. They consider this to be business information. Plugin and
theme data contains identifying information about products and staff which
they do not want broadcast to anyone.


> How does preventing WordPress.org from using this data protect you from
> anything?
>

WordPress.org is not a legal entity and cannot therefore be held legally
accountable for misuse of data. They have no confidence in WordPress.org's
ability to keep the data private and confidential and say that as they do
not opt-in to sharing it then wordpress.org has no legal right to collect
it.


>
> Why doesn't the plugins available address your problems with privacy?
>
>
> The filters were placed in for the sole purpose of overriding the URL that
> is sent and for those concern with privacy. While it could be said that the
> small amount of people who downloaded the plugin verses the much larger
> amount that uses WordPress says that not enough people consider sending an
> URL is all that important. It might just be that not enough people realize
> that their WordPress is sending this information.
>

Which plugin just overrides the blog URL? If there is one that simply does
that then I'd point them to it.


>
> It is but the URL, plugins, and themes, along with the PHP version that is
> sent. None of the passwords, visitors (unless you use the WordPress.com
> Stats plugin), etc is sent. There is also a legitimate and reasonable
> purpose behind sending this data and it is to allow for upgrading those
> plugins (however, the URL isn't required, unless they changed that, but you
> could just send www.example.com if you wanted).
>
> By the way, the filters were a compromise to those who said to fork it.
>

Providing the means to check if plugins, theme, or core updates are
available is great. The stickler is the sending of the blog URL (and for
this company - data about custom plugins).

IMO, there needs to be more transparency about what WordPress does behind
the scenes and what data is collected. I understand the concerns when custom
plugins & themes use staff and product names - this sends way too much
identifying information!

The alternative would be if WordPress only checked against theme and plugin
names that are in the WordPress repository, instead of collecting data on
every theme and plugin.

I love the work you did on this Jacob. However, its now 2 years since
wordpress.org started collecting blog URL's with the update and it's still
unnecessary data capture. If WordPress.org has future plans for using this
information then a simple opt-in would prevent these kinds of issues. If
there is no good reason for capturing the URL then perhaps its time it was
removed?

Lynne