[wp-hackers] Revisiting phone home and privacy
jwriteclub at gmail.com
Wed Dec 9 01:20:24 UTC 2009
At the risk of being added to the tinfoil hat brigade I have always found it
very unsettling that users are not offered an opt out.
As others have pointed out, virtually every piece of software with a phone
home feature asks for user permission first. Indeed, I suspect (although I
am not fully up to date on case law) that this has been mandated by the
deliciously silly wranglings of the legal community (otherwise, why would
everyone do it?).
But purely from an ethical standpoint, I really think it's important that
users be allowed to opt out easily and in the core!
On Tue, Dec 8, 2009 at 5:49 PM, Will Norris <will at willnorris.com> wrote:
> On Dec 7, 2009, at 10:40 PM, Matt Mullenweg wrote:
> > On 2009-12-06 10:33 PM, Lynne Pope wrote:
> >> The reason it was hacked was that the owner didn't know of an update
> >> would have protected his site. The reason he didn't know was because he
> >> using plugins to prevent update checks - and was only using those
> because he
> >> didn't want to send his site URL to WordPress. (Ok, he would have known
> >> he had been keeping track of updates externally, but this is a case
> >> privacy concerns removed an important feature from WordPress and
> >> disadvantaged him in the process).
> > One would imagine if you install a "disable update check" plugin you'd be
> conscious of the responsibility of checking for updates manually.
> > Even with updates on many people don't update, unfortunately.
> > There was a different plugin that just hashed the URL but still checked
> for updates, which we recommended for the paranoid.
> > All in all though, not a high priority. I've never met anyone in person
> who disables update checks.* (Maybe they're scared to come to WordCamps.)
> > * I have met people who disabled it for clients whose sites they managed
> and were responsible for.
> It seems like lines are getting crossed (or perhaps I'm mis-reading some of
> these)... Lynne isn't asking for, nor advocating, disabling of update
> checks. Everyone in the community agrees that updates are vitally important
> for security. Lynne's point is that many of the people who disable updates
> or not doing it because they don't want the security. They do it because
> it's the only way they know to prevent identifying data from being sent to
> I can't help but think of a lot of software I have on my Mac... the first
> time I run it, it pops up with a little window asking if I want to check for
> updates automatically (thanks Sparkle.framework). And a number of them have
> an additional checkbox to "send additional system data", or whatever the
> language is. These are two different things... turning on updates which
> *everyone* should do, and providing additional statistical data if you wish
> and cannot be used. And yes, I do agree that it covers the data in question
> here, and there are methods of discovering the data by other means anyway
> (like the IP address). But to ask "why so paranoid?" is placing the burden
> on the wrong party. Privacy should be the status quo. The right question
> is "why does WordPress.org need the data?" (that's rhetorical, I understand
> the stats and stuff you do with the data).
> If Automattic, the company, wants to require certain data to be provided to
> use various services like IntenseDebate or PollDaddy, that's fine... those
> are company products. But as long as WordPress is a community effort, I
> would strongly vote +1 to adding options in WordPress core to prevent
> unnecessary identifying data from being sent during software update checks.
> Besides, that privacy page is looking really lonely withe the sole "Blog
> Visibility" option.
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers