[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()

WordPress Trac noreply at wordpress.org
Wed Jan 18 16:24:07 UTC 2017


#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+------------------------------
 Reporter:  investici       |       Owner:
     Type:  enhancement     |      Status:  reopened
 Priority:  normal          |   Milestone:  Awaiting Review
Component:  Administration  |     Version:
 Severity:  minor           |  Resolution:
 Keywords:  has-patch       |     Focuses:
----------------------------+------------------------------

Comment (by swissspidy):

 It seems like this ticket is getting out of hand and it's impossible to
 follow the discussion any longer.

 Concerns about WordPress sending anonymous data have been raised multiple
 times now, slowly drifting away from the original request to add an option
 or a filter.

 In the past, we've tried to use Trac as a platform to discuss the
 "how"-side of things, with debates on principles (the "why") and +1's
 happening elsewhere, e.g. on make.wordpress.org and Slack.

 Recently some people began with some research on opt-in data collection in
 WordPress, which seems to be what the majority of people commenting here
 is striving for. See #38418. Why not join forces?

 Also, I'd like to quote @chriscct7 here and encourage folks to document
 current behaviour:

 > Additionally, the WordPress project maintains an open information
 section, similar to Wikipedia, where anyone can contribute new
 documentation or information about the platform, that to a reasonable
 extent would be useful to other users. As such, you're free to create a
 page for this. As a volunteer-based project […] the best way to ensure
 that things get done, is often to do them or spearhead them.

 I'm curious why nobody followed up on @TJNowell's suggestion as well:

 > This strikes me as something that would be trivially fixed by adding a
 sentence to wp-admin/about.php
 > Stating what information gets sent to .org and why should only take a
 short paragraph of text at the bottom of the about page. If we can add an
 entire page talking about Freedoms I think we can write a short privacy
 statement.
 > Here's a suggestion:
 > > Note: WordPress may send statistics to WordPress.org when requesting
 updates. This is to help plan and improve future updates.
 > With perhaps a "For more information, click here" that leads to a .org
 page

 It would be awesome if someone could whip up a small proof-of-concept for
 this. This is open-source software after all, everyone can get involved.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:90>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list