[wp-trac] [WordPress Trac] #43492: Core Telemetry and Updates

Thu Mar 8 09:28:51 UTC 2018

#43492: Core Telemetry and Updates
------------------------------+------------------------------
 Reporter:  xkon              |       Owner:
     Type:  enhancement       |      Status:  new
 Priority:  normal            |   Milestone:  Awaiting Review
Component:  Upgrade/Install   |     Version:
 Severity:  normal            |  Resolution:
 Keywords:  gdpr 2nd-opinion  |     Focuses:
------------------------------+------------------------------

Comment (by danieltj):

 Replying to [comment:8 xkon]:
 > @danieltj I can easily argue about 'personal data' in the way of: it's
 my server, my localhost/pc so yes PHP version is my personal data
 basically as it's on my personal computer, you have to inform me that you
 want it.

 Just because the information exists on your computer/server doesn't mean
 it's persona data though. '''Through the eyes of GDPR, personal data is
 only data that personally identifies you as a person'''. So `xkon` can of
 course be thought of as personal data as it's your username on
 WordPress.org. However, an unknown site running WordPress 4.9.4 and PHP
 5.6 is not personal data, irrespective of opinion because you cannot use
 that data to personally identify someone with. Anyone in the world (
 '''''25% of the web ;-)''''' ) could have that data as it's so broad and
 general, it doesn't really mean anything. That definition isn't from me,
 but from a trained professional that I listened to at a talk.

 However, I do agree that perhaps there should be something to alert users
 that data is sent, but not necessarily a switch to turn it on or off.
 There's two reasons for this;

 - You can use the `core_version_check_query_args` to add/remove data that
 is sent, however removing enough data here will cause any potential
 upgrade check to fail if it doesn't have enough data to verify an update
 is needed.

 - You can also use the `AUTOMATIC_UPDATER_DISABLED` constant to disable
 all automatic updates and `WP_AUTO_UPDATE_CORE` to disable all site
 updates all together.

 I agree that using a plugin for this may be a bit overkill for something
 so small, but on the other hand, you can put these functions in your
 themes functions file or inside `wp-config.php`.

 The next steps here should be about telling users what is collected and
 why and ensuring people know that personal data is left out of the
 information that is sent to Dot Org. That seems like the best way forward
 from here.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43492#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform