[theme-reviewers] Hidden IP field in theme contact form

Peter Kakoma kakomap at gmail.com
Sat May 11 17:25:58 UTC 2013


No need for name calling. Your argument will still stand up without putting
down others

Three things:
1. The fact that something is very commonplace doesn't make it right. I'm
not saying what the theme developer is doing is right(or wrong for that
matter), I'm merely pointing out the obvious; that referring to how this or
that is done everywhere doesn't make this or that right
2. I believe a theme shouldn't be rejected solely based on the fact that it
collects IPs...but at the very least, let the developer point out why
he/she (yay, gender sensitive) is collecting them.
3. It is only fair that a notice, however small (0.7rem anyone?), is put
pointing out that the "Hey, when you hit send on that support form, I'll
get your IP address".

Let's promote a culture of openness; In point 2, the developer should be
open about his/her intentions. In point 3, let that openness be extended to
our users-let them know what's going on so they make the decision
themselves.

The several cases already out there could come down to many things; some
are probably covered in the 'terms and conditions' that we (I?) never read.
But even if they aren't, we don't have to subscribe to the value system
they used in their decisions


On Sat, May 11, 2013 at 5:28 PM, james <james at wpninjas.com> wrote:

> **
> Now you are just being silly. Obviously there are security measures that
> WordPress implements that has no need of disclosing every little thing that
> it does. But we're not talking about WordPress security. We're talking
> about a theme developer deciding they want to track information about me
> within my own admin. These are two entirely different things.
>
> The issue here is user expectations and rights. As a user I expect that
> WordPress does various things to keep my site secure and stable. As a user,
> when I installa theme I expect it will change the appearance of my site and
> perhaps even add various settings within my admin that I my manage said
> theme. I do not expect that a random developer has the right to track what,
> how or from where I manage my admin. I can also completely respect a
> developer creating a system by which if a user needs support they can
> request it right from their admin and that the request
> could reasonably send data about my install to help the developer
> with troubleshooting. But I would also expect the developer to disclose
> what data will be submitted so I have the option to not use that said
> system if the data being gathered makes me uncomfortable.
>
> These are all reasonable expectations and since the role of the Theme Repo
> is to protect users and not theme developers it seems very much valid. Of
> course you are certainly welcome to your opinion but it does not invalidate
> my own.
>
> James Laws
> wpninjas.com
> twitter.com/jameslaws
>
>
> ---- On Sat, 11 May 2013 09:19:00 -0500 *Philip M. Hofer (Frumph)<
> philip at frumph.net>* wrote ----
>
>
> There are so many things in ‘hidden fields’ all over the place within WP’s
> admin.   This argument is seriously invalid.
>
> I suppose you want the wp_nonce_field functionality open as well too then
> huh?
>
>
>
>  *From:* james <james at wpninjas.com>
> *Sent:* Saturday, May 11, 2013 7:16 AM
> *To:* theme-reviewers at lists.wordpress.org
> *Subject:* Re: [theme-reviewers] Hidden IP field in theme contact form
>
>  I shall not. :P
>
> James Laws
> wpninjas.com
> twitter.com/jameslaws
>
>
> ---- On Sat, 11 May 2013 09:15:27 -0500 *Philip M. Hofer (Frumph) <
> philip at frumph.net>* wrote ----
>
>   Get over it.
>
>
>  *From:* james <james at wpninjas.com>
> *Sent:* Saturday, May 11, 2013 5:48 AM
> *To:* theme-reviewers at lists.wordpress.org
> *Subject:* Re: [theme-reviewers] Hidden IP field in theme contact form
>
>  My two cents? I don't care what the reasons are for tracking IP or any
> other data. You are in my WordPress admin. You are adding things into my
> Control Panel that I use to administer my website. I am the supreme king in
> there and anything you do in my admin should be fully disclosed, period.
> Every other argument is pointless to me until that is settled. My admin, my
> rights. Add it, don't add it, but tell me what you are doing when you come
> into my house. :)
>
> James Laws
> wpninjas.com
> twitter.com/jameslaws
>
>
> ---- On Sat, 11 May 2013 07:14:15 -0500 *Daniel Fenn <danielx386 at gmail.com
> >* wrote ----
>
> And the fact that webservers collect ip addresses as well. (apache,
> litespeed etc)
>
> On 5/11/13, Philip M. Hofer (Frumph) <philip at frumph.net> wrote:
> > Yeah, really not having an issue with it, there’s no rule or regulation
> > against sending the IP hidden or otherwise. Mail’s generally have the
> > originators IP in them to begin with, this is just making sure the IP of
> the
> > ‘real’ originator since it will be coming from the users server’s
> location
> > in the headers of the mail.
> > Just to point out that regular vanilla WordPress collects IP’s of
> comments
> > without notifying.
> > From: Bryan Hadaway
> > Sent: Friday, May 10, 2013 4:56 PM
> > To: theme-reviewers at lists.wordpress.org
> > Subject: Re: [theme-reviewers] Hidden IP field in theme contact form
> >
> > 1. To block known bad IPs (like Akismet), to build location stats on your
> > users (no different than GA, nothing unethical about it that I can tell
> at
> > first glance).
> >
> >
> > 2. This would be better asked as why disclose that info? I've never seen
> a
> > form on any website EVER, do this. That includes .org and .com. I've seen
> > little snippets about why your email address is needed, but I've
> absolutely
> > NEVER seen in a form in any context EVER have a little "PS: We also
> collect
> > your IP for spam and banning purposes." And I sincerely doubt you or
> anyone
> > else on this list has ever seen that besides buried deep in the bowels of
> > the TOS or Privacy Policy fine print that doesn't really apply in this
> > context anyways.
> >
> >
> > 3. Because the options are stored in the db, not sent to someone's
> inbox. An
> > inbox that perhaps would rather avoid being filled with potentially
> > thousands of spam emails or even if they went to the spam folder. Also,
> I'm
> > sure there are other serious professionals like myself who aren't
> negligent
> > enough to simply delete their spam emails without scanning them for false
> > positives first.
> >
> >
> > Hey, maybe this person really does somehow have malicious intent, though
> I
> > can't imagine how, but ultimately I'm protected the precedent, not the
> > individual use-case which I think most of us understand is the larger
> > concern when these issues come up.
> >
> >
> > As to the last bit, that's programmer speak that goes right over my head.
> >
> >
> >
> >
> --------------------------------------------------------------------------------
> > _______________________________________________
> > theme-reviewers mailing list
> > theme-reviewers at lists.wordpress.org
> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >
>
>
> --
> Regards,
> Daniel Fenn
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
> ------------------------------
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>  ------------------------------
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>


-- 
www.urbanlegendkampala.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20130511/24f9323f/attachment.html>


More information about the theme-reviewers mailing list