[theme-reviewers] Hidden IP field in theme contact form

james james at wpninjas.com
Sat May 11 17:32:29 UTC 2013


No name calling or putting down others on my part.

James Lawswpninjas.com
twitter.com/jameslaws



---- On Sat, 11 May 2013 12:25:58 -0500 Peter Kakoma<kakomap at gmail.com> wrote ---- 


No need for name calling. Your argument will still stand up without putting down others

Three things:1. The fact that something is very commonplace doesn't make it right. I'm not saying what the theme developer is doing is right(or wrong for that matter), I'm merely pointing out the obvious; that referring to how this or that is done everywhere doesn't make this or that right
 2. I believe a theme shouldn't be rejected solely based on the fact that it collects IPs...but at the very least, let the developer point out why he/she (yay, gender sensitive) is collecting them.
 3. It is only fair that a notice, however small (0.7rem anyone?), is put pointing out that the "Hey, when you hit send on that support form, I'll get your IP address". 


Let's promote a culture of openness; In point 2, the developer should be open about his/her intentions. In point 3, let that openness be extended to our users-let them know what's going on so they make the decision themselves. 
 

The several cases already out there could come down to many things; some are probably covered in the 'terms and conditions' that we (I?) never read. But even if they aren't, we don't have to subscribe to the value system they used in their decisions
 



On Sat, May 11, 2013 at 5:28 PM, james <james at wpninjas.com> wrote:
 Now you are just being silly. Obviously there are security measures that WordPress implements that has no need of disclosing every little thing that it does. But we're not talking about WordPress security. We're talking about a theme developer deciding they want to track information about me within my own admin. These are two entirely different things. 

The issue here is user expectations and rights. As a user I expect that WordPress does various things to keep my site secure and stable. As a user, when I installa theme I expect it will change the appearance of my site and perhaps even add various settings within my admin that I my manage said theme. I do not expect that a random developer has the right to track what, how or from where I manage my admin. I can also completely respect a developer creating a system by which if a user needs support they can request it right from their admin and that the request could reasonably send data about my install to help the developer with troubleshooting. But I would also expect the developer to disclose what data will be submitted so I have the option to not use that said system if the data being gathered makes me uncomfortable.
 

These are all reasonable expectations and since the role of the Theme Repo is to protect users and not theme developers it seems very much valid. Of course you are certainly welcome to your opinion but it does not invalidate my own.
 
James Lawswpninjas.com
twitter.com/jameslaws
 


---- On Sat, 11 May 2013 09:19:00 -0500 Philip M. Hofer (Frumph)<philip at frumph.net> wrote ---- 


     
 There are so many things in ‘hidden fields’ all over the place within WP’s admin.   This argument is seriously invalid.
  
 I suppose you want the wp_nonce_field functionality open as well too then huh?
  
  
    
  From: james 
 Sent: Saturday, May 11, 2013 7:16 AM
 To: theme-reviewers at lists.wordpress.org 
 Subject: Re: [theme-reviewers] Hidden IP field in theme contact form


  

  I shall not. :P

 James Laws wpninjas.com
 twitter.com/jameslaws
 
  
 
---- On Sat, 11 May 2013 09:15:27 -0500 Philip M. Hofer (Frumph) <philip at frumph.net> wrote ---- 
 

     Get over it.
  
    
  From: james 
 Sent: Saturday, May 11, 2013 5:48 AM
 To: theme-reviewers at lists.wordpress.org 
 Subject: Re: [theme-reviewers] Hidden IP field in theme contact form
 

  

   My two cents? I don't care what the reasons are for tracking IP or any other data. You are in my WordPress admin. You are adding things into my Control Panel that I use to administer my website. I am the supreme king in there and anything you do in my admin should be fully disclosed, period. Every other argument is pointless to me until that is settled. My admin, my rights. Add it, don't add it, but tell me what you are doing when you come into my house. :)
 
 James Laws wpninjas.com
 twitter.com/jameslaws
 
  
 
---- On Sat, 11 May 2013 07:14:15 -0500 Daniel Fenn <danielx386 at gmail.com> wrote ---- 


  And the fact that webservers collect ip addresses as well. (apache,
litespeed etc)

On 5/11/13, Philip M. Hofer (Frumph) <philip at frumph.net> wrote:
 > Yeah, really not having an issue with it, there’s no rule or regulation
> against sending the IP hidden or otherwise. Mail’s generally have the
> originators IP in them to begin with, this is just making sure the IP of the
 > ‘real’ originator since it will be coming from the users server’s location
> in the headers of the mail.
> Just to point out that regular vanilla WordPress collects IP’s of comments
> without notifying.
 > From: Bryan Hadaway
> Sent: Friday, May 10, 2013 4:56 PM
> To: theme-reviewers at lists.wordpress.org
> Subject: Re: [theme-reviewers] Hidden IP field in theme contact form
 >
> 1. To block known bad IPs (like Akismet), to build location stats on your
> users (no different than GA, nothing unethical about it that I can tell at
> first glance).
>
>
 > 2. This would be better asked as why disclose that info? I've never seen a
> form on any website EVER, do this. That includes .org and .com. I've seen
> little snippets about why your email address is needed, but I've absolutely
 > NEVER seen in a form in any context EVER have a little "PS: We also collect
> your IP for spam and banning purposes." And I sincerely doubt you or anyone
> else on this list has ever seen that besides buried deep in the bowels of
 > the TOS or Privacy Policy fine print that doesn't really apply in this
> context anyways.
>
>
> 3. Because the options are stored in the db, not sent to someone's inbox. An
 > inbox that perhaps would rather avoid being filled with potentially
> thousands of spam emails or even if they went to the spam folder. Also, I'm
> sure there are other serious professionals like myself who aren't negligent
 > enough to simply delete their spam emails without scanning them for false
> positives first.
>
>
> Hey, maybe this person really does somehow have malicious intent, though I
 > can't imagine how, but ultimately I'm protected the precedent, not the
> individual use-case which I think most of us understand is the larger
> concern when these issues come up.
 >
>
> As to the last bit, that's programmer speak that goes right over my head.
>
>
>
> --------------------------------------------------------------------------------
 > _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
 >


-- 
Regards,
Daniel Fenn
_______________________________________________
theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
 http://lists.wordpress.org/mailman/listinfo/theme-reviewers


  _______________________________________________
 theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
http://lists.wordpress.org/mailman/listinfo/theme-reviewers
 


_______________________________________________ 
theme-reviewers mailing list 
theme-reviewers at lists.wordpress.org 
http://lists.wordpress.org/mailman/listinfo/theme-reviewers 
 


  
 _______________________________________________
theme-reviewers mailing list
theme-reviewers at lists.wordpress.org
 http://lists.wordpress.org/mailman/listinfo/theme-reviewers



 _______________________________________________ 
 theme-reviewers mailing list 
theme-reviewers at lists.wordpress.org 
http://lists.wordpress.org/mailman/listinfo/theme-reviewers 
 







_______________________________________________
 theme-reviewers mailing list
 theme-reviewers at lists.wordpress.org
 http://lists.wordpress.org/mailman/listinfo/theme-reviewers
 





-- 
www.urbanlegendkampala.com
 
 _______________________________________________ 
theme-reviewers mailing list 
theme-reviewers at lists.wordpress.org 
http://lists.wordpress.org/mailman/listinfo/theme-reviewers 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20130511/82b0be46/attachment-0001.html>


More information about the theme-reviewers mailing list