[wp-hackers] Plugin update & security / privacy

[Jamie Holly]

Matt Mullenweg schrieb:
>> I would also recommend disabling the updates in Mac OS X, Firefox,
>> Windows, Thunderbird, Adobe Photoshop, and any other third-party
>> applications you have. As all of those are tied to your personal IP
>> and not your server IP they have far more implications for privacy.

This takes me back to when I was teaching. I can't tell you the countless students that would say "well X does it so why can't I"? 

Now consider these applications you mentioned. Every one of them also has EULA's, privacy statements, etc. Take Windows as an example. Once you complete an install you are presented with the "Stay up to date" option. Also when you install these applications you do agree to the terms laid out within said agreements (think of that little checkbox you must check to install it). Now I concede that a majority of people do not take the time to read what they are agreeing to, but it is there none the less. Having said that, using these applications as an example is nothing more than creating a straw man on the issue.

Now the complaint I am hearing involves the transparency of this feature. When users upgrade, or even install fresh, they are not told anywhere that this information is being sent, let alone any mention or promise that it won't be used for some malicious purpose. That is why I strongly feel an option to opt in/out should be given on the upgrade/install screens. 

I want to reaffirm that I know this information will *not* be used for malicious purposes. I actually think it is a good idea. Think of how the stats involving PHP versions versus overall installations would have aided in the PHP4/PHP5 debate. 

Jamie Holly
http://www.intoxination.net