[wp-hackers] Plugin update & security / privacy
hovercrafter at earthlink.net
Mon Sep 24 13:42:54 GMT 2007
What makes this issue so big is the "secrecy" involving what it is doing.
Adding a simple warning, or even an opt-in/out method would entail minimal
coding. The resistance against that leaves some with a feeling that "well
maybe they are going to do something with this list of URLs". There is no
statement of privacy or anything. How is average Joe to be assured that WP
isn't going to sell this collection of URLs to spam services? Every other
mainstream service/application that collects any information makes sure the
end user knows about this and has a privacy statement to go along with the
A golden rule of any product/service is that you *never* assume on behalf of
the consumer/end-user. Transparency is the key to trust. Also the strong
resistance to this transparency, given by Matt (who is more or less the
voice of WP), is actually making a stronger argument for this transparency.
When Matt said if you don't like it then "use another product, start a
fork", it really gave a sense that he has something personally to
profit/gain from this feature.
Now for a question.
I haven't looked into the code enough yet, but how effective will this
plugin to remove it be? You can't install the plugin until after you install
the product. By that time hasn't a check already been done, or does a wait a
predetermined amount of time after an install/upgrade to check for updates?
>From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-
>bounces at lists.automattic.com] On Behalf Of Peter Westwood
>Sent: Monday, September 24, 2007 8:34 AM
>To: wp-hackers at lists.automattic.com
>Subject: Re: [wp-hackers] Plugin update & security / privacy
>On Mon, September 24, 2007 5:59 am, Matt Mullenweg wrote:
>> Mark Jaquith wrote:
>>>> 2. It's simple, easy, and self-evident.
>>> It's a behind the scenes feature, so simplicity and ease don't really
>>> apply. Self-evident? Evident to whom? Evident for what purpose?
>> URLs are useful unique identifiers and in my opinion the best one to
>> on the web. You can normalize them, organize them by domains and
>> subdomains, look for odd characters or paths, create stats by TLDs,
>> them to hosting providers, use them as a basis for a crawl, and
>> associate them with WordPress.org profiles. MD5s are unique, but don't
>> have a lot of value beyond that, and even a capitalization or trailing
>> slash change will change the whole MD5. There are also things I think
>> haven't imagined yet that could make URLs useful. Maybe a .org toolbar
>> that ties into your .org profile and makes it easy to manage multiple
>> blogs and tie them together. If by the time 2.5 comes around we're
>> not doing anything useful with it then we can re-examine it.
>> I don't think an MD5 would be significantly more anonymous either.
>> Anyone with a list of URLs could associate the md5 with a URL just by
>> pre-computing the URL MD5s and comparing. So they would be different,
>> but not really better. You'd have to add a salt of some kind. We're
>> hours from the release arguing about a bikeshed that was checked in
>> a month ago.
>I think I agree with matt here. The main point is this is a bikeshed
>>From personal experience running the webservice for my version-check
>plugin  I have had no complaints of issues with the fact that it
>the blog url with every request.
>For me the main points are:
> 1. Sending the url doesn't expose any private information.
> 2. We have been sending our urls out as pings for years without any
> 3. Sending the url may allow Wordpress.org to do analysis of the user
>base in the future - we should probably state this if and when it
>In my view the best thing that could be done now is to document the API
>the front page of api.wordpress.org and point there from the release
>Peter Westwood <peter.westwood at ftwr.co.uk>
>wp-hackers mailing list
>wp-hackers at lists.automattic.com
More information about the wp-hackers