[wp-hackers] Plugin update & security / privacy
James Thomas Snell
james at dawning.ca
Mon Sep 24 20:58:11 GMT 2007
I just joined this mail list about three hours ago - but I think I've
already seen enough to feel inclinded to say:
It seems perfectly acceptable to me to collect unpersonalized stats ONLY IF
the blog administrator manually enables such functionality. Perhaps it's
already been suggested, but why not add a step to the upgrade.php script
that provides an unchecked check box asking the admin to check it if they
wish to donate statistics? Perhaps this functionality could be accessed as a
plugin that can be controlled at the admin's will?
Sorry if I'm jumping in too soon here, I really don't have the time to go
back through the log of the previous messages. But maybe that there is a yet
to be made suggestion.
On 9/24/07, Computer Guru <computerguru at neosmart.net> wrote:
> > -----Original Message-----
> > From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-
> > bounces at lists.automattic.com] On Behalf Of Jamie Holly
> > Sent: Monday, September 24, 2007 11:08 PM
> > To: wp-hackers at lists.automattic.com
> > Subject: RE: [wp-hackers] Plugin update & security / privacy
> > staking a position of saying it is or isn't. Think Microsoft. They
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> Enough said.
> Does anyone here seriously believe Microsoft gives a damn about *you*
> personally and personally identifying info?
> If Microsoft were to start silently and without warning begin recording
> even NECESSARY info and sending it at regular intervals to Redmond, do you
> think they would use that info to personally identify anyone or let that
> data be leaked anywhere? The obvious answer is no f*****ing way.
> But if Microsoft were to start doing such a thing, there would no end to
> the litigation, lawsuits, and complaints. Businesses WOULD stop using it, in
> the blink of an eye if they feel they've really been violated. And
> governments - do you think the CIA would appreciate the fact that their OS
> of choice is "spying" on them? Imagine the litigation and class-action
> lawsuits to follow...
> So why is it ANY different for WordPress? Being open source isn't a "Get
> out of jail free" card, is it?
> The latest versions of Windows and Office have a "consumer improvement"
> program that sends periodic data to MS, *WITH* a guarantee that no
> personally identifying info will be sent, AND a button you can press to see
> ALL info being transmitted. What's more, it's OFF by default (as in opt-in).
> Sure, I love and respect WP and the team. I know you guys won't misuse
> this info, and so do many people out there too. I always opt-in to these
> programs, because a developer I know the importance of statistics. But the
> fact of the matter is, it's stupid, reckless, and just plain
> un-thought-through to secretly send data back to
> WP/Automattic/whatever-the-hell-it-is, *ESPECIALLY* without even an opt-OUT
> the hell were you guys thinking?
> This is the INFORMATION age. Information reigns king. It's valuable, yes.
> But trust is even more valuable. WP is a piece of open source community
> software, and decisions like this need to be done in the open with tons of
> feedback - not with a bit of code slipped in under the radar with no warning
> or discussion and absolutely no way of disabling it by default.
> Just think about it. I haven't heard a _single_ argument that gives a real
> /reason/ for what's being done (no, "it's harmless" isn't a valid excuse).
> If it were ANY other for-profit company, each and everyone one of you would
> be screaming up and down. So why is WP an exception? Like I said before,
> Open Source isn't a carte blanche that lets you do whatever the hell you
> please, it's just a frikkin license - and doing this kind of stuff assuming
> that everyone would forgive you just because you're not a
> Microsoft/Google/Apple/eBay/Whatever doesn't just not get you off the hook
> but gives open source a really bad name if that's the excuse.
> The golden rule: "Do unto others what you would have them do unto you"
> If someone can give me a SINGLE good reason why it's OK for WordPress to
> do this whereas it's not for anyone else, I'm all ears. But just think:
> "what if it was Microsoft" and see what happens.
> Every day I see a blog post about "OMG <INSERT BIG COMPANY HERE> is using
> WP!!! WE PWNZ THE WORLD!!!" Cool.
> Great. But what are all those big companies going to think when they
> realize you're effectively spying on them???
> Computer Guru
> NeoSmart Technologies
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers