[wp-trac] [WordPress Trac] #5066: Anonymize update checking

WordPress Trac wp-trac at lists.automattic.com
Thu Dec 10 15:50:51 UTC 2009 

#5066: Anonymize update checking
-------------------------------------------+--------------------------------
 Reporter:  zamoose                        |        Owner:  anonymous
     Type:  enhancement                    |       Status:  reopened 
 Priority:  normal                         |    Milestone:  3.0      
Component:  Administration                 |      Version:           
 Severity:  normal                         |   Resolution:           
 Keywords:  has-patch 2nd-opinion privacy  |  
-------------------------------------------+--------------------------------

Comment(by docwhat):

 So the information sent is:
 * The version WordPress you are using - we need this to be able to give
 you the correct response
 * The versions of PHP and mysql you are using - we need these to be able
 to  make sensible decisions about which versions we should support
 * The locale you are using - so we can offer you the update in your
 language
 * The url of the site doing the checks - so we can differentiate
   between  different clients in order to aggregate the version numbers
 correctly.
 * All plugins, active and inactive, in your plugins directory

 Which means that this is one-stop shopping for someone who wants to
 exploit a wordpress vulnerability.

 Which means that if someone breaks into wordpress.org and gets this
 information he/she will be able to target exactly which boxes have
 which versions of Wordpress, mysql, php, and plugins.

 If I was looking to mass-exploit wordpress boxes, this is exactly what
 I'd do.

 I'd like to propose the following:
  * Use a different identifier instead of URL:
     * Old wordpress installations, will work the same.
     * New ones will have an identifier in the request saying they are
 using the
     new update check method.
     * The new check method will request an ID on the first check.  This ID
 will be stored in the wordpress installation for use in the future.
     * In the future, this ID will be used instead of the URL.
     * If the user checks a check box on the privacy page ("Don't send
 stats") then instead of in ID, a token is sent that tells wordpress.org
 not to track this request. This prevents bogus IDs from collecting.  In
 addition, non-important information (PHP version, MySQL version, etc.)
 won't be sent.
   * Modify wordpress.org to stop tracking any old wordpress installations
 (ones that use URLs as identifiers).
   * Add a description on the privacy page explaining what information
 wordpress.org collects, for how long it is saved, and why this is useful.

 Ciao!

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/5066#comment:25>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list