[wp-trac] [WordPress Trac] #5066: Anonymize update checking

WordPress Trac wp-trac at lists.automattic.com
Thu Dec 17 16:31:46 UTC 2009 

#5066: Anonymize update checking
-------------------------------------------+--------------------------------
 Reporter:  zamoose                        |        Owner:  anonymous
     Type:  enhancement                    |       Status:  reopened 
 Priority:  normal                         |    Milestone:  3.0      
Component:  Administration                 |      Version:           
 Severity:  normal                         |   Resolution:           
 Keywords:  has-patch 2nd-opinion privacy  |  
-------------------------------------------+--------------------------------

Comment(by chmac):

 zamoose, you raise some interesting scenarios where privacy becomes very
 important. I think because your scenarios are all based on wp.org being
 compromised, it's unlikely to hold much sway with the decision makers.

 I see a fundamental issue here. For early version of WordPress, it was
 hard to figure out how many times the software was being used. Now with
 the update mechanism "phoning home", wp.org has a list of every site
 running their software. There's huge bragging rights, stats geekiness, and
 all sorts of other benefits to this.

 From this perspective, it seems natural that small, obscure, and unlikely
 privacy concerns would be quashed by the desire to track the number of
 installs.

 The crux for me is that WP phones home immediately, so there's no way to
 install a plugin to stop that initial call in. One option would be to link
 the phone home feature, or maybe anonymize it, based on the "Announce this
 blog to the world" option during install. Honestly though, I think it's
 unlikely the core devs will do that. Again, it's upside versus downside.
 Their interest is better served by all sites phoning home.

 I think the most sensible scenario all round is a fork. I can see space
 for a few forks based on different use cases. A privacy focused fork, a
 security focused fork, and so on. I'd consider them WP flavours. I think
 using subversion, quilt and one or two custom scripts, it would be minimal
 work to roll a few custom version of WordPress and publish them in tgz and
 svn.

 To that end, I've started a discussion here:
 http://www.callum-macdonald.com/2009/12/17/proposing-wp-flavours/

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/5066#comment:38>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list