[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()
WordPress Trac
noreply at wordpress.org
Wed Dec 7 09:34:36 UTC 2016
#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+-----------------------
Reporter: investici | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Administration | Version:
Severity: minor | Resolution:
Keywords: has-patch | Focuses:
----------------------------+-----------------------
Comment (by nofearinc):
Automatic WordPress updates are still something that many organizations
avoid at all cost (or even pick another CMS/WCM) due to the lack of
control and inherent dependency on 3rd party (be it WordPress.org in that
case).
Being transparent about what internal data is being sent externally is
mandatory. Handling an undefined set of data probably gets in the gray
legal area within the EU, possibly some USA states, China, many Arab
countries and others that actually care about data privacy.
I like the patch sent by @toscho many years ago as the safer option (or a
Settings -> Privacy checkbox), together with an update of
https://wordpress.org/about/privacy/ that @dd32 shared here with a more
detailed list of internal data items transferred over the web.
The bold statement above regarding "reading and editing the codebase"
completely fails to comply with "Democratize Publishing". A Content
Management System is such as it doesn't require IT intervention at all
times.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:50>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list