[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()

WordPress Trac noreply at wordpress.org
Wed Dec 7 10:51:09 UTC 2016 

#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+-----------------------
 Reporter:  investici       |       Owner:
     Type:  enhancement     |      Status:  reopened
 Priority:  normal          |   Milestone:
Component:  Administration  |     Version:
 Severity:  minor           |  Resolution:
 Keywords:  has-patch       |     Focuses:
----------------------------+-----------------------

Comment (by Myatu):

 Replying to [comment:35 chriscct7]:
 > ... you can freely read and edit the codebase and see exactly what is
 sent, or learn about how different parts of the project operates.

 The "you" used here seems to infer that everyone has the knowledge, time
 and willingness to inspect the entire WordPress codebase prior to
 installing or upgrading it. It also contradicts the "Design for the
 majority" philosophy you quoted later.

 > ... the data is stored by WordPress.org for calculation purposes for 48
 hours, and then discarded.

 That is enough to warrant disclosure. People need to know what you are
 collecting, if it is anonymous and for what purposes you use that data.

 I don't know the full details of that, and I'd wager a lot of other
 WordPress users do not either.

 You speak of editing the Codex, but:

 * How does someone know what to add to the Codex, if one doesn't know what
 you do with the data?
 * How will the ordinary WordPress users come to know of it PRIOR to
 installing or upgrading?

 That is a problem and the reason @investici opened this ticket ''six''
 (!!) years ago.

 Also, keep in mind that if the data is not entirely anonymous, then in
 addition to disclosure, WordPress.org will also be required by the
 upcoming EU GDPR (2018) to allow WordPress users to opt-out from this data
 collection, as that regulation will also apply to non-EU organisations.

 > As for this ticket, WordPress is now used by almost a quarter of the
 internet, and since 6 years ago a total of what appears to be just 6
 (quick count on my part; could be off +/-2) have expressed interest in a
 filter for this.

 Has it occurred that this may have been due to the lack of information to
 begin with? Had I known about it when I started using WordPress (2008),
 then I would have certainly chimed into this debate then too.

 > Aside from the performance implications of calling apply_filter() which
 albeit while small is still a consideration factor

 To sacrifice privacy or security over performance sets a very, very
 dangerous precedent. I certainly hope this is not the case for other parts
 of the WordPress codebase.

 I wholeheartedly agree with @DvanKooten closure statement, and would like
 to repeat it in closing:

 > '''the very least we could do to improve is to document this behavior
 and to create a page on what data exactly WordPress is collecting, and
 why.'''

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:57>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list