[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()
WordPress Trac
noreply at wordpress.org
Wed Dec 7 14:34:23 UTC 2016
#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+-----------------------
Reporter: investici | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Administration | Version:
Severity: minor | Resolution:
Keywords: has-patch | Focuses:
----------------------------+-----------------------
Comment (by Rarst):
I had been WP user since 2008 and I remember privacy issues being
repeatedly raised as long. In numerous contexts from blog posts, to trac,
to the stage of WordCamp Europe. More often in context of plugin/theme
updates, which have relatively more impact than multisite stats.
Silent collection of private data is fine — no, it's not.
WP org is run by good guys and that makes it ok — it does not.
There is a way with HTTP API — as an author of Update BLocker plugin that
"solution" is ugly, unreliable, and extremely inconvenient. More so at one
point in history WP changed API format, which broke every existing
implementation of such filters.
I do grasp the context and challenges of such old and grown in system.
But WP should either treat such concerns with respect and attention they
deserve or get off the corpse of its "own your data" high horse.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:63>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list