[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()

WordPress Trac noreply at wordpress.org
Mon Mar 13 18:56:45 UTC 2017 

#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+------------------------------
 Reporter:  investici       |       Owner:
     Type:  enhancement     |      Status:  reopened
 Priority:  normal          |   Milestone:  Awaiting Review
Component:  Administration  |     Version:
 Severity:  minor           |  Resolution:
 Keywords:  has-patch       |     Focuses:
----------------------------+------------------------------

Comment (by WraithKenny):

 Folks on the ticket mentioned "lack of chiming in" as a reason to dismiss
 the ticket, so naturally, I feel that's an invitation to comment. ;-)

 On the topic of EU privacy regulation raised by @idea15 and others:
 There's certainly '''blog''' identifying info transmitted, but not
 '''person''' identifying info. I'm not a lawyer, nor an expert, nor do I
 have access to api.wordpress.org's code, but I '''really don't''' think
 this runs afoul of privacy regs in the EU (I'm not even European, so
 'grain of salt' on this).

 Because of the fact that I can only read the code that sends the data, and
 not the code that creates the dataset, I have to make some assumptions.
 And because I can't find any real source for how or where that data is
 stored, I do have some concerns. I don't see how creating analytics that
 can determine when a blog becomes abandoned by when it stops pinging
 (which is how blogs drop off the php support on the stats page)

 I assume that the ''potentially outdated and vulnerable versions'' are
 aggregated by blog URL, into a list somewhere. Seems straight-forward
 enough. What's the worst that can happen to such a list? :-/

 Some commenters are expressing concerns about security and privacy, while
 some are being dismissive and closing the ticket, or otherwise
 trivializing the concerns. Perhaps a better way is to have someone who has
 access and knowledge of the system adequately describe the potential
 hazards that they've considered, and how they deal with those concerns,
 and what security is in place to safeguard that list of vulnerable sites.
 Basically, assure everyone that they've privately done what is usually
 publically done with most other things WordPress.

 For the record, while I see a potential concern here, I '''wouldn't'''
 opt-out of the stats. And as I said above, I could be wrong about all of
 this, since I don't have any access, I don't know.

 TL;DR I don't think this is a minor enhancement. I think it's at least
 somewhat security related, and of at least normal severity.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:92>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list