[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()
WordPress Trac
noreply at wordpress.org
Mon Mar 13 19:11:05 UTC 2017
#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+------------------------------
Reporter: investici | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: minor | Resolution:
Keywords: has-patch | Focuses:
----------------------------+------------------------------
Comment (by MattyRob):
Replying to [comment:92 WraithKenny]:
> On the topic of EU privacy regulation raised by @idea15 and others:
There's certainly '''blog''' identifying info transmitted, but not
'''person''' identifying info. I'm not a lawyer, nor an expert, nor do I
have access to api.wordpress.org's code, but I '''really don't''' think
this runs afoul of privacy regs in the EU (I'm not even European, so
'grain of salt' on this).
Internet URL can be anything, including but not limited to your name! That
the flips this argument completely because all of a sudden the data
transmitted '''is''' linked to a person.
Equally, the reassurance that the data are only held for 48 hours (see
above) is fine but your blog stats are transmitted back to the WordPress
API every 12 hours so it's a continuous record unless WordPress is deleted
from the server or it can be turned off or filtered as suggested in this
ticket.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:93>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list