[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()

WordPress Trac noreply at wordpress.org
Sun Oct 22 19:36:25 UTC 2017


#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+---------------------
 Reporter:  investici       |       Owner:  pento
     Type:  enhancement     |      Status:  closed
 Priority:  normal          |   Milestone:  4.9
Component:  Administration  |     Version:
 Severity:  minor           |  Resolution:  fixed
 Keywords:  has-patch       |     Focuses:  docs
----------------------------+---------------------

Comment (by TJNowell):

 I would keep in mind that WP still sends this data, adding a filter
 documented in a dev handbook doesn't indicate to an end user that their
 data is being sent elsewhere, nor would this stand up against regulators.

 Considering GDPR is incoming in europe, we need to explicitly state what
 information is collected, why, what it's used for, who it's shared with,
 how long it's retained for. What's more we need to actively gain opt in
 consent to do so in an unambiguous, straight forward way using plain
 language anybody can understand. Telling users there's a filter, or a
 plugin that they can use to opt out isn't enough

 I understand the reasons this data was collected, and why it was done as a
 developer. From a technical standpoint it makes good sense to do so. The
 problem here is that of privacy, and more pressingly, '''legality and
 compliance'''. At the moment, this issue is low hanging fruit for any
 regulator who wants to shut down or hurt a site running WP in the EU once
 legislation comes into effect in May

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:107>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list