[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()
WordPress Trac
noreply at wordpress.org
Sun Oct 22 19:36:25 UTC 2017
#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+---------------------
Reporter: investici | Owner: pento
Type: enhancement | Status: closed
Priority: normal | Milestone: 4.9
Component: Administration | Version:
Severity: minor | Resolution: fixed
Keywords: has-patch | Focuses: docs
----------------------------+---------------------
Comment (by TJNowell):
I would keep in mind that WP still sends this data, adding a filter
documented in a dev handbook doesn't indicate to an end user that their
data is being sent elsewhere, nor would this stand up against regulators.
Considering GDPR is incoming in europe, we need to explicitly state what
information is collected, why, what it's used for, who it's shared with,
how long it's retained for. What's more we need to actively gain opt in
consent to do so in an unambiguous, straight forward way using plain
language anybody can understand. Telling users there's a filter, or a
plugin that they can use to opt out isn't enough
I understand the reasons this data was collected, and why it was done as a
developer. From a technical standpoint it makes good sense to do so. The
problem here is that of privacy, and more pressingly, '''legality and
compliance'''. At the moment, this issue is low hanging fruit for any
regulator who wants to shut down or hurt a site running WP in the EU once
legislation comes into effect in May
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:107>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list