[wp-trac] [WordPress Trac] #43492: Core Telemetry and Updates
WordPress Trac
noreply at wordpress.org
Wed Apr 4 17:28:18 UTC 2018
#43492: Core Telemetry and Updates
------------------------------+------------------------------
Reporter: xkon | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: gdpr 2nd-opinion | Focuses:
------------------------------+------------------------------
Comment (by allendav):
@azaozz wrote:
> For that reason think this ticket should focus on providing that
information, including what data is sent on update checks, how it is used,
and what it would mean for their site if these checks are disabled.
+100
> I'd also really like to hear a lawyer's opinion on whether domain names
and websites IP addresses constitute "personal data" under the GDPR.
I really don't like abstract discussions - I think they go on for ever.
So, here's the only way I can think that a server IP could be used to
identify a person - what if a person keeps the server in their home or
their small business (and not in a hosting provider like bluehost). If a
user does that, and their server contacts WordPress.org to check for
updates, WordPress.org has the means to "unmask" (identify) that user you
even if they have things have privacy on their domain registration.
So... my $0.02... the privacy docs for WordPress core should disclose that
1) WordPress.org servers will be contacted to check for updates and 2)
that the server IP is unavoidably shared with them when that happens and
3) that should be opt-in/out before communication happens since that
communication can unmask a user
Can someone make a case for opt-in vs opt-out for this? That's where
things are not clear for me.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43492#comment:32>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list