[wp-trac] [WordPress Trac] #43492: Core Telemetry and Updates
WordPress Trac
noreply at wordpress.org
Wed Apr 4 18:02:14 UTC 2018
#43492: Core Telemetry and Updates
------------------------------+------------------------------
Reporter: xkon | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: gdpr 2nd-opinion | Focuses:
------------------------------+------------------------------
Comment (by DavidAnderson):
@robscott Does it hinge on the IP address? I was thinking that the site
URL was more problematic. For any individual with a website with an
"About" page or other identifying information, that seems much more likely
to be PII, under the GDPR's criteria of information that can be directly
or indirectly be linked back to a particular individual.
But yes, my own view (IANAL...) is that if the code on the wordpress.org
mothership immediately drops the IP address down a black hole, then the
GDPR's anonymization criteria then come into play (unless it could be
argued that the IP combined with a list of installed plugins is sufficient
to de-anonymize - that is possible, as you can look up the IP on any
number of public "which sites are hosted here?" sites, and then run a
quick automated scan on all the sites to see which ones have that same
plugin combination installed. There's probably quite a lot of bits of
entropy in the info sent that could allow de-anonymization).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43492#comment:36>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list