[wp-trac] [WordPress Trac] #48108: Major privacy issues with Freemius-based plugins

WordPress Trac noreply at wordpress.org
Mon Sep 23 11:40:57 UTC 2019 

#48108: Major privacy issues with Freemius-based plugins
--------------------------+----------------------------------
 Reporter:  menathor      |      Owner:  (none)
     Type:  defect (bug)  |     Status:  assigned
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Privacy       |    Version:
 Severity:  major         |   Keywords:  needs-privacy-review
  Focuses:                |
--------------------------+----------------------------------
 Hi all,

 Apologies if this isn't the right place to be posting this. I’ve
 discovered some major privacy issues regarding Freemius-licensed plugins.
 The option to “skip” (i.e. opt-out) of telemetry collection / marketing
 including:

 *name
 *email address
 *a list of all other plugins and themes installed on the site
 *activation and deactivation events of plugins and themes
 *php and wp version info
 *marketing messages

 …is only available on the free versions of the plugins hosted on wp.org.
 Screenshot here: https://imgur.com/a/ycAwS4w

 If a user upgrades to the pro (i.e. commercial) version of a plugin there
 is no way to opt out. **Since the upsell and payment is done from the wp-
 admin dashboard by the free versions hosted here**, I think this is very
 relevant for the community.

 See this screenshot of a wp.org plugin that’s been upgraded to the “pro”
 version (including the list of telemetry collected and lack of opt-out
 options): https://imgur.com/a/Sxf81r4

 Not allowing users to opt out of this is a major privacy issue with all
 kinds of security and GDPR implications as well. I don’t think Freemius-
 based plugins should be allowed in the wp.org repo until they allow all
 users (free and paid) to opt-out of telemetry tracking. Otherwise wp.org
 is enabling / endorsing this kind of business practice.

 Would value your thoughts and opinions on this!

 Cheers

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/48108>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list