[wp-trac] [WordPress Trac] #62377: Remove telemetry from update.php

WordPress Trac noreply at wordpress.org
Mon Nov 11 16:36:30 UTC 2024


#62377: Remove telemetry from update.php
-----------------------------+-----------------------------
 Reporter:  ianatkins        |      Owner:  (none)
     Type:  enhancement      |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Upgrade/Install  |    Version:  6.6.2
 Severity:  normal           |   Keywords:
  Focuses:  privacy          |
-----------------------------+-----------------------------
 Why is the install URL, user counts and additional information being sent
 to WordPress.org:
 https://core.trac.wordpress.org/browser/trunk/src/wp-
 includes/update.php#L199

 I don't think it's obvious this behaviour happens and exposes what would
 have been considered private installs ( Intranets, non public sites,
 locally developed install's etc ).

 I can't find any history as to why that is there, besides discussion of
 privacy concerns that were ignored on the ticket below regarding adding
 user counts:
 https://core.trac.wordpress.org/ticket/12672

 What purpose does it serve? If it serves a purpose where and how is the
 data logged, and what security measures are in place to keep the data
 secure?

 Given GDPR, if this is to be retained, there should be an obvious consent
 checkbox when installing WordPress ( the site install URL could contain
 PIP and you have no way of knowing ).

 It is also unclear who controls the data that is being sent. Presumably it
 is Matt in a personal capacity as the owner of wordpress.org and Matt is
 the DPO ( data protection officer )? If the wordpress.org server is
 located in the US, then for EU installs there is also a data transfer to
 consider.

 I think this should be a process based on consent, if being retained, or
 the data anonymised if it's being used for internal metrics.

 Would appreciate some clarity on the purpose and usage.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62377>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list