[wp-hackers] Plugin Privacy Option (was Revisiting phone home and privacy)

Lynne Pope lynne.pope at gmail.com
Tue Dec 15 00:22:18 UTC 2009

2009/12/15 Jeremy Clarke <jer at simianuprising.com>

> It's a good idea too, though part of a bigger plan. The plugin code
> that achieves the same thing is much more likely to be a solution :)

Plugin code only helps those of us who know what data is being collected and
how to hack.
Plugins also have to be activated which means the private data has already
had a send before the plugin kicks in.

> Has anyone created a Codex page about this whole issue? It would be
> good to have this code there. Anyone with strong feelings about the
> issue want to put one together? It could have sections explaining each
> part of the update process and have ways of circumventing each:
> Sending url, sending server info, sending plugins list.

Do you really think that's a good idea?
The most common comment I've had to my blog post listing details of what is
sent (http://lynnepope.net/data-wordpress-sends) has been, "holy s**t!" and
several people have said they are walking away from WordPress. These are all
people who do know code and who can anonymise update checks.
If that is their reaction I can imagine a much stronger one from those users
who are inexperienced with code.

Mark has kindly posted this: Excluding your plugin or theme from update
checks « Mark on WordPress http://j.mp/6uecLJ

My personal opinion is that we shouldn't scare users just yet. Plugins don't
address the privacy issues. Matt has indicated that he will be speaking to
lawyers next year with the view to improving the WordPress privacy
statement. It might pay to wait till then before taking this to the Codex.


More information about the wp-hackers mailing list