[wp-hackers] Advertising on plugin pages
heiko.rabe at code-styling.de
Sun Mar 1 23:33:30 GMT 2009
The main difference is, that normal plugins won't load code, images or
something else from 3rd party servers.
And yes, i review each plugin and theme i plan to use.
Sure, every plugin can do "bad" things, but if i have a plugin in test,
that prominent shows me loaded 3rd party things, i will first of all
deactivate it and inspect it more carefully as i would do with others.
Also i have a service plugin running which scanns each other plugins php
pages for unknown fopen, fetch_rss and many more remote call funtions
reported at dashboard, if unknown.
Normally no plugin needs 3rd party server calls (except those intended
to work so like akismet, content importer or known defined things).
I don't expect remote calls in plugins like smiley replacer but you want
introduce 3rd party calls for this too.
And if the 3rd party server has been hacked, all plugin using domains
will be virulent infected too. Also a DNS spoofing attack can route the
advertising calls to an evil server and serves now real "bullshit".
This is not longer under control of blog admins and what you think will
happen, if your plugin is the source of lost revenues of high traffic
installations by attacks ? What you think, their lawyer will do ?
> "Heiko Rabe" <heiko.rabe at code-styling.de> wrote:
>> You will run into the fact that developers will disassemble
>> the entire plugin code to be sure, nothing unwanted will be
>> transmitted. Such time wasting effort would force me to drop
>> such a plugin and search for an ad free solution or to rewrite
>> it without ads.
> ANY plugin could do something unsavory. All the things you mention could be done by a plugin that is not advertising-related, and also a plugin that is advertising-related could avoid all those things so as to be a good citizen. Do you code review every plugin you use (which is probably a good idea, but tangential to the discussion?) How does this make plugins that serve advertising different?
> -Mike Schinkel
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers