[wp-trac] [WordPress Trac] #16778: wordpress is leaking user/blog information during wp_version_check()

WordPress Trac noreply at wordpress.org
Mon Mar 13 21:40:44 UTC 2017


#16778: wordpress is leaking user/blog information during wp_version_check()
----------------------------+------------------------------
 Reporter:  investici       |       Owner:
     Type:  enhancement     |      Status:  reopened
 Priority:  normal          |   Milestone:  Awaiting Review
Component:  Administration  |     Version:
 Severity:  minor           |  Resolution:
 Keywords:  has-patch       |     Focuses:
----------------------------+------------------------------

Comment (by idea15):

 Replying to [comment:93 MattyRob]:
 > Replying to [comment:92 WraithKenny]:

 Under the current directive and the 2018 regulation, personal data
 includes information about a device that an individual uses such as a IP
 address, MAC address, browser fingerprint, etc. (This is why analytics are
 constantly in regulators' sights.) You do not even have to have the
 individual's name, address, billing information, etc to constitute a
 personal data record - an IP address attached to a dataset is personal
 data.

 What I would like to know is - is whatever data is being collected and
 passed being pseudonymised. Pseudonymised data (information separated from
 personal identifiers which could be put back together as required) is a
 special category. It has less stringent requirements and ticks the PBD box
 required under GDPR. It is a good place to start where this issue is
 concerned.

 I would also highly recommend you take a look at Recitals 19, 20 and 21
 (pages 16-17) of the draft ePrivacy Directive refresh, which dovetails
 with GDPR. http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=41241 It
 underlies the need to be absolutely clear about what data is essential for
 technical purposes (e.g. version and security updates) and what data is
 for non-essential purposes, e.g. telemetry.

 Will be at the WCLDN contributor day on Friday if anyone wants to dive
 into this.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16778#comment:94>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list