[wp-hackers] Plugin update & security / privacy

Jamie Holly hovercrafter at earthlink.net
Sun Sep 23 12:37:01 GMT 2007

We were discussing this on a political blogger mailing list I am on. There
are about 30 WP users on that list. As of this morning, 18 of them said they
will not be moving to WP 2.3 solely because of this. Like one of the
bloggers said; "If they are not telling you about this feature when you
upgrade, then when will they take other personal information like emails and
secretly send them to a server".

I know this is a small micro-sampling of WP users, but it has had me
thinking. While most of us on the mailing list know Matt and that he
wouldn't be out to do something like that, how about the other 99%+ WP users
out there who don't know him? In a time when internet privacy concerns are
in our daily newspapers, I believe a lot more consideration should be given
to this before rolling it out. IMHO the best option would be to include the
feature as a bundled plugin. That way people can opt into it. 

Personally, my biggest complaint is with the persistence of this
notification. I changed the version # just so I could see it. There really
needs to be a way to close this out. Having it show all the time is a nag. I
say make it so when someone closes it, it will come back every 24 hours or
so. It shouldn't be that bad to implement a way to close this out.

- Put a close link on the notification. Have it remove it either via ajax or
a get method (possibly read in admin.php). When it's closed you set an
option HideUpdateNotification_{$user->ID}. Set that with the
currenttime+time_to_hide_it. This is option is checked and if the option
time<currenttime, go ahead and show it again (then the person can close it
again if they so choose). 

Jamie Holly

>-----Original Message-----
>From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-
>bounces at lists.automattic.com] On Behalf Of Alex Günsche
>Sent: Sunday, September 23, 2007 7:16 AM
>To: wp-hackers at lists.automattic.com
>Subject: Re: [wp-hackers] Plugin update & security / privacy
>On Sun, 2007-09-23 at 13:12 +0200, Alex Günsche wrote:
>> By the way, I was rather shocked when I saw what big bunch of data
>> Akismet transmits on connecting to its server. Why the heck does
>> transmit *all* my $_SERVER environment variables? That's a big reason
>> mistrust Akismet, unless there are *very* good reasons for that. And I
>> doubt there are any.
>By the way, does Rule No. 1 of Automattic's privacy policy still apply?
>"We don't ask you for personal information unless we truly need it. (We
>can?t stand services that ask you for things like your gender or income
>level for no apparent reason.)"
>Because, I also can't stand services that retrieve my $_SERVER variables
>and my blog URL for no apparent reason.
>Kind regards,
>Alex Günsche, Zirona OpenSource-Consulting
>Blogs: http://www.zirona.com/ | http://www.regularimpressions.net
>PubKey for this address: http://www.zirona.com/misc/ag.ml2007.asc
>wp-hackers mailing list
>wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list