[wp-hackers] Plugin update & security / privacy

Computer Guru computerguru at neosmart.net
Mon Sep 24 20:40:16 GMT 2007

> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers- 
> bounces at lists.automattic.com] On Behalf Of Jamie Holly
> Sent: Monday, September 24, 2007 11:08 PM
> To: wp-hackers at lists.automattic.com
> Subject: RE: [wp-hackers] Plugin update & security / privacy
> staking a position of saying it is or isn't. Think Microsoft. They

> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

Enough said.

Does anyone here seriously believe Microsoft gives a damn about *you* personally and personally identifying info?
If Microsoft were to start silently and without warning begin recording even NECESSARY info and sending it at regular intervals to Redmond, do you think they would use that info to personally identify anyone or let that data be leaked anywhere? The obvious answer is no f*****ing way.

But if Microsoft were to start doing such a thing, there would no end to the litigation, lawsuits, and complaints. Businesses WOULD stop using it, in the blink of an eye if they feel they've really been violated. And governments - do you think the CIA would appreciate the fact that their OS of choice is "spying" on them? Imagine the litigation and class-action lawsuits to follow... 

So why is it ANY different for WordPress? Being open source isn't a "Get out of jail free" card, is it?

The latest versions of Windows and Office have a "consumer improvement" program that sends periodic data to MS, *WITH* a guarantee that no personally identifying info will be sent, AND a button you can press to see ALL info being transmitted. What's more, it's OFF by default (as in opt-in). And of course, they have one hell of a privacy policy.

Sure, I love and respect WP and the team. I know you guys won't misuse this info, and so do many people out there too. I always opt-in to these programs, because a developer I know the importance of statistics. But the fact of the matter is, it's stupid, reckless, and just plain un-thought-through to secretly send data back to WP/Automattic/whatever-the-hell-it-is, *ESPECIALLY* without even an opt-OUT button and most definitely without a privacy policy. I've got to say, what the hell were you guys thinking?

This is the INFORMATION age. Information reigns king. It's valuable, yes. But trust is even more valuable. WP is a piece of open source community software, and decisions like this need to be done in the open with tons of feedback - not with a bit of code slipped in under the radar with no warning or discussion and absolutely no way of disabling it by default.

Just think about it. I haven't heard a _single_ argument that gives a real /reason/ for what's being done (no, "it's harmless" isn't a valid excuse). If it were ANY other for-profit company, each and everyone one of you would be screaming up and down. So why is WP an exception? Like I said before, Open Source isn't a carte blanche that lets you do whatever the hell you please, it's just a frikkin license - and doing this kind of stuff assuming that everyone would forgive you just because you're not a Microsoft/Google/Apple/eBay/Whatever doesn't just not get you off the hook but gives open source a really bad name if that's the excuse.

The golden rule: "Do unto others what you would have them do unto you" 

If someone can give me a SINGLE good reason why it's OK for WordPress to do this whereas it's not for anyone else, I'm all ears. But just think: "what if it was Microsoft" and see what happens.

Every day I see a blog post about "OMG <INSERT BIG COMPANY HERE> is using WP!!! WE PWNZ THE WORLD!!!" Cool.
Great. But what are all those big companies going to think when they realize you're effectively spying on them???

Computer Guru
NeoSmart Technologies

More information about the wp-hackers mailing list