[wp-hackers] Revisiting phone home and privacy

Jacob Santos wordpress at santosj.name
Tue Dec 8 01:11:04 UTC 2009

I should apologize, I realize that you are correct. It has been a long 
time and I've forgotten a lot of the issues that were bought up at that 

Given the lack of popularity of the Tin-foil hat plugin compared to 
those using WordPress, I can say that it is unlikely that any options 
will be added. I believe it was discussed at that point, but a lot of 
the argument against it was that if only a few are ever going to turn it 
on, then it wasn't worth spending the time for development and testing 
to do it.

As far as the business connection, I think that well, it doesn't really 
matter what I think. I would hope that any business would weigh the 
advantages of what WordPress offers for keeping WordPress and plugins 
up-to-date and the time that is saved, however that is their business 
with how they want to handle that.

Furthermore, the lack of opt-in was intentional and there was, I 
believe, fear that people would care more about privacy than security 
and opt-out rather than be updated on when new releases are out. Given 
the apathy in the past, it seemed reasonable to assume it and given 
recent events, it seems that even with the update notifications that 
people are still not taking the update notifications seriously.

The Tin-foil hat plugin should solve your problems, but the code below 
could be applied to a plugin and would do what you wish with at least 
the useragent.

function paranoia_remove_url($default)
    global $wp_version;
    return 'WordPress/'.$wp_version;

add_filter('http_headers_useragent', 'paranoia_remove_url');

For what it is worth, I'm not against your idea, it is just that there 
are alternatives to which you speak and I'm wondering why those 
alternatives (i.e the filters) weren't applied first to the problem 
before attempting to change WordPress fundamentally for everyone. Also, 
I'll rather the statistics for PHP version be sent so that PHP4 can be 
dropped as soon as possible, unless their using PHP4, then please use 
the Tin-foil hat, so that they'll skew the results towards quicker 
adoption of PHP5+.

It should also be noted that the above will only remove the URL from the 
useragent. The plugins and themes and wp_version will still be sent, but 
I believe that is the only place where the Blog URL is sent.

Jacob Santos

Lynne Pope wrote:
> 2009/12/8 Jacob Santos <wordpress at santosj.name>
>> In what way does WordPress.org or Automattic having your URL affect the
>> security and privacy of your site?
> It compromises privacy because users are not being given the option to send
> or not send information about their site. It compromises security when users
> disable update checks in order to avoid sending information they don't wish
> to send.
> The specific response I got from the people I was working with was that
> business information, such as which plugins they use, is nobody's business
> except theirs. They consider this to be business information. Plugin and
> theme data contains identifying information about products and staff which
> they do not want broadcast to anyone.
>> How does preventing WordPress.org from using this data protect you from
>> anything?
> WordPress.org is not a legal entity and cannot therefore be held legally
> accountable for misuse of data. They have no confidence in WordPress.org's
> ability to keep the data private and confidential and say that as they do
> not opt-in to sharing it then wordpress.org has no legal right to collect
> it.
>> Why doesn't the plugins available address your problems with privacy?
>> The filters were placed in for the sole purpose of overriding the URL that
>> is sent and for those concern with privacy. While it could be said that the
>> small amount of people who downloaded the plugin verses the much larger
>> amount that uses WordPress says that not enough people consider sending an
>> URL is all that important. It might just be that not enough people realize
>> that their WordPress is sending this information.
> Which plugin just overrides the blog URL? If there is one that simply does
> that then I'd point them to it.
>> It is but the URL, plugins, and themes, along with the PHP version that is
>> sent. None of the passwords, visitors (unless you use the WordPress.com
>> Stats plugin), etc is sent. There is also a legitimate and reasonable
>> purpose behind sending this data and it is to allow for upgrading those
>> plugins (however, the URL isn't required, unless they changed that, but you
>> could just send www.example.com if you wanted).
>> By the way, the filters were a compromise to those who said to fork it.
> Providing the means to check if plugins, theme, or core updates are
> available is great. The stickler is the sending of the blog URL (and for
> this company - data about custom plugins).
> IMO, there needs to be more transparency about what WordPress does behind
> the scenes and what data is collected. I understand the concerns when custom
> plugins & themes use staff and product names - this sends way too much
> identifying information!
> The alternative would be if WordPress only checked against theme and plugin
> names that are in the WordPress repository, instead of collecting data on
> every theme and plugin.
> I love the work you did on this Jacob. However, its now 2 years since
> wordpress.org started collecting blog URL's with the update and it's still
> unnecessary data capture. If WordPress.org has future plans for using this
> information then a simple opt-in would prevent these kinds of issues. If
> there is no good reason for capturing the URL then perhaps its time it was
> removed?
> Lynne
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list