[wp-hackers] Revisiting phone home and privacy
Chris Jean
gaarai at gaarai.com
Wed Dec 9 15:26:06 UTC 2009
I think just the fact that Peter felt the need to list the data sent to
the servers in order to justify how everyone's privacy concerns are
invalid does more to support the privacy concerns than dismiss them. If
we, the list of hackers of all things WordPress, had to get a core dev
tell us what is sent to the wp.org servers, how are standard users
supposed to know what is or is not sent to the wp.org servers?
Additionally, if we have to have a legal analysis of whether or not the
privacy statement on the wp.org site applies to the wp software or not,
wouldn't it be reasonable to assume that not everyone is clear on
whether that privacy statement applies to the software or not?
Personally, I don't care one bit. I know what information is sent all
over the net each time I request a web page. I know how trivially-easy
it is to start with a single piece of information (say an IP address)
and determine a wealth of data from that information.
However, this isn't about what people may or may not know about the
technical infrastructure of the internet nor is it about WordPress
users' ability to interpret a privacy statement. What other software may
or may not share when it sends data to a centralized system is also
immaterial. This discussion is about the WordPress software and how
people feel that they don't have adequate control over the information
that the software they installed on their server sends out to the world.
If a user's potentially-unfounded fears cause them to do something that
is reckless or dangerous (say disabling the automatic updater) and a
solution is available that would remove those fears without also
subjecting anyone else to reduced security (say being able to determine
what information is sent to the wp.org servers), then wouldn't it be in
the best interest of everyone to allow such solution? I'm sure that many
will (and I believe many already have) argue that such a solution is
available via plugins. While this is true, it does bring us to the true
question that this topic begs an answer to:
If WordPress core has a feature that causes privacy concerns, is enabled
by default, and runs automatically, is it acceptable that the only true
solution to the privacy concern requires that the user discover the
existence of a third-party plugin and then use that plugin?
Put another way, as a standard going forward, should the introduction of
core features that introduce privacy concerns also require the inclusion
in core of settings that allow the control of the information such
features send?
Will Norris makes a great point when he shows that many that are having
difficulty understanding the concerns are thinking about things
backwards, from a WordPress-provider viewpoint rather than a
WordPress-consumer viewpoint. He also makes a great point about the
bareness of the Privacy page.
Would it really be that detrimental to put an additional section in the
Privacy page talking about the updater, what information it sends, and
allowing for the control over the information that is sent? This section
could also include the privacy policy of WordPress.org so that it is
clear what the privacy policy is.
Such an addition to the Privacy page could offer two options detailing
what information is sent:
1. Default
* WordPress version and locale - This information is necessary
in order to provide updates for your WordPress software.
* Installed plugins - This information is necessary in order
to provide updates for your plugins.
* PHP and MySQL version numbers - This information allows
WordPress developers plan what software support is needed by
WordPress.
* Site address (URL) - This information is used to determine
how many installations of WordPress exist and how many of
each version is run. This helps WordPress developers plan
new release schedules. This information is only used to
generate statistical usage information and is never shared
with third parties.
* Server IP address - Due to how the internet operates, each
time your WordPress software contacts the update servers,
the update servers also receive your server's IP address.
This information is never stored.
2. Minimal
* WordPress version and locale - This information is necessary
in order to provide updates for your WordPress software.
* Installed plugins - This information is necessary in order
to provide updates for your plugins.
* Server IP address - Due to how the internet operates, each
time your WordPress software contacts the update servers,
the update servers also receive your server's IP address.
This information is never stored.
At first I thought a third option could be provided that would disable
plugin and WordPress updates while explaining that selecting that option
is not recommended for security reasons. Then I thought better of it as
it would be better to require the additional steps to disable features
that greatly improve site security.
While I have no doubt that the data gathered from the updater requests
is of great value, dismissing valid (or even invalid) privacy concerns
of users due to a lack of majority demand and due to technical or legal
arguments just to protect the gathering of data is a poor way of
responding to users.
Chris Jean
http://gaarai.com/
@chrisjean
Peter Westwood wrote:
>
> In my experience the software that asks about phone home is asking
> about sending detailed data about what you are doing with the software.
>
> For example if WordPress was recording which admin pages you visit
> most often or how often your posted / how many comments you received
> and phoning home that information I would expect to have a very visual
> opt-out.
>
> This is not what we are doing we are sending back a very simple set of
> information:
>
> * The version WordPress you are using - we need this to be able to
> give you the correct response
> * The versions of PHP and mysql you are using - we need these to be
> able to make sensible decisions about which versions we should support
> * The locale you are using - so we can offer you the update in your
> language
> * The url of the site doing the checks - so we can differentiate
> between different clients in order to aggregate the version numbers
> correctly.
>
More information about the wp-hackers
mailing list