[wp-hackers] Revisiting phone home and privacy

Austin Matzko if.website at gmail.com
Wed Dec 9 15:52:18 UTC 2009

On Wed, Dec 9, 2009 at 9:34 AM, Otto <otto at ottodestruct.com> wrote:
> On Wed, Dec 9, 2009 at 9:30 AM, Austin Matzko <if.website at gmail.com> wrote:
>> You omitted (in my mind) the big one:
>> * All plugins, active and inactive, in your plugins directory
> The thing is expressly designed to check for plugin updates. You can't
> check for updates to a plugin without actually telling the update
> server what the plugins actually are.

Actually, there's a big difference between these two scenarios:

- Sending a site's URL and all associated plugins at a URL
- Requesting from an IP address with perhaps a hashed URL the status
of a particular plugin.

Both accomplish the same goal of finding plugin updates; one is much
more invasive than the other.

> If this is a privacy issue for you, then there's means already
> available to disable the update checks entirely.

There's no reason to conflate the updates with the data collection.
It's possible to check for updates without collecting any data and
without revealing anything particular about the original requester
other than last proxy IP address.

More information about the wp-hackers mailing list