[wp-hackers] Revisiting phone home and privacy

Eric Marden wp at xentek.net
Wed Dec 9 15:55:14 UTC 2009

On Dec 9, 2009, at 10:26 AM, Chris Jean wrote:

> I think just the fact that Peter felt the need to list the data sent  
> to the servers in order to justify how everyone's privacy concerns  
> are invalid does more to support the privacy concerns than dismiss  
> them. If we, the list of hackers of all things WordPress, had to get  
> a core dev tell us what is sent to the wp.org servers, how are  
> standard users supposed to know what is or is not sent to the wp.org  
> servers?

I think you're reading a lot more into what he posted. My feeling is  
that he was posting it to be sure that discussion remained routed in  
reality (given that people where throwing out very Orwellian, track  
every page click type of scenarios, which the software does not do).

>  * The version WordPress you are using - we need this to be able to  
> give you the correct response
>  * The locale you are using - so we can offer you the update in your  
> language

These two are needed to even provide updates. You can already turn off  
updates today, just not from an option in the admin.

>  * The url of the site doing the checks - so we can differentiate  
> between different clients in order to aggregate the version numbers  
> correctly.
>  * The versions of PHP and mysql you are using - we need these to be  
> able to make sensible decisions about which versions we should support

These two are the privacy concerns, but are pretty innocuous (for most  
people at least). Being able to turn this off (or switching to hashes  
of the info perhaps) would be welcomed, but again this needn't  
necessarily be an option in the admin, but wp-config key or other means.

- Eric Marden
tw: @xentek

More information about the wp-hackers mailing list