[wp-hackers] Revisiting phone home and privacy

Otto otto at ottodestruct.com
Wed Dec 9 16:15:35 UTC 2009

On Wed, Dec 9, 2009 at 9:52 AM, Austin Matzko <if.website at gmail.com> wrote:
> Actually, there's a big difference between these two scenarios:
> - Sending a site's URL and all associated plugins at a URL
> - Requesting from an IP address with perhaps a hashed URL the status
> of a particular plugin.
> Both accomplish the same goal of finding plugin updates; one is much
> more invasive than the other.

So, I assume you have disabled all XML-RPC pings and turned your site
to Private mode (Settings-Privacy) which prevents search engines from
indexing your site as well?

Because, by default, WordPress sends your URL to Pingomatic every
single time you post. That's sort of the whole point of XML-RPC pings.
And, Pingomatic is owned by Automattic, in case you were unaware.

> There's no reason to conflate the updates with the data collection.

Sure there is, because the only "data collection" in the sense you
mean it is the PHP and MySQL version numbers. That's the *only* thing
sent that is used for statistical information.

> It's possible to check for updates without collecting any data and
> without revealing anything particular about the original requester
> other than last proxy IP address.

So, what is it, precisely, that you object to with the existing data
collection. What piece of information is being sent that you consider
to be private and would not want to send? No theoretical arguments,
please. You know the data being sent, it's been posted here.
Specifically which piece concerns you, exactly? Why?


More information about the wp-hackers mailing list