[wp-hackers] Revisiting phone home and privacy

Austin Matzko if.website at gmail.com
Wed Dec 9 18:01:27 UTC 2009


On Wed, Dec 9, 2009 at 11:21 AM, Otto <otto at ottodestruct.com> wrote:
> If you don't want to send a
> list of the plugins, then *disable plugin update checks*. I mean, you
> can't have it both ways. To do update checks, you *must* send a list
> of the plugins. This seems rather obvious, yeah?

No, that is not the case.  As I already explained there is a big
difference between

- Sending a site's URL and all associated plugins at a URL
- Requesting from an IP address with perhaps a hashed URL the status
of a particular plugin.

With the former, you are revealing all the plugins at a particular
URL.  With the latter, you reveal only that a client at a particular
IP address has requested information on the status of a particular
plugin.  *Both* accomplish update checks, but only *one* is intrusive.
 *The update checks could be done without privacy intrusions.*  *We
could collect aggregate data on MySQL and PHP versions without privacy
intrusions.* I apologize for not being able to make it any clearer.

This discussion is moot; Matt decided the issue over two years ago, so
I'm not going to continue offending the sensitivities of iPhone
wp-hackers subscribers.  However, I'd be happy to continue to discuss
this off-list with anybody.


More information about the wp-hackers mailing list