WordPress 2.3 Spies On Users
Got a chuckle over this: http://yro.slashdot.org/yro/07/09/25/1632246.shtml "Popular open-source blogging engine WordPress has been upgraded to 2.3 — with some unexpected nasties in the mix. As of version 2.3, WordPress now periodically (every 12 hours) sends personally identifying information (blog name & URI) to the mothership, along with an alarming amount of information including $_SERVER dumps, a list of installed plugins, and your current PHP/MySQL settings. Most unfortunately, it does not provide any way of disabling this functionality, and WordPress does not have any privacy policy protecting this information. In a thread about the issue, lead developer Matt Mullenweg defends his actions and staunchly refuses to add an opt-in interface, telling users to 'fork WordPress' if they aren't willing to put up with this behavior." -- Morbus Iff ( i know a little of everything, a lot of nothing. ) Technical: http://www.oreillynet.com/pub/au/779 Enjoy my: http://www.disobey.com/ and http://www.60bwc.com/ aim: akaMorbus / skype: morbusiff / icq: 2927491 / jabber.org: morbus
Morbus Iff wrote:
Got a chuckle over this:
Such outcry, while typical for the [censored] on Slashdot, should teach us to be very careful with these features. I've upped the status of http://drupal.org/node/66241 (drupal module) as the page doesn't make clear what is done. We may also need to provide some text for update status. Heine
Well, Drupal has always had an opt in feature for reporting, though we haven't done much with it except run the occasional SQL query to get the data. There is work done on a presentation of that data via project module.... However ..... This is important. We should probably write up what is sent and how it will be used in the future. And note that it is an Opt-In setting. On 9/25/07, Morbus Iff <morbus@disobey.com> wrote:
Got a chuckle over this:
http://yro.slashdot.org/yro/07/09/25/1632246.shtml
"Popular open-source blogging engine WordPress has been upgraded to 2.3 — with some unexpected nasties in the mix. As of version 2.3, WordPress now periodically (every 12 hours) sends personally identifying information (blog name & URI) to the mothership, along with an alarming amount of information including $_SERVER dumps, a list of installed plugins, and your current PHP/MySQL settings. Most unfortunately, it does not provide any way of disabling this functionality, and WordPress does not have any privacy policy protecting this information. In a thread about the issue, lead developer Matt Mullenweg defends his actions and staunchly refuses to add an opt-in interface, telling users to 'fork WordPress' if they aren't willing to put up with this behavior."
-- Morbus Iff ( i know a little of everything, a lot of nothing. ) Technical: http://www.oreillynet.com/pub/au/779 Enjoy my: http://www.disobey.com/ and http://www.60bwc.com/ aim: akaMorbus / skype: morbusiff / icq: 2927491 / jabber.org: morbus
Well, Drupal has always had an opt in feature for reporting, though we haven't done much with it except run the occasional SQL query to get the data. There is work done on a presentation of that data via project module.... However .....
This is important. We should probably write up what is sent and how it will be used in the future. And note that it is an Opt-In setting.
I agree. I tend to think the action plan should be: * get the patch to drupal.module in. * note that both drupal.module and update.module are opt-in. * note the exact data that both send, and why. And this should be included in both the README.txt (so that it is included with every distribution download) and in every future release announcement (in a smaller form that admonishes to see the README for more information). I can help work on this (though, perhaps not today as I'm about to leave). I don't have a running 6.x install anywhere, so would need sniffs on update.module. Based on looking at update.fetch.inc, it looks like we're sending only project name/version (and the IP, a side effect of the HTTP request). -- Morbus Iff ( drowning in data, bereft of knowledge. ) Technical: http://www.oreillynet.com/pub/au/779 Enjoy my: http://www.disobey.com/ and http://www.60bwc.com/ aim: akaMorbus / skype: morbusiff / icq: 2927491 / jabber.org: morbus
The drupal module in 5.x sends a subset of this (site name, URI, IIRC). The new update module in 6.x supersedes that, but I am not up to date on the details. It includes installed modules too. I think the data is in the DB of drupal.org. Is it a big deal if the that info is sent? The highest rated comments so far downplay that it is an issue at all. On 9/25/07, Morbus Iff <morbus@disobey.com> wrote:
Got a chuckle over this:
http://yro.slashdot.org/yro/07/09/25/1632246.shtml
"Popular open-source blogging engine WordPress has been upgraded to 2.3 — with some unexpected nasties in the mix. As of version 2.3, WordPress now periodically (every 12 hours) sends personally identifying information (blog name & URI) to the mothership, along with an alarming amount of information including $_SERVER dumps, a list of installed plugins, and your current PHP/MySQL settings. Most unfortunately, it does not provide any way of disabling this functionality, and WordPress does not have any privacy policy protecting this information. In a thread about the issue, lead developer Matt Mullenweg defends his actions and staunchly refuses to add an opt-in interface, telling users to 'fork WordPress' if they aren't willing to put up with this behavior."
-- Morbus Iff ( i know a little of everything, a lot of nothing. ) Technical: http://www.oreillynet.com/pub/au/779 Enjoy my: http://www.disobey.com/ and http://www.60bwc.com/ aim: akaMorbus / skype: morbusiff / icq: 2927491 / jabber.org: morbus
-- 2bits.com http://2bits.com Drupal development, customization and consulting.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Khalid Baheyeldin schrieb:
The drupal module in 5.x sends a subset of this (site name, URI, IIRC). The new update module in 6.x supersedes that, but I am not up to date on the details. It includes installed modules too.
I think the data is in the DB of drupal.org.
Is it a big deal if the that info is sent? The highest rated comments so far downplay that it is an issue at all.
I think the main issue (and a serious one) is that this is done without asking the user and without the possibility to switch it off without extra work. Drupal's phone home feature has always been "opt in". Cheers, Gerhard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG+Uy8fg6TFvELooQRAtOuAJ4odYtpUcpG4DJI/YEFT2zKpKqEkgCghYwY +WLvisIZurxg9bTimksiyJY= =UevE -----END PGP SIGNATURE-----
I don't know whether to laugh or cry. It is really sad to see a someone in a leadership role abuse their community this way. Hopefully Matt will come to his senses, add (or better, default to) an opt-in feature, and apologize for this lapse in judgment. This is being dugg as well... http://www.digg.com/security/Developers_Admit_WordPress_2_3_Spies_On_Users I think users are more likely to f*ck WorkPress than fork it. - Kevin Reynen On 9/25/07, Gerhard Killesreiter <gerhard@killesreiter.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Khalid Baheyeldin schrieb:
The drupal module in 5.x sends a subset of this (site name, URI, IIRC). The new update module in 6.x supersedes that, but I am not up to date on the details. It includes installed modules too.
I think the data is in the DB of drupal.org.
Is it a big deal if the that info is sent? The highest rated comments so far downplay that it is an issue at all.
I think the main issue (and a serious one) is that this is done without asking the user and without the possibility to switch it off without extra work. Drupal's phone home feature has always been "opt in".
Cheers, Gerhard
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG+Uy8fg6TFvELooQRAtOuAJ4odYtpUcpG4DJI/YEFT2zKpKqEkgCghYwY +WLvisIZurxg9bTimksiyJY= =UevE -----END PGP SIGNATURE-----
On 25-Sep-07, at 2:00 PM, Gerhard Killesreiter wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Khalid Baheyeldin schrieb:
The drupal module in 5.x sends a subset of this (site name, URI, IIRC). The new update module in 6.x supersedes that, but I am not up to date on the details. It includes installed modules too.
I think the data is in the DB of drupal.org.
Is it a big deal if the that info is sent? The highest rated comments so far downplay that it is an issue at all.
I think the main issue (and a serious one) is that this is done without asking the user and without the possibility to switch it off without extra work. Drupal's phone home feature has always been "opt in".
It's true that it always has been, but as of the code in HEAD right now, it's (currently) not. a) update.module is enabled by default, making this "opt-out" rather than "opt-in." b) It sends off an md5 hash of the site URL and a private key variable with each request, the frequency of which is determined by a setting (defaults to daily). There is no personally identifiable information in this md5 string, and it is used as a key for checking update status. c) It is possible to "opt-out" of this behaviour, but the only way is to disable update.module altogether. The option in the 5.x update status module was removed for the core inclusion, per Dries. I think due to this being a security tool, it makes complete sense for this to be opt-out, rather than opt-in. Is the lack of ability to prevent sending the md5 hash enough to get us in trouble with privacy watchdogs? I'm not sure. -Angie
On 9/25/07, Angela Byron <drupal-devel@webchick.net> wrote:
On 25-Sep-07, at 2:00 PM, Gerhard Killesreiter wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Khalid Baheyeldin schrieb:
The drupal module in 5.x sends a subset of this (site name, URI, IIRC). The new update module in 6.x supersedes that, but I am not up to date on the details. It includes installed modules too.
I think the data is in the DB of drupal.org.
Is it a big deal if the that info is sent? The highest rated comments so far downplay that it is an issue at all.
I think the main issue (and a serious one) is that this is done without asking the user and without the possibility to switch it off without extra work. Drupal's phone home feature has always been "opt in".
It's true that it always has been, but as of the code in HEAD right now, it's (currently) not.
a) update.module is enabled by default, making this "opt-out" rather than "opt-in." b) It sends off an md5 hash of the site URL and a private key variable with each request, the frequency of which is determined by a setting (defaults to daily). There is no personally identifiable information in this md5 string, and it is used as a key for checking update status. c) It is possible to "opt-out" of this behaviour, but the only way is to disable update.module altogether. The option in the 5.x update status module was removed for the core inclusion, per Dries.
I think due to this being a security tool, it makes complete sense for this to be opt-out, rather than opt-in. Is the lack of ability to prevent sending the md5 hash enough to get us in trouble with privacy watchdogs? I'm not sure.
-Angie
Wait.... are we talking update module that checks for updated software versions or the Drupal module that actively sends information on installed software back to d.o. ? Now, update module getting a version update check to notify a user without sending information is one thing..... If it does send then we NEED to document what it sends and what is done with it. Opting in for sending modules used statistics back was something in the past that was discussed as campaigning to get voluntary buy in from people and documenting it as why it benefits the user community. So... before we wander to far a field. Which will we be doing in D6 and are they two separate conversations? Steven
On 25-Sep-07, at 3:04 PM, Steven Peck wrote:
On 9/25/07, Angela Byron <drupal-devel@webchick.net> wrote:
On 25-Sep-07, at 2:00 PM, Gerhard Killesreiter wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Khalid Baheyeldin schrieb:
The drupal module in 5.x sends a subset of this (site name, URI, IIRC). The new update module in 6.x supersedes that, but I am not up to date on the details. It includes installed modules too.
I think the data is in the DB of drupal.org.
Is it a big deal if the that info is sent? The highest rated comments so far downplay that it is an issue at all.
I think the main issue (and a serious one) is that this is done without asking the user and without the possibility to switch it off without extra work. Drupal's phone home feature has always been "opt in".
It's true that it always has been, but as of the code in HEAD right now, it's (currently) not.
a) update.module is enabled by default, making this "opt-out" rather than "opt-in." b) It sends off an md5 hash of the site URL and a private key variable with each request, the frequency of which is determined by a setting (defaults to daily). There is no personally identifiable information in this md5 string, and it is used as a key for checking update status. c) It is possible to "opt-out" of this behaviour, but the only way is to disable update.module altogether. The option in the 5.x update status module was removed for the core inclusion, per Dries.
I think due to this being a security tool, it makes complete sense for this to be opt-out, rather than opt-in. Is the lack of ability to prevent sending the md5 hash enough to get us in trouble with privacy watchdogs? I'm not sure.
-Angie
Wait.... are we talking update module that checks for updated software versions or the Drupal module that actively sends information on installed software back to d.o. ?
Update module. Drupal module hasn't changed, so there's nothing new there; the statistics gathering portion of it is still opt-in, and it still sends personally identifiable information (and lots of it). Update module is the thing that's changed in Drupal 6, and is analogous to the WordPress functionality that's being so hotly debated in that slashdot thread. -Angie
On Sep 25, 2007, at 2:04 PM, Steven Peck wrote:
Now, update module getting a version update check to notify a user without sending information is one thing..... If it does send then we NEED to document what it sends and what is done with it.
Opting in for sending modules used statistics back was something in the past that was discussed as campaigning to get voluntary buy in from people and documenting it as why it benefits the user community.
So... before we wander to far a field. Which will we be doing in D6 and are they two separate conversations?
My understanding is that *anonymized* site information -- a hash of the url rather than the url itself -- is used as a key for module usage information that we store for statistical purposes. There is presently, AFAIK, no way to separate this functionality from the update notification. --Jeff
Angela Byron wrote:
It's true that it always has been, but as of the code in HEAD right now, it's (currently) not.
a) update.module is enabled by default, making this "opt-out" rather than "opt-in." b) It sends off an md5 hash of the site URL and a private key variable with each request, the frequency of which is determined by a setting (defaults to daily). There is no personally identifiable information in this md5 string, and it is used as a key for checking update status. c) It is possible to "opt-out" of this behaviour, but the only way is to disable update.module altogether. The option in the 5.x update status module was removed for the core inclusion, per Dries.
I think due to this being a security tool, it makes complete sense for this to be opt-out, rather than opt-in. Is the lack of ability to prevent sending the md5 hash enough to get us in trouble with privacy watchdogs? I'm not sure.
-Angie
I believe IP addresses are personally identifiable information, especially where the site is configured on a dedicated box. I would prefer to opt-in (and I will). If nothing else, the administrator logging in, going to modules, and activating the update module lets them know Drupal does phone home from that module and they can do the reading in the docs to find out how exactly it does and decide on their own. Then phoning home is not shocking news to get people all in a panic about.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerhard Killesreiter schrieb:
Khalid Baheyeldin schrieb:
The drupal module in 5.x sends a subset of this (site name, URI, IIRC). The new update module in 6.x supersedes that, but I am not up to date on the details. It includes installed modules too.
I think the data is in the DB of drupal.org.
Is it a big deal if the that info is sent? The highest rated comments so far downplay that it is an issue at all.
I think the main issue (and a serious one) is that this is done without asking the user and without the possibility to switch it off without extra work. Drupal's phone home feature has always been "opt in".
Apparently, update.module in D6 is not opt-in. Bad decision. Cheers, Gerhard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG+Vmmfg6TFvELooQRApXNAJ0eOIQTRktWLwcsnoAxdRVX5BdmvgCgu4Er n4kIQNNUtg2/gFerBrQELDE= =/QWn -----END PGP SIGNATURE-----
How about making it opt in, with an option for it in the installer? Maybe label it 'Enabled (more security)' and 'Disabled(more privacy).' We could tell the users to go to admin/build/modules to change it in the description. -Mike __________________ Michael Prasuhn mike@mikeyp.net mikeyp.phone@gmail.com phone 714.356.0168 cell 949.200.7670 fax -----Original Message----- From: Gerhard Killesreiter <gerhard@killesreiter.de> Date: Tue, 25 Sep 2007 20:55:34 To:development@drupal.org Subject: Re: [development] WordPress 2.3 Spies On Users -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gerhard Killesreiter schrieb:
Khalid Baheyeldin schrieb:
The drupal module in 5.x sends a subset of this (site name, URI, IIRC). The new update module in 6.x supersedes that, but I am not up to date on the details. It includes installed modules too.
I think the data is in the DB of drupal.org.
Is it a big deal if the that info is sent? The highest rated comments so far downplay that it is an issue at all.
I think the main issue (and a serious one) is that this is done without asking the user and without the possibility to switch it off without extra work. Drupal's phone home feature has always been "opt in".
Apparently, update.module in D6 is not opt-in. Bad decision. Cheers, Gerhard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFG+Vmmfg6TFvELooQRApXNAJ0eOIQTRktWLwcsnoAxdRVX5BdmvgCgu4Er n4kIQNNUtg2/gFerBrQELDE= =/QWn -----END PGP SIGNATURE-----
Michael Prasuhn wrote:
How about making it opt in, with an option for it in the installer?
This is nice to have, but let's face it: The really annoying issue here is not the actual information retrieval, but the way Mark of WP related to it, as being a must, with no way out - take it or leave it. This makes the /human/ side of the system very unreliable, as opposed to Drupal where, so far, there is a lot of respect and consideration to end users. An opt-out option (for software updates) achieves both needs: 1. It keeps the system secured 2. It lets the user decide, keeping the software (i.e., the Drupal project) reliable And let also remember that the Drupal module IS turned off by default, as mentioned before. Zohar
Zohar Stolar wrote:
Michael Prasuhn wrote:
How about making it opt in, with an option for it in the installer?
This is nice to have, but let's face it: The really annoying issue here is not the actual information retrieval, but the way Mark of WP related to it, as being a must, with no way out - take it or leave it. This makes the /human/ side of the system very unreliable, as opposed to Drupal where, so far, there is a lot of respect and consideration to end users.
An opt-out option (for software updates) achieves both needs: 1. It keeps the system secured 2. It lets the user decide, keeping the software (i.e., the Drupal project) reliable
And let also remember that the Drupal module IS turned off by default, as mentioned before.
Zohar
I have seen many comments against Matt (not mark), the creator of wordpress, here and all of them are based off of that 1 paragraph unfortunately posted on Slashdot. Matt was not rude in any way, he simply explained what wordpress does and in no way ever suggested to fork wordpress as the article mentioned. Before making such wrong statements about someone please do the research. Here is the the Matt's comment (http://groups.google.com/group/wp-hackers/browse_thread/thread/bdced7524fa79...) that the article so wrongly butchers it that slashdot has already updated the article. There is not even a single instance of the word "fork" in the entire thread. As Matt and Angie have said with respect to the topic of sharing information, drupal and wordpress are very much a like. -- Alan D.
DragonWize wrote:
I have seen many comments against Matt (not mark), the creator of wordpress
Right, it's Matt, not Mark, sorry for that.
Before making such wrong statements about someone please do the research. Here is the the Matt's comment (http://groups.google.com/group/wp-hackers/browse_thread/thread/bdced7524fa79...) that the article so wrongly butchers it that slashdot has already updated the article. There is not even a single instance of the word "fork" in the entire thread. Here is where that word appears, in the same thread : http://groups.google.com/group/wp-hackers/msg/f8b5bc6efc4a4005
Matt may not be rude, but he is ignoring what Morbus Iff elegantly called "people's illusion of privacy and choice". Users should have the choice to keep their details private. When you launch an open source project, and distribute it freely, you shouldn't expect everyone to tell you exactly HOW they use it. It's the freedom of choice which brings people to open source CMS, and the lack of it can scare them away. The power of Drupal is it's flexibility and the fact that apart from few modules that are considered crucial for the system's operation, all the rest is a matter of choice... even if you choose to be less secured. opt-in or opt-out - it's the existence of the option that counts. (and... if I may.... The freedom of choice is one of the most ancient theological issues... hasn't it been marked as 'fixed' yet?)
On Tue, 25 Sep 2007 23:20:18 +0200, Zohar Stolar <stolar@gmail.com> wrote:
DragonWize wrote:
I have seen many comments against Matt (not mark), the creator of wordpress
Right, it's Matt, not Mark, sorry for that.
Before making such wrong statements about someone please do the research. Here is the the Matt's comment
(http://groups.google.com/group/wp-hackers/browse_thread/thread/bdced7524fa79...)
that the article so wrongly butchers it that slashdot has already updated the article. There is not even a single instance of the word "fork" in the entire thread. Here is where that word appears, in the same thread : http://groups.google.com/group/wp-hackers/msg/f8b5bc6efc4a4005
Matt may not be rude, but he is ignoring what Morbus Iff elegantly called "people's illusion of privacy and choice". Users should have the choice to keep their details private. When you launch an open source project, and distribute it freely, you shouldn't expect everyone to tell you exactly HOW they use it. It's the freedom of choice which brings people to open source CMS, and the lack of it can scare them away.
The power of Drupal is it's flexibility and the fact that apart from few modules that are considered crucial for the system's operation, all the rest is a matter of choice... even if you choose to be less secured. opt-in or opt-out - it's the existence of the option that counts.
(and... if I may.... The freedom of choice is one of the most ancient theological issues... hasn't it been marked as 'fixed' yet?)
Dude, we can't even get node 8 to be marked fixed. You expect us to RTBC questions about life philosophy? Seriously though, I think on-by-default is still a good idea for security, but we do need to be clear that it's happening and how it can be disabled. It seems this discussion has now migrated to the issue queue, though, so let's continue there. --Larry Garfield
why not allow people to check off what modules they want to be installed during /default/ install phase? it should be as simple as scanning modules directory during install and aside from the /must be turned on for system to operate/ modules, the rest should be displayed and given an option to enable during install. making few /advised/ modules more evident than others(perhaps different background on that module's table row) could do the trick. On 9/25/07, Larry Garfield <larry@garfieldtech.com> wrote:
On Tue, 25 Sep 2007 23:20:18 +0200, Zohar Stolar <stolar@gmail.com> wrote:
DragonWize wrote:
I have seen many comments against Matt (not mark), the creator of wordpress
Right, it's Matt, not Mark, sorry for that.
Before making such wrong statements about someone please do the research. Here is the the Matt's comment
(
http://groups.google.com/group/wp-hackers/browse_thread/thread/bdced7524fa79... )
that the article so wrongly butchers it that slashdot has already updated the article. There is not even a single instance of the word "fork" in the entire thread. Here is where that word appears, in the same thread : http://groups.google.com/group/wp-hackers/msg/f8b5bc6efc4a4005
Matt may not be rude, but he is ignoring what Morbus Iff elegantly called "people's illusion of privacy and choice". Users should have the choice to keep their details private. When you launch an open source project, and distribute it freely, you shouldn't expect everyone to tell you exactly HOW they use it. It's the freedom of choice which brings people to open source CMS, and the lack of it can scare them away.
The power of Drupal is it's flexibility and the fact that apart from few modules that are considered crucial for the system's operation, all the rest is a matter of choice... even if you choose to be less secured. opt-in or opt-out - it's the existence of the option that counts.
(and... if I may.... The freedom of choice is one of the most ancient theological issues... hasn't it been marked as 'fixed' yet?)
Dude, we can't even get node 8 to be marked fixed. You expect us to RTBC questions about life philosophy?
Seriously though, I think on-by-default is still a good idea for security, but we do need to be clear that it's happening and how it can be disabled. It seems this discussion has now migrated to the issue queue, though, so let's continue there.
--Larry Garfield
-- Oleg Terenchuk Web Manager / Developer Phone: 917 - 306 - 5653
sorry, i meant to say /default profile/ not "phase" On 9/25/07, Oleg Terenchuk <litwol@gmail.com> wrote:
why not allow people to check off what modules they want to be installed during /default/ install phase? it should be as simple as scanning modules directory during install and aside from the /must be turned on for system to operate/ modules, the rest should be displayed and given an option to enable during install. making few /advised/ modules more evident than others(perhaps different background on that module's table row) could do the trick.
On 9/25/07, Larry Garfield <larry@garfieldtech.com> wrote:
On Tue, 25 Sep 2007 23:20:18 +0200, Zohar Stolar <stolar@gmail.com> wrote:
DragonWize wrote:
I have seen many comments against Matt (not mark), the creator of wordpress
Right, it's Matt, not Mark, sorry for that.
Before making such wrong statements about someone please do the research. Here is the the Matt's comment
(http://groups.google.com/group/wp-hackers/browse_thread/thread/bdced7524fa79...
)
that the article so wrongly butchers it that slashdot has already updated the article. There is not even a single instance of the word "fork" in the entire thread. Here is where that word appears, in the same thread : http://groups.google.com/group/wp-hackers/msg/f8b5bc6efc4a4005
Matt may not be rude, but he is ignoring what Morbus Iff elegantly called "people's illusion of privacy and choice". Users should have the choice to keep their details private. When you launch an open source project, and distribute it freely, you shouldn't
expect everyone to tell you exactly HOW they use it. It's the freedom of choice which brings people to open source CMS, and the lack of it can scare them away.
The power of Drupal is it's flexibility and the fact that apart from few modules that are considered crucial for the system's operation, all the rest is a matter of choice... even if you choose to be less secured. opt-in or opt-out - it's the existence of the option that counts.
(and... if I may.... The freedom of choice is one of the most ancient theological issues... hasn't it been marked as 'fixed' yet?)
Dude, we can't even get node 8 to be marked fixed. You expect us to RTBC questions about life philosophy?
Seriously though, I think on-by-default is still a good idea for security, but we do need to be clear that it's happening and how it can be disabled. It seems this discussion has now migrated to the issue queue, though, so let's continue there.
--Larry Garfield
-- Oleg Terenchuk Web Manager / Developer Phone: 917 - 306 - 5653
-- Oleg Terenchuk Web Manager / Developer Phone: 917 - 306 - 5653
I think the main issue (and a serious one) is that this is done without asking the user and without the possibility to switch it off without extra work. Drupal's phone home feature has always been "opt in".
Apparently, update.module in D6 is not opt-in. Bad decision.
Yes, I think that's a problem. I'd much rather it be opt-in or during installation (for new users only, of course). Alternatively, I would also support a admin/ page message that /always/ said "update checker is not enabled; please check drupal.org for the latest security updates", and have that message only be disabled through a settings.php var tweak. There is no underscoring how important the update checker is, but there's also no underscoring of how important people's illusion of privacy and choice is. -- Morbus Iff ( i put the demon back in codemonkey ) Technical: http://www.oreillynet.com/pub/au/779 Enjoy my: http://www.disobey.com/ and http://www.60bwc.com/ aim: akaMorbus / skype: morbusiff / icq: 2927491 / jabber.org: morbus
On 25 Sep 2007, at 22:07, Morbus Iff wrote:
Yes, I think that's a problem. I'd much rather it be opt-in or during installation (for new users only, of course). Alternatively, I would also support a admin/ page message that /always/ said "update checker is not enabled; please check drupal.org for the latest security updates", and have that message only be disabled through a settings.php var tweak. There is no underscoring how important the update checker is, but there's also no underscoring of how important people's illusion of privacy and choice is.
I think the optimal solution is to: 1. Make it opt-in instead of opt-out. 2. Increase the number of people that opt-in by asking them during installation. -- Dries Buytaert :: http://www.buytaert.net/
Ah, there was an update by Matt: http://yro.slashdot.org/yro/07/09/25/1632246.shtml "Wordpress 2.3 Does Not Spy On Users" Its only an update checker... -- Stefan Borchert stefan@borchert.cc
participants (16)
-
Angela Byron -
David Norman -
DragonWize -
Dries Buytaert -
Gerhard Killesreiter -
Heine Deelstra -
Jeff Eaton -
Kevin Reynen -
Khalid Baheyeldin -
Larry Garfield -
Michael Prasuhn -
Morbus Iff -
Oleg Terenchuk -
Stefan Borchert -
Steven Peck -
Zohar Stolar