[development] WordPress 2.3 Spies On Users

Steven Peck sepeck at gmail.com
Tue Sep 25 17:47:09 UTC 2007

Well, Drupal has always had an opt in feature for reporting, though we
haven't done much with it except run the occasional SQL query to get
the data.  There is work done on a presentation of that data via
project module.... However .....

This is important. We should probably write up what is sent and how it
will be used in the future.  And note that it is an Opt-In setting.

On 9/25/07, Morbus Iff <morbus at disobey.com> wrote:
> Got a chuckle over this:
>    http://yro.slashdot.org/yro/07/09/25/1632246.shtml
> "Popular open-source blogging engine WordPress has been upgraded to 2.3
> — with some unexpected nasties in the mix. As of version 2.3, WordPress
> now periodically (every 12 hours) sends personally identifying
> information (blog name & URI) to the mothership, along with an alarming
> amount of information including $_SERVER dumps, a list of installed
> plugins, and your current PHP/MySQL settings. Most unfortunately, it
> does not provide any way of disabling this functionality, and WordPress
> does not have any privacy policy protecting this information. In a
> thread about the issue, lead developer Matt Mullenweg defends his
> actions and staunchly refuses to add an opt-in interface, telling users
> to 'fork WordPress' if they aren't willing to put up with this behavior."
> --
> Morbus Iff ( i know a little of everything, a lot of nothing. )
> Technical: http://www.oreillynet.com/pub/au/779
> Enjoy my: http://www.disobey.com/ and http://www.60bwc.com/
> aim: akaMorbus / skype: morbusiff / icq: 2927491 / jabber.org: morbus

More information about the development mailing list