[development] WordPress 2.3 Spies On Users

Khalid Baheyeldin kb at 2bits.com
Tue Sep 25 17:47:34 UTC 2007

The drupal module in 5.x sends a subset of this (site name, URI, IIRC).
The new update module in 6.x supersedes that, but I am not up to date
on the details. It includes installed modules too.

I think the data is in the DB of drupal.org.

Is it a big deal if the that info is sent? The highest rated comments so far
downplay that it is an issue at all.

On 9/25/07, Morbus Iff <morbus at disobey.com> wrote:
> Got a chuckle over this:
>    http://yro.slashdot.org/yro/07/09/25/1632246.shtml
> "Popular open-source blogging engine WordPress has been upgraded to 2.3
> — with some unexpected nasties in the mix. As of version 2.3, WordPress
> now periodically (every 12 hours) sends personally identifying
> information (blog name & URI) to the mothership, along with an alarming
> amount of information including $_SERVER dumps, a list of installed
> plugins, and your current PHP/MySQL settings. Most unfortunately, it
> does not provide any way of disabling this functionality, and WordPress
> does not have any privacy policy protecting this information. In a
> thread about the issue, lead developer Matt Mullenweg defends his
> actions and staunchly refuses to add an opt-in interface, telling users
> to 'fork WordPress' if they aren't willing to put up with this behavior."
> --
> Morbus Iff ( i know a little of everything, a lot of nothing. )
> Technical: http://www.oreillynet.com/pub/au/779
> Enjoy my: http://www.disobey.com/ and http://www.60bwc.com/
> aim: akaMorbus / skype: morbusiff / icq: 2927491 / jabber.org: morbus

Drupal development, customization and consulting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20070925/1a032060/attachment.htm 

More information about the development mailing list