[development] WordPress 2.3 Spies On Users

David Norman davidn at cgraphics.com
Tue Sep 25 19:12:33 UTC 2007


Angela Byron wrote:
> 
> 
> It's true that it always has been, but as of the code in HEAD right now,
> it's (currently) not.
> 
> a) update.module is enabled by default, making this "opt-out" rather
> than "opt-in."
> b) It sends off an md5 hash of the site URL and a private key variable
> with each request, the frequency of which is determined by a setting
> (defaults to daily). There is no personally identifiable information in
> this md5 string, and it is used as a key for checking update status.
> c) It is possible to "opt-out" of this behaviour, but the only way is to
> disable update.module altogether. The option in the 5.x update status
> module was removed for the core inclusion, per Dries.
> 
> I think due to this being a security tool, it makes complete sense for
> this to be opt-out, rather than opt-in. Is the lack of ability to
> prevent sending the md5 hash enough to get us in trouble with privacy
> watchdogs? I'm not sure.
> 
> -Angie
> 

I believe IP addresses are personally identifiable information,
especially where the site is configured on a dedicated box. I would
prefer to opt-in (and I will).

If nothing else, the administrator logging in, going to modules, and
activating the update module lets them know Drupal does phone home from
that module and they can do the reading in the docs to find out how
exactly it does and decide on their own. Then phoning home is not
shocking news to get people all in a panic about.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3303 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.drupal.org/pipermail/development/attachments/20070925/d477b0c4/attachment.bin 


More information about the development mailing list