[development] WordPress 2.3 Spies On Users
Morbus Iff
morbus at disobey.com
Tue Sep 25 20:07:53 UTC 2007
>> I think the main issue (and a serious one) is that this is done without
>> asking the user and without the possibility to switch it off without
>> extra work. Drupal's phone home feature has always been "opt in".
>
> Apparently, update.module in D6 is not opt-in. Bad decision.
Yes, I think that's a problem. I'd much rather it be opt-in or during
installation (for new users only, of course). Alternatively, I would
also support a admin/ page message that /always/ said "update checker is
not enabled; please check drupal.org for the latest security updates",
and have that message only be disabled through a settings.php var tweak.
There is no underscoring how important the update checker is, but
there's also no underscoring of how important people's illusion of
privacy and choice is.
--
Morbus Iff ( i put the demon back in codemonkey )
Technical: http://www.oreillynet.com/pub/au/779
Enjoy my: http://www.disobey.com/ and http://www.60bwc.com/
aim: akaMorbus / skype: morbusiff / icq: 2927491 / jabber.org: morbus
More information about the development
mailing list