on September 25th, 2007WordPress 2.3 - Privacy Issue - My Thoughts
WordPress 2.3 is officially released yesterday and simultaneously a new controversy started brewing as well.
New Feature:
WordPress 2.3 introduces a new feature called “update notification”.
What it does?
Whenever you [mostly the administrator of the blog] login to your WordPress installation, It checks the version of WordPress and any plugins you installed and notifies you if there are new versions of them.
Sounds Good. How is it achieved?
Your WordPress installation sends the data about your website, to a remote server [WordPress.org] and receives the information from that Server and notifies you if there are new versions.
Cool. What is the problem with this?
The Problem is with the data that is being sent. It is sending personally identifiable information such as your website’s URL, your hosting server’s capabilities, your host’s IP address, the list of plugins you are using and their versions to WordPress.org.
How would they use this information?
When asked, they do not even know what is the use of knowing your website’s URL but their response was “they will find some use for it in the future“.
We will have an option to turn this feature off. right?
No. There wont be any option that you can go and uncheck. You should grab the following two plugins and install them, according to the same discussion.
1.http://wordpress.org/extend/plugins/disable-wordpress-core-update/
2.http://wordpress.org/extend/plugins/disable-wordpress-plugin-updates/.
Ok. at least there are some options for those who know how to upload new plugins and install them.
but how about those innocent people who does not know how to install these two plugins?
Those websites will send that information to WordPress.Org and they will use it according to their privacy policy.
Thats all I have for now and if I come to know more things, I will update this post.
This is a bit missleading - just because an option on the admin ui is not provided does not mean the feature is not optional.
Those plugins provide the easy way of turning the feature off - WordPress has a lot of optional functionality that you can disable in this way look at wp-includes/default-filters.php for a long list of functionality implemented in this way.
Those who follow me for the past couple of years would know how much I love WordPress.
I am not trying to mislead anyone to believe WordPress is doing something wrong.
but when people are asking questions, please see what kind of response they get.
as you can see in this link. http://comox.textdrive.com/pipermail/wp-hackers/2007-September/014868.html
This is the answer that made me write this post.
It could very well be addressed something like this.
“We are already on a “code freeze” for the 2.3 release and so we would try to include an admin option in the next version of WordPress.”
This is the kind of step I want them to take.
I know there are so many optional functionality in WordPress, but when you are adding a new feature that could potentially collect personally identifiable information, they should make the user aware of what is going on.
That is the missing thing here.
I agree, Sadish. Matt was irresponsible in the way he handled that response. He seemed a little … too over-protective.
The comment about not being sure about what they will do with the info, but “will find some use for it in the future” is inherently wrong — especially for an open-source, supposedly open, supposedly “friendly” community that wants to grow.
More and more, it looks like Founder’s Syndrome has set in among the clique that’s formed in “the community”, and if you’re not in that clique, well, you’re a nobody and ought be discarded — oh, but use WordPress!
I agree with you.
now i am aware about it.
thanks
I never thought of it that way or even thought about how the plugins would be able to check for a version. I thought a simple check of plugin name and version would be all that is required. But the extra data?
You could say a company could be trusted with your data so far. But looking at the history of Wordpress.com spamming the search engines, I assume that a cheat could be capable of the same or more again.
This doesn’t concern me too much, for a couple of reasons.
First, you’re misusing the term “personally identifiable information.” While some of the info they send back isn’t public knowledge, it’s doesn’t identify an individual. That’s what “personally identifiable” means.
Second, it doesn’t look like they’re sending all the data you list. The only new information being sent by the update checker is PHP version and a list of plugins.
It does appear that this opens up a slight new possibility of a security vulnerability, but it looks like the odds are very slight. It certainly isn’t like they’re suddenly sending personal information about you back to the mothership. This is some pretty benign stuff.
1. For me, my website’s URL is a personally identifiable information. The moment someone knows my URL, they know who is running it.
2. They do send your blog’s url along with the plugins and their version numbers.
I am not trying to suggest wordpress.org will misuse the information sent to them.
I am just trying to make people aware of what is being sent back to the mothership, and what plugins they need to install if they do not want this information to be sent.
Thats all.
Thanks.
As Sadish has said, the vulnerability is there.
Put WP, as an organization, aside. Let’s look at the vulnerability as just that: a vulnerability.
Next week Bill Snoaks is going to write a plugin that does everything three current, very popular plugins do, but, instead of having to use all three, you use just one, plus — it has a few other goodies built in. On top of that, though, Bill also adds a snip of coding to call home — to his site (he isn’t uploading the plugin to the WP Plugin site, but rather self-hosting the plugin. He uses this vulnerability to have the “call home” feature relay all that information to him, which is now stored in a database. Big deal, right?
Bill takes that database, sells it or gives it to friends. They now know the URL of the site, the version software you’re running (easily discernable by visiting the site and/or doing VIEW SOURCE unless, of course, the site has snipped some footer content, as well as header content, to get rid of WP’s versioning info). Instead of having to hunt down each site, Bill’s plugin is now calling home with info on a few thousand sites, at least.
What could happen as a result? I dunno, why don’t you tell me?
I agree with you.
now i am aware about it.
thanks
[...] anyone who is starting their blog right now, they can just install the WordPress 2.3 [and some plugins if they are privacy conscious] and start using one of my upgraded [...]
Thanks, Sadish, for this information. When I looked around today to see what the new features were in WP 2.3, I couldn’t quickly find any info. I hopped over to your site to see if an update to one of your cool themes (The Office) was available and came across this post — which gave me exactly the kind of info I would have expected to find in a WordPress update. I have long been a little aggravated with the “automatic” updates and posting in my WP Admin Panel as there was no easy way to get rid of them without them reappearing on every WordPress update. I, too, love WordPress but I hate to see any “bad behavior” creeping into it. Any “call home” function that is not absolutely necessary (and not well explained) begins the creeping phase. Hopefully the developers will continue to guard the code and our privacy as they have done so well in the past.