WordPress 2.3 Does Not Spy On Users [UPDATED] 229
Marilyn Miller writes "Popular open-source blogging engine WordPress has been upgraded to 2.3 — with some unexpected nasties in the mix. As of version 2.3, WordPress now periodically (every 12 hours) sends personally identifying information (blog name & URI) to the mothership, along with an alarming amount of information including $_SERVER dumps, a list of installed plugins, and your current PHP/MySQL settings. Most unfortunately, it does not provide any way of disabling this functionality, and WordPress does not have any privacy policy protecting this information. In a thread about the issue, lead developer Matt Mullenweg defends his actions and staunchly refuses to add an opt-in interface, telling users to 'fork WordPress' if they aren't willing to put up with this behavior." Update: 09/25 17:52 GMT by KD : This article is misleading enough to be called "just wrong." Matt Mullenweg writes: "As mentioned in our release announcement, the update notification sends your blog URL, plugins, and version info when it checks api.wordpress.org for new and compatible updates. It does not include $_SERVER dumps, or any settings beyond version numbers (for checking compatibility), or your blog name, or your credit card number. We do provide a way of disabling this feature; in fact I link to one of the plugins in the release announcement and in my original response to Morty's thread."
Breathless Hyperbole. (Score:5, Informative)
Matt Mullenweg is being very reasonable and reasoned in dealing with a small but vocal groups paranoia. In the same breath that he mentioned forking Wordpress, he also mentioned that another option is using a plugin that disables this behavior.
The submitter should be ashamed.
What Matt wrote (Score:5, Informative)
Fork we shall (Score:3, Informative)
The second way that the open source model has won, is that users who disagree with the direction the application is heading in can now fork. In fact, the head developer of the project suggests it. I'm pretty confident that this will happen and happen fast. Given that people "fork" (some say hack/crack) closed source software all the time to leave out all of the "evil" modules (See Kazaa > Kazaa Lite > Kazaa Lite K++; and don't forget cracked Windows XP) forking an open source project to leave out all of the "evil" modules should be pretty easy. I'm no developer, but I could see this being as simple as taking the original source, commenting out/removing the bad stuff, and then redistributing.
The Actual Quote (Score:2, Informative)
> If you don't trust wordpress.org, I suggest you do one of the following:
> 1. Use different software.
> 2. Fork WordPress.
> 3. Install one of the aforementioned plugins.
Re:Basically, go fork ourselves? (Score:3, Informative)
Google Cloaking (Score:5, Informative)
Re:YAY! This saves me work. (Score:3, Informative)
Thank you Mr. Did-Not-Read-The-Fscking-Article.
Re:Surprised/ (Score:5, Informative)
disable WordPress version check [wordpress.org] and disable plugin version check [wordpress.org], both of which were mentioned by Matt in the thread above.
Summary Is A Troll (Score:5, Informative)
Actually RTFA Matt's reasoning gives the opposite impression of the summary. Fork the submitter and Kdawson for greenlighting this.
--
BMO
Re:+1 (Score:3, Informative)
I'm glad Matt updated us on this... (Score:3, Informative)
Up here, we (being the government) can't buy any software package that stores the data in the USA. I can only imagine the tens of millions of lost dollars in contracts because of the Patriot Act. I would of hate to have added Matt's awesome editor to that list. Rock on Matt!
Re:well (Score:3, Informative)
"> you fixed it for people running wordpress on a machine where they have root privileges. which i'm sure is a good number, but i'm not in that group. thanks anyway."
In that case: fgrep -n 1 "api.wordpress.org" *.php > lines_of_code_I_might_want_to_change.txt