Forgot your password?
typodupeerror
Privacy Software

WordPress 2.3 Does Not Spy On Users [UPDATED] 229

Posted by kdawson
from the if-you-don't-like-it-fork-it dept.
Marilyn Miller writes "Popular open-source blogging engine WordPress has been upgraded to 2.3 — with some unexpected nasties in the mix. As of version 2.3, WordPress now periodically (every 12 hours) sends personally identifying information (blog name & URI) to the mothership, along with an alarming amount of information including $_SERVER dumps, a list of installed plugins, and your current PHP/MySQL settings. Most unfortunately, it does not provide any way of disabling this functionality, and WordPress does not have any privacy policy protecting this information. In a thread about the issue, lead developer Matt Mullenweg defends his actions and staunchly refuses to add an opt-in interface, telling users to 'fork WordPress' if they aren't willing to put up with this behavior." Update: 09/25 17:52 GMT by KD : This article is misleading enough to be called "just wrong." Matt Mullenweg writes: "As mentioned in our release announcement, the update notification sends your blog URL, plugins, and version info when it checks api.wordpress.org for new and compatible updates. It does not include $_SERVER dumps, or any settings beyond version numbers (for checking compatibility), or your blog name, or your credit card number. We do provide a way of disabling this feature; in fact I link to one of the plugins in the release announcement and in my original response to Morty's thread."
This discussion has been archived. No new comments can be posted.

WordPress 2.3 Does Not Spy On Users [UPDATED]

Comments Filter:
  • by Some guy named Chris (9720) on Tuesday September 25, 2007 @12:50PM (#20745225) Journal
    Read the thread. This isn't a developer admitting to spying on users. This is debate over a new feature written to help you keep from getting your blog haxored. They are collecting server and plugin data to help you to keep your software up to date.

    Matt Mullenweg is being very reasonable and reasoned in dealing with a small but vocal groups paranoia. In the same breath that he mentioned forking Wordpress, he also mentioned that another option is using a plugin that disables this behavior.

    The submitter should be ashamed.
  • What Matt wrote (Score:5, Informative)

    by imaginaryelf (862886) on Tuesday September 25, 2007 @12:51PM (#20745257)

    Message-ID:
    Date: Sun, 23 Sep 2007 12:35:26 -0700
    From: Matt Mullenweg
    To: wp-hack...@lists.automattic.com
    Subject: Re: [wp-hackers] Plugin update & security / privacy
    References:
    In-Reply-To:

    Moritz 'Morty' Strübe wrote:
    > I know this will not change until Monday, but is it really necessary to
    > transmit the URL?

    Your blog URL and version has been sent by default for 4+ years to every
    ping service in the world, including Ping-O-Matic, every time you make a
    post. Of course you can turn that off, just like you can turn update
    notification off, but statistically no one does.

    The only new information being sent by the update checker is PHP version
    and a list of plugins. If you don't like that feature, please install a
    plugin to disable it:

    http://wordpress.org/extend/plugins/disable-wordpress-core-update/ [wordpress.org]
    http://wordpress.org/extend/plugins/disable-wordpress-plugin-updates/ [wordpress.org]

    Of course don't forget the WP dev blog and planet RSS feeds, and most
    importantly the incoming links feed which ALSO transmits your blog URL.

    I would also recommend disabling the updates in Mac OS X, Firefox,
    Windows, Thunderbird, Adobe Photoshop, and any other third-party
    applications you have. As all of those are tied to your personal IP and
    not your server IP they have far more implications for privacy.

    > If that database
    > gets public and you find a security bug in one of the plugins - there
    > are enough - you can start a _very_ effective attack!

    Such an attack would not be more effective, it would just be more
    efficient. Historically, however, scripts that attack against WordPress
    don't bother checking the version or if a plugin is there or not, they
    just seek out every WP blog and check the specific capability or
    vulnerability.

    Nevertheless, we're beefing up the infrastructure and security of
    WordPress.org, which Barry is working on right this instant. In 2 years
    of running WordPress.com and Akismet, two extraordinarily
    high-visibility targets, there has never been a problem on a server
    Barry set up. The only problems we've had (once on WP.org, once on
    PhotoMatt) have been things I set up, and I'm not setting up these new
    ones. :)

    I think this feature is actually going to dramatically improve the
    security of WordPress overall. We all saw the survey that 95% of WP
    blogs were vulnerable. That didn't even look a plugins. I think the
    survey was flawed, but you still can't deny that for most people knowing
    there is an update and actually updating just doesn't happen, and this
    is a necessary first step. If the only "trade-off" is sending an ALREADY
    PUBLIC blog URL to wordpress.org, then great!

    I would like to remind the participants of this thread that WP.org !=
    Automattic, so to be fair to the members of both please distinguish
    which you're referring to.
  • Fork we shall (Score:3, Informative)

    by businessnerd (1009815) on Tuesday September 25, 2007 @12:54PM (#20745303)
    This is once again proof that the open source model is a good thing for users and protects us from unknowingly being used as pawns. The win is two fold here. First, the source was open, so that it was available for audit by anyone. This appears to be how this functionality was discovered. Someone noticed what the code was doing and raised a red flag. Now the users are aware and can make a choice in whether they will make the upgrade, not make the upgrade or turn to a new application. In the closed source world, often we are unaware of "unsavory code" while we use it for some time, all the while being subjected to its unsavory effects.

    The second way that the open source model has won, is that users who disagree with the direction the application is heading in can now fork. In fact, the head developer of the project suggests it.

    Matt Mullenweg defends his actions and staunchly refuses to add an opt-in interface, telling users to 'fork WordPress' if they aren't willing to put up with this behavior."
    I'm pretty confident that this will happen and happen fast. Given that people "fork" (some say hack/crack) closed source software all the time to leave out all of the "evil" modules (See Kazaa > Kazaa Lite > Kazaa Lite K++; and don't forget cracked Windows XP) forking an open source project to leave out all of the "evil" modules should be pretty easy. I'm no developer, but I could see this being as simple as taking the original source, commenting out/removing the bad stuff, and then redistributing.
  • The Actual Quote (Score:2, Informative)

    by michaelkpate (260010) on Tuesday September 25, 2007 @12:57PM (#20745349) Homepage
    Since no had actually linked the Fork comment, http://groups.google.com/group/wp-hackers/browse_thread/thread/bdced7524fa79a18/f8b5bc6efc4a4005#f8b5bc6efc4a4005 [google.com]

    > If you don't trust wordpress.org, I suggest you do one of the following:

    > 1. Use different software.
    > 2. Fork WordPress.
    > 3. Install one of the aforementioned plugins.
  • by Laebshade (643478) <laebshade@gmail.com> on Tuesday September 25, 2007 @12:59PM (#20745377)
    The "fork wordpress" comment by Matt is taken out of context. See the link in the summary [google.com] and do a ctrl+f search for "Matt Mullenweg".
  • Google Cloaking (Score:5, Informative)

    by Trillan (597339) on Tuesday September 25, 2007 @01:05PM (#20745487) Homepage Journal
    For those wondering what the big deal is, I expect a lot of the reaction is fueled by memories of Mullenweg being caught google cloaking [theregister.co.uk] in 2005. Once someone loses your trust, you don't really want to share any data with them.
  • by thenextpresident (559469) on Tuesday September 25, 2007 @01:09PM (#20745555) Homepage Journal
    Dear god, you know that your slashdot comments show your URL?!?? You'd better stop there!

    Thank you Mr. Did-Not-Read-The-Fscking-Article.
  • Re:Surprised/ (Score:5, Informative)

    by ZaMoose (24734) on Tuesday September 25, 2007 @01:09PM (#20745559)
    Not true. There are two plugins that explicitly disable this functionality:
    disable WordPress version check [wordpress.org] and disable plugin version check [wordpress.org], both of which were mentioned by Matt in the thread above.
  • Summary Is A Troll (Score:5, Informative)

    by bmo (77928) on Tuesday September 25, 2007 @01:20PM (#20745709)
    And not only is it a troll, it's tinfoil haberdashery and skating _really close_ to Libel.

    Actually RTFA Matt's reasoning gives the opposite impression of the summary. Fork the submitter and Kdawson for greenlighting this.

    --
    BMO
  • Re:+1 (Score:3, Informative)

    by ZaMoose (24734) on Tuesday September 25, 2007 @01:56PM (#20746221)
    The thinking was (as per Matt's post):

    The system was designed to keep the client side as light as possible so
    the heavy lifting can be done on the server side, allowing us a lot more
    flexibility and agility in adapting the service as it gets rolled out
    and evolves.

    For example right now nothing is done with regards to localization, but
    because of the data being sent and the lightness of the client side we
    could introduce that feature in the future without having to update
    every install of WordPress in the world. This philosophy has worked very
    well for Akismet over the past 2 years. I believe it is also the best
    approach for WordPress.

    Today the server does basically nothing, no logging, no analysis, no
    stats, it's just designed to be as fast as possible since I don't know
    what type of impact 2.3 is going to have on api.wordpress.org. In the
    future, however, I think there is a lot of room to grow it, particularly
    once we take updates to the next step and allow people to
    upgrade/install things with one click from their dashboard.
  • by Mr.Fork (633378) <edward...j...reddy@@@gmail...com> on Tuesday September 25, 2007 @02:04PM (#20746317) Journal
    Canada's privacy law is pretty strict against the unauthorized sending in of personally identifiable information, especially one that sends it to an American server. There, the Patriot act allows the government to capture Matt's database. And the kicker, he is not allowed to tell you.

    Up here, we (being the government) can't buy any software package that stores the data in the USA. I can only imagine the tens of millions of lost dollars in contracts because of the Patriot Act. I would of hate to have added Matt's awesome editor to that list. Rock on Matt!
  • Re:well (Score:3, Informative)

    by trolltalk.com (1108067) on Tuesday September 25, 2007 @02:14PM (#20746419) Homepage Journal

    "> you fixed it for people running wordpress on a machine where they have root privileges. which i'm sure is a good number, but i'm not in that group. thanks anyway."

    In that case: fgrep -n 1 "api.wordpress.org" *.php > lines_of_code_I_might_want_to_change.txt

To do nothing is to be nothing.

Working...