WordPress 2.3 Does Not Spy On Users [UPDATED] 229
Marilyn Miller writes "Popular open-source blogging engine WordPress has been upgraded to 2.3 — with some unexpected nasties in the mix. As of version 2.3, WordPress now periodically (every 12 hours) sends personally identifying information (blog name & URI) to the mothership, along with an alarming amount of information including $_SERVER dumps, a list of installed plugins, and your current PHP/MySQL settings. Most unfortunately, it does not provide any way of disabling this functionality, and WordPress does not have any privacy policy protecting this information. In a thread about the issue, lead developer Matt Mullenweg defends his actions and staunchly refuses to add an opt-in interface, telling users to 'fork WordPress' if they aren't willing to put up with this behavior." Update: 09/25 17:52 GMT by KD : This article is misleading enough to be called "just wrong." Matt Mullenweg writes: "As mentioned in our release announcement, the update notification sends your blog URL, plugins, and version info when it checks api.wordpress.org for new and compatible updates. It does not include $_SERVER dumps, or any settings beyond version numbers (for checking compatibility), or your blog name, or your credit card number. We do provide a way of disabling this feature; in fact I link to one of the plugins in the release announcement and in my original response to Morty's thread."
fork (Score:3, Interesting)
Consider it done.
well (Score:5, Interesting)
and wordpress isn't that complicated that this is something that no one but the most hard core will do. tons of wordpress users regularly go in and tweak it for their own uses. i haven't moved to this new versions with my site yet - i always wait a bit for things to shake out, and stuff like this is why. when i do upgrade, i'll just fix my install.
Pyblosxom (Score:5, Interesting)
- its really light and fast
- I can edit posts in a text editor rather than a web based interface
- its in Python and very easy to customise
- theming far simpler, just rip your HTML template into a header and footer, rather than having to make 12 files with Wordpress.
Plug over... Move along...
Basically, go fork ourselves? (Score:1, Interesting)
My thought is that though information wants to be free, my information wants to be more private, so any software that blatantly violates my privacy rights tends to not get or stay installed on my workstation.
Re:Guys, the information is all really essential.. (Score:3, Interesting)
It isn't what information they are looking at but how. If they want the information and it will make the software better, fine, but do they really have to go about it in such a sneaky and under-handed way? Even Microsoft allows you to control how your system is updated (I never let it run automatically; I prefer to know what it's trying to put on my system.). As to the "fork" comment, while I thin the generic blogging community will be clueless and have no idea what this is all about, this will drive the OSS community to develop a better version and they will wish the phrase had never been uttered.
Alternatives, in that case? (Score:5, Interesting)
Anyway, i googled and found this link:
http://www.mitchelaneous.com/2007/09/19/9-wordpress-alternatives/ [mitchelaneous.com]
Now, my question is - how secure are they for you, sethawoolley? Which one would you choose?
Re:Surprised/ (Score:3, Interesting)
This is likely to occur in version 2.3.1. In fact, I'm advocating [wordpress.org] for just such a change, in true Open Source fashion.
The problem here is less one of malice and more one of poor timing. The WordPress project has been trying to stick to a rigorous, rigid schedule for releases (see: Fedora Project, Ubuntu, etc.) and this issue cropped up about 1.5 days before release. You can argue that the release should have been held up (some on the mail thread did so) to put in this change, but Matt & Co. at Automattic, the ones with the keys to the candy store, decided to hew to the previously agreed-upon timeline.
It's not the decision I would have made, were I the "decider", but it is what it is.
As for me, I'll keep agitating to make it opt-in.