Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Privacy Software

WordPress 2.3 Does Not Spy On Users [UPDATED] 229

Marilyn Miller writes "Popular open-source blogging engine WordPress has been upgraded to 2.3 — with some unexpected nasties in the mix. As of version 2.3, WordPress now periodically (every 12 hours) sends personally identifying information (blog name & URI) to the mothership, along with an alarming amount of information including $_SERVER dumps, a list of installed plugins, and your current PHP/MySQL settings. Most unfortunately, it does not provide any way of disabling this functionality, and WordPress does not have any privacy policy protecting this information. In a thread about the issue, lead developer Matt Mullenweg defends his actions and staunchly refuses to add an opt-in interface, telling users to 'fork WordPress' if they aren't willing to put up with this behavior." Update: 09/25 17:52 GMT by KD : This article is misleading enough to be called "just wrong." Matt Mullenweg writes: "As mentioned in our release announcement, the update notification sends your blog URL, plugins, and version info when it checks for new and compatible updates. It does not include $_SERVER dumps, or any settings beyond version numbers (for checking compatibility), or your blog name, or your credit card number. We do provide a way of disabling this feature; in fact I link to one of the plugins in the release announcement and in my original response to Morty's thread."
This discussion has been archived. No new comments can be posted.

WordPress 2.3 Does Not Spy On Users [UPDATED]

Comments Filter:
  • fork (Score:3, Interesting)

    by rodentia ( 102779 ) on Tuesday September 25, 2007 @12:43PM (#20745121)
    telling users to 'fork WordPress'

    Consider it done.
  • well (Score:5, Interesting)

    by stoolpigeon ( 454276 ) * <bittercode@gmail> on Tuesday September 25, 2007 @12:46PM (#20745163) Homepage Journal
    one way to disable it is to go into the code and remove the offending portion. couldn't be that hard to do. and once somebody does it and posts instructions, it gets even simpler. no reason to fork the project.
    and wordpress isn't that complicated that this is something that no one but the most hard core will do. tons of wordpress users regularly go in and tweak it for their own uses. i haven't moved to this new versions with my site yet - i always wait a bit for things to shake out, and stuff like this is why. when i do upgrade, i'll just fix my install.
  • Pyblosxom (Score:5, Interesting)

    by Marcion ( 876801 ) on Tuesday September 25, 2007 @12:47PM (#20745173) Homepage Journal
    Well if anyone is looking for an alternate upgrade path, I 'upgraded' my blog from Wordpress 2.2 to Pyblosxom and am really enjoying using it:
    - its really light and fast
    - I can edit posts in a text editor rather than a web based interface
    - its in Python and very easy to customise
    - theming far simpler, just rip your HTML template into a header and footer, rather than having to make 12 files with Wordpress.

    Plug over... Move along...

  • by CodeShark ( 17400 ) <{ellsworthpc} {at} {}> on Tuesday September 25, 2007 @12:47PM (#20745189) Homepage
    Gladly. The arrogant attitude shown by these developers gives me not only a reason to think about how to fork the code, but the reasons we as a community should fork the code as soon as possible.

    My thought is that though information wants to be free, my information wants to be more private, so any software that blatantly violates my privacy rights tends to not get or stay installed on my workstation.

  • It isn't what information they are looking at but how. If they want the information and it will make the software better, fine, but do they really have to go about it in such a sneaky and under-handed way? Even Microsoft allows you to control how your system is updated (I never let it run automatically; I prefer to know what it's trying to put on my system.). As to the "fork" comment, while I thin the generic blogging community will be clueless and have no idea what this is all about, this will drive the OSS community to develop a better version and they will wish the phrase had never been uttered.

  • by Spy der Mann ( 805235 ) <spydermann.slash ... minus cat> on Tuesday September 25, 2007 @01:44PM (#20746039) Homepage Journal
    Wow - to think that such a popular blogging engine is so flawed...

    Anyway, i googled and found this link: []

    9 WordPress Alternatives

    September 19, 2007 at 7:16 am Web Development

    No doubt that WordPress is the king of the hill when it comes to content management these days. It seems like in a lot of people's eyes they can do no wrong. There have to a few other choices out there though right?

    Now don't get me wrong, I am totally happy with Wordpress - but, there are several cool alternatives that might be worth checking out for your next web project.

    Drupal - Drupal is a little more of a WordPress on steroids. Lots of goodies and better membership system in place too.

    AJAXPress - A little buggy by looking at the demo but will become a better idea once it has had more time to get polished.

    Textpattern - Flexable and open source blogging solution - much of the same WordPress look and feel.

    Serendipity - This is a PHP-powered weblog application which gives the user an easy way to maintain a weblog or even a complete homepage.

    Joomla - Like Drupal, might be too feature rich for the casual blogging fan - but a good engine for in depth web sites or basic blogs.

    b2evolution - An old one, but still a good one - and can hold it's own weight still with the other selections out there.

    Simplog - Simple, yet powerful - the name says it all here. You want basics without the fluff - go with Simplog.

    Wikiblog - This one tries to mix the blogging and wiki sides of things into an interesting mashup of content creation.

    Sblog - Another one similar to WordPress, looks like it is playing catchup too. Once it gets there though, might be worthy competition.

    There you have it - nine other tools you can use to get your content published and your articles out there to the world. Have one I missed?

    Now, my question is - how secure are they for you, sethawoolley? Which one would you choose?
  • Re:Surprised/ (Score:3, Interesting)

    by ZaMoose ( 24734 ) on Tuesday September 25, 2007 @01:44PM (#20746047)

    Why should someone have to install a plug-in to disable BASE FUNCTIONALITY? Shouldn't that be part of the base code?

    This is likely to occur in version 2.3.1. In fact, I'm advocating [] for just such a change, in true Open Source fashion.

    The problem here is less one of malice and more one of poor timing. The WordPress project has been trying to stick to a rigorous, rigid schedule for releases (see: Fedora Project, Ubuntu, etc.) and this issue cropped up about 1.5 days before release. You can argue that the release should have been held up (some on the mail thread did so) to put in this change, but Matt & Co. at Automattic, the ones with the keys to the candy store, decided to hew to the previously agreed-upon timeline.

    It's not the decision I would have made, were I the "decider", but it is what it is.

    As for me, I'll keep agitating to make it opt-in.

How many NASA managers does it take to screw in a lightbulb? "That's a known problem... don't worry about it."