Spyware: Spyware is software that gathers information about a computer user, often without that person’s knowledge or consent. Spyware watches what users do with their computers (such as what websites they visit), and sends that information back to a central location (usually the company that produced the spyware). This information is often given to other companies, who then target the user for their advertisements. Especially bad spyware can gather information about email addresses, passwords, and even credit card information and transmit it to other companies. Spyware is often installed as bundled software. Under StopBadware.org’s guidelines, spyware is considered badware if it does not tell the user about the data that it will collect and how it will use that data.
I started using WordPress back around version 2.2 in 2007. Shortly after, WordPress 2.3 was released. This version of WordPress introduced the pre-cursor to automatic plugin upgrades in the form of plugin upgrade notifications. I thought this was an awesome feature but some in the community raised their eyebrows as they discovered the type of data that was being sent from WordPress to API.WordPress.org. Apparently, it was more than just version numbers. You can view the debate that took place around the privacy issues in September of 2007 here along with the corresponding ticket in Trac which has since been reopened by a community member.
Fast forward two years later and the privacy concerns have been raised again. Here is the data that WordPress sends back to API.WordPress.ORG in order to check for plugin, theme and core upgrades.
- Your IP
- Blog URL
- WordPress version
- PHP version
- Locale setting if there is one
- Plugin title, description, author – including all URL’s that form part of this.
- Full list of all plugins on your site, whether they are active or not.
This happens every 12 hours or when you load the plugin page if its been over 12 hours. The sticky point that some folks are arguing is that, the Blog URL should not be part of the information sent back rather just the IP address or some other unique identifier.
Matt has chimed in on the issue of disabling update checks with a response on the WordPress Hackers Mailing list that you can read here. Disabling update checks is a bad idea. It’s not the version number checks that are the problem, it’s the Blog URL that goes along with the checks that is the problem.
While there are plugins available that disable the ability for WordPress to phone home, one of the best ideas proposed thus far is by Chris Jean.
To me, the only solution for plugin updates is for the server to send what it has since any other option would be highly inefficient or very error prone. So, why not add the ability for a plugin to opt out of having its information included in the update request? This should only require a minimal change to the update code and won’t require any changes to the update servers.
I know other software programs give the end-user a chance to opt-in to data collection/usage statistics but with WordPress, it appears you opt in when you install and use the program and the software does not provide a way of opting out. Some have mentioned that the plugins which strip out the identifying information are equal to an opt-out mechanism but I disagree. When you think about it, the only thing a WordPress powered website needs to send for core, theme, and plugin updates are the version numbers. Everything else just makes up the bigger picture.
It’s pretty simple to me what needs to happen but all of the proposals thus far have met strong opposition that anything is wrong with the way things are currently.
Check marking the box would signify that the end-user has opted-in to the data being sent home. No check mark means that the end-user has opted-out. Opting out should not put those users at risk by not receiving plugin, core, theme upgrade notifications so the process of opting out means that only version numbers of those three things will be sent. If someone wanted to opt-in at a later date, the option could be added to the Privacy Options page in the backend of WordPress.
Thoughts, Ideas, Suggestions
I don’t think WordPress is anywhere close to being spyware but according to the definition of the term by StopBadWare.org, WordPress seems to perform a few of the things mentioned.
I think it’s easy to shrug off the privacy concerns that are being raised and call those people paranoid but the points I’ve seen being made for the ability to opt-out have been pretty good. I encourage you to continue the conversation here in the comments or in the following forum thread.