WordPress and phone home

[Elpie]

I've been sitting on a blog post since last week and hit the publish button today. I hadn't posted it earlier, hoping that the discussion on wp-hackers would lead to a change of heart with the WordPress core and that there would be no need to take anything out to the wider web.

The post gives all the options I know of for preventing data being sent back to WordPress.
http://lynnepope.net/wordpress-privacy

[chipbennett]

The (im)maturity of Matt Mullenweg

So, in response to my suggestion for the upcoming dev chat, requesting disclosure of the api.wordpress data collection/retention policy, this was Matt's response:

The data is retained forever. In addition to every theme and plugin, we’ve developed an algorithm to figure out what blood type you are by the PHP and MySQL version. Plugin data has proved surprisingly useful when paired with spidering your blog posts because by the TV shows you talk about we guess your age and then whether you say “soda” or “pop” tells us your location and bing we have your social security number.


That makes the data super easy and profitable to sell, which we do. Or rather, did. The main customers buying the plugin/SSN information were some insurance company AIG and Lehman Brothers (sp?) who used it to tweak credit tranches but… apparently that didn’t work or something? Anyway congrats to all the Akismet and All-in-one-SEO users who bought a house last year!


The not-so-secret plan (I talked about it at WordCamp SF!) is to use the data to predict which plugins are going to become popular before they become popular so we can replace the core team including myself with a script that just auto-merges plugins into core (and removes whitespace from the end of lines).


Oh, and don’t worry about the organ donor checkbox in 3.0, my liver is probably going to last at least until I’m 28.

I'm sorry, but ending such an immature response with an emoticon does not make it any better - especially given that Matt has yet to respond in any serious manner.

If the leader of the project that is responsible for collecting your data without your knowledge or consent has nothing other than the above to offer to a reasonable, straightforward request for disclosure, do you really trust him with those data in the first place?

How disappointing.

I'm not even going to respond. What's the point?

[Elpie]

Both on the Trac ticket and on WordPress Development Updates some are now talking about making the data available on the web. They will need to carefully filter this and anonymise it. The moment one single private plugin or theme gets listed legal action is likely to follow.

Not one user of WordPress has ever authorised this use.

[chipbennett]

And, by the way, here are the StopBadware.org guidelines, as applicable to WordPress:

General Definition of Badware:

I. General Definition of Badware

An application is badware in one of two cases:

1. If the application acts deceptively or irreversibly.
2. If the application engages in potentially objectionable behavior without:
   
   • First, prominently disclosing to the user that it will engage in such behavior, in clear and non-technical language, and
   • Then, obtaining the user’s affirmative consent to that aspect of the application.

Both categories of badware are defined in detail in Section III below. Proper disclosure and consent requirements are discussed in general terms in Section II and, for specific categories of bad behavior, in Section III.

Section III.E Software which transmits data to unknown parties:

E. Software Which Transmits Data To Unknown Parties

If an application collects or transmits personally identifiable information to anyone but the end user, or if an application collects or transmits information that could contain personally identifiable information (e.g., Internet usage), then this behavior must be properly disclosed and consented to as described below. In addition, wholesale keylogging or complete remote control are behaviors that always constitute badware and cannot be consented to.
Examples of behavior that may be consented to include:

1. Transmission of non-personally identifiable data
2. Transmission of data that may potentially be personally identifiable
3. Transmission of personally identifiable data

Examples of behavior which may not be consented to, and which always constitute badware include:

1. Transmission of keylogs or otherwise completely remote control software

Required disclosure for transmission of personally identifiable or potentially identifiable data. Prior to the first occurrence of any such collection or transmission, the application must:

• First, fully, accurately, clearly and conspicuously disclose:
  
  • the type of information collected (e.g., the user’s phone number),
  • the method of collection (e.g., by registration, etc.), and
  • the location of the privacy policy; and
• Then, obtain the end user’s affirmative consent to such collection and/or transmission.

Apparently, everyone at StopBadware (Google, PayPal, AOL, Mozilla, TrendMicro, Sunbelt Software) must be counted among the paranoid members of the Tin Foil brigade.

And, equally apparently, Matt Mullenweg needs to lay off the sauce before posting blog comments. We're talking about an important matter, and he's making jokes about organ donation. His liver may last until he's 28, but at this rate, the WordPress project might not.

[Brad]

Geez, what a response.
:-(

[Len]

I'm not impressed by Matt's response at all. Let me preface my posting by saying I really don't care about the whole data transmission/retention issue and was intentionally staying out of this thread until I read that response to Chip's post.

Although I have no problem with what WordPress is doing Chip and others have raised a valid concern and that response just reeks of a "brush off". A little tact and diplomacy can go a long way.

[Ryan]

Matt was just trying to be funny. Probably not the best situation to do it in though. I suspect he isn't aware of how ticked off a few people are about it around here.

I suspect the only way this will get through to the core team is if someone can come up with a sound legal argument as to why they have to do it. At the moment I don't really see any logical reason why they would, so I suspect a legal one will probably be necessary.

Either that or an obviously large number of users who are unhappy about this situation, but I can't imagine many people will care. I certainly don't.

[Len]

Matt was just trying to be funny.

I suspect you're right. Having never met him I have no idea what his personality is like. Humour may be his way of alleviating "tense" situations - I don't know. I also realize text is a poor medium to convey emotion. Having said that I still see that response as inappropriate to a concern that Chip and others feel strongly about.

[andreasnrb]

My biggest problem with all this is how people that want things disclosed and a way to opt out are treated. Its even bigger than the actual data problem. The insults and innuendos that people throw around are disheartening and its not good for any project.
Matt doesn't help by posting attempts at sarcasm it only fuels the insults and innuendos. Since now people got a "green light" from above to misbehave.

[PaulCunningham]

So basically this whole debate would not exist if the URL was hashed before it was transmitted?