WordPress and phone home

**andreasnrb** · 12-13-2009, 02:54 PM

Originally Posted by markjaquith

I object strenuously to having a UI option to disable update checks.

For what its worth what people want is a way to opt out of the collection not the updates. Updates can be made without sending all info that is currently sent.

**Jeffro** · 12-13-2009, 02:59 PM

I agree, that is a good idea. Something I sort of proposed in my post on weblogtoolscollection.com

First. Disclosure. One of the reasons this topic ballooned is because there was so much resistance to editing the privacy policy to add the data that was being sent from WordPress to API.WordPress.org. To me, that is so freaking easy to do but no one wants to do it. Is it because of a legal reason or what?

Second. Tell end users in that privacy policy why that data is collected, what it does, etc. After that explanation, add a sub section with links to plugins or information on how to opt out of the process. I agree that disabling update checks period is a dumb move. I think there could possibly be a separate discussion on the minimum information necessary in order to accurately do update checks. Then, opting out would just mean that those people could get upgrade notifications and such but they wouldn't be sending other statistical data.

Third. During the installation process, provide a mention that WordPress sends data to WordPress.api.org and for further information regarding what data this is, etc, provide a link to the privacy policy.

These three things seem like such common sense to do that it baffles me that they have met the type of resistance that they have. I still can't wrap my head around it.

**Ryan** · 12-13-2009, 04:48 PM

Well that settles a lot of things in my mind!

Thanks for the run-down on everything Mark :)

The Firefox privacy policy is also hosted on their own site, rather than in their application, so I assume what Chip had in mind was exactly what you are suggesting above, except with a reworded privacy policy outlining what is and isn't sent back to WordPress.org.

**Brad** · 12-13-2009, 05:02 PM

Much appreciated Mark.

So if I add:

define('WP_HTTP_BLOCK_EXTERNAL', true); // block external requests

to my wp-config.php file, that will stop "ALL" communications between WordPress and my blog?

Will it have any negative effect with non-related things like search engine spiders, etc?

**Ryan** · 12-13-2009, 05:08 PM

Originally Posted by Brad

.. that will stop "ALL" communications between WordPress and my blog?

Will it have any negative effect with non-related things like search engine spiders, etc?

I'm pretty sure it blocks all traffic bar those who are accessing either from within WordPress or perhaps from a local install. I'm not 100% sure on that though, I've never used it before. So if I'm right, no one would be able to access your site over the internet, including search engine spiders.

**Brad** · 12-13-2009, 07:03 PM

Then that method just won't work at all :-(

I'm more concerned about my client's privacy and I'm sure they would want their website in the search engines lol.

Originally Posted by Ryan

So if I'm right, no one would be able to access your site over the internet, including search engine spiders.

**Elpie** · 12-13-2009, 07:06 PM

Originally Posted by Brad

... that will stop "ALL" communications between WordPress and my blog?

Will it have any negative effect with non-related things like search engine spiders, etc?

I use this myself. It stops all external HTTP requests from the blog so prevents the update checks and the incoming RSS feeds. For me, its perfect - I've been removing the dashboard feeds for years. It also speeds up the backend considerably.

This has no effect at all on the frontend of the site. Everything functions as normal. Search engines etc are not affected at all by this.

The only BUT in using this is that some plugins require external HTTP requests. If, for example, you use a plugin that imports feeds into your content then this needs to be able to send out to the world to grab the feeds. So, the wp-config constant is ideal if you do not use backend external HTTP requests but shouldn't be used if you pull content in from the outside.

**Jeffro** · 12-13-2009, 07:44 PM

Hmm, why is it that when I wrote about this privacy stuff and data being sent from a WordPress install to api.wordpress.org and bla bla bla, that the response in anger was not overwhelming on Weblogtoolscollection. That site goes into the dashboard and of course, the title of the post I thought would raise some eyebrows. I thought there would be more fanfare regarding that post but in terms of comments, it never really took off.

I find it interesting that perhaps most people using WordPress simply don't care. I wonder why that is.

**Len** · 12-13-2009, 08:19 PM

I find it interesting that perhaps most people using WordPress simply don't care. I wonder why that is.

Very good question. I think most members of this forum are what we could call "advanced users" perhaps which is why the topic has generated more interest here.

It could be most casual users don't care. A more likely scenario is most casual users aren't aware of the situation. I realize the Dashboard contains RSS feeds including weblogtoolscollection but how many people pay attention to them. Personally, I have pretty well stripped my Dashboard of everything I consider unimportant, such as incoming feeds, incoming links blah blah blah.

**Ryan** · 12-13-2009, 08:23 PM

Originally Posted by Jeffro

I find it interesting that perhaps most people using WordPress simply don't care. I wonder why that is.

Because it makes absolutely no difference for 99.999% of them.

Personally I couldn't care less what information WordPress.org stores about me or my site setup.

Thread: WordPress and phone home

LinkBack

Thread Tools

Display

Posting Permissions