WordPress Release Raises Privacy and Security Concerns

The latest release of WordPress was made public earlier today. Since I've stopped using WordPress I wasn't aware of it until I caught up with my RSS feeds a short time ago.

Whether the new release brings enhancements or new features won't really matter to anyone, as the new release brings with it a new "phone home feature":

Our new update notification lets you know when there
is a new release of WordPress or when any of the plugins you use has an
update available. It works by sending your blog URL, plugins, and
version information to our new api.wordpress.org service which then compares it to the plugin database and tells you what the latest and greatest is you can use.

Well it seems that it sends a lot more data back to WordPress than is actually necessary and the lead developer, Matt Mullenweg, doesn't seem to have a reasonable explanation for this.

There's a couple of posts about the issues this raises and a very long discussion of it on the a mailing list (worth reading!)
The key point being raised time and again is that people aren't given an option to opt-out of sending the data. It might also be seen as breaching EU privacy legislation according to one contributor.

UPDATE: You can disable the call home function via a 3rd party plugin. If you read the mailing list thread there's one or two options mentioned.

Related Posts:

, , , , ,

2 Responses to WordPress Release Raises Privacy and Security Concerns

  1. Robert Synnott September 26, 2007 at 10:31 am #

    To be precise, Matt says they don’t have a use for it now, but might in the future. Oh, joy…

  2. Michele Neylon September 26, 2007 at 3:36 pm #

    Yes. But what?
    Queue pregnant pause…..

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Powered by WordPress. Designed by WooThemes