I just discovered that, when you update a plugin, theme, or the WordPress core, from WordPress v3.8.2 extra statistics data is now sent back to WordPress.org.
I just fixed a bug yesterday with the Shield Security plugin. It was one that took a bit of digging and revealed what is, I feel at least, to be a Privacy issue with WordPress.org.
There would already be a lot of data collected when your site does an update check… and currently there doesn’t seem to be a lot of extra data explicitly collected, but the question I have … is where does it end?
Privacy: Data mining and your right to say no to it
As a WordPress.org plugin developer you have a set of guidelines by which you must abide.
This is fair enough, of course.
One of these stipulations is:
No unauthorized collection of user data. For example, sending the admin’s email address back to your own servers without permission of the user is not allowed; but asking the user for an email address and collecting if they choose to submit it is fine. All actions taken in this respect MUST be of the user’s doing, not automatically done by the plugin.
Now, what I’m going to outline later isn’t actually “user data”, but rather “usage data”.
By now we’re all familiar with programs that you install on your computer that have a small, though normally barely visible, check-box that says something along the lines of:
Help Us Improve X: Let us collect anonymous usage data and statistics so we can improve X and better serve you.
In principle, there’s absolutely nothing wrong with it and we may add this to the WordPress Simple Firewall plugin so we can learn which features are most widely used and where we need to focus our efforts.
But of course, you’ll always have the choice to opt-in or out of that. That is fair, and we wouldn’t offer such a choice just because WordPress.org stipulates it.
However…
It’s become increasingly clear to me as I was fixing this problem, that WordPress.org is collecting large amounts of non-anonymous usage data on every single site you run. Sure… if you want updates and all the perks that go with phoning home to WordPress.org, you can’t help that.
You get what you pay for.
However, it would seem that explicit collection of certain statistics falls outside of implicit data collection. There is nowhere that states on your WordPress site that you agree to the collection of this data, and which data, by WordPress.org.
Alarming Signs
It’s concerning that there is:
- NO clear and definitive documentation of what data they are mining/collecting.
- NO clear opt-in or opt-out option for any of these data.
Even more alarming is the nature of the latest data mining introduced in WordPress v3.8.2.
There has been no “public” mention of the new additions and that they’re now collecting more statistics data. The upgrade from WordPress 3.8.1 to WordPress 3.8.2 introduced at least 2 new statistics gathering efforts – plugins and themes updates’ successes.
Is that what WordPress point/patch releases are for?
And the more serious point to note here is that since WordPress 3.7, upgrades to patch releases is automatically enabled for everyone. So if you’re on WordPress 3.8.1, your site will have installed WordPress 3.8.2 and all its changes (security updates or otherwise) without you having a say in the matter.
Is that cool?
Some may say “It’s all open source, go read it and find out for yourself!”. If that’s a counter-argument to a lack of documentation in this area, you may as well take down codex.wordpress.org since we can all go to the source anyway.
Is this really a privacy concern?
That’s up to you to decide.
Personally, collection of this sort of data doesn’t bother me really. If it helps, great! I’m all for sharing usage data like that.
But being more than 2 years old affords me enough emotional intelligence to tell me that not everyone will agree with me.
What is a most disconcerting is the lack of transparency about what is being collected and of course the glaring lack of opt-in / opt-out.
Sure… people will give WordPress a free pass for many reasons – it’s “WordPress” after-all, and many folks will have naked pin-up pictures of WordPress on their walls regardless of whatever they do.
But again, personally, I don’t like it in principle and what it represents.
Is your privacy under threat here? No… highly doubtful
Is it worth discussing this approach to data and statistics gathering? Absolutely, yes.
There is no reason why 1 group of people are subject to certain rules while others are not.
What are your thoughts?
I’d be interested to hear other people’s thoughts on this.
Perhaps I’m raising a point that absolutely no-one cares about, or maybe I should include something within the Shield Security plugin to strip this sort of data collection wherever it is found?
That would involve much more digging to find out what exactly is being collected.
I dunno… tell me what you think.
I think this is a concern. A large dose of transparency on the part of wordpress.org would have gone a long way to alleviate concerns. Yes, definitely there should be an opt-in/out process. When this becomes more widely-known, I think we’re going to see a small cottage-industry around stripping out those data…
We’re considering adding this data-stripping feature to the WordPress Simple Firewall or iControlWP itself. Not quite sure yet..
Interesting. Maybe submit a bug/feature report asking for an option to disable this reporting. Looks like they are not following their own policies. I tweeted Matt, to see if he can shed some light on this.
Hey Viktor,
My feeling is that this issue will go unchecked and ignored. Unless you can justify why you would not want your data sent, it’ll be left as-is.
This is the way of things when large organisations take the lead in a given space. They make the rules, and since you’re beholding to the new “standard” like everyone else, you must suck it up.
Why are there no options within WordPress to tweak automatic updates? Will there ever be? No. It’s all very self-serving, and unfortunately to speak out against highly popular fads like WordPress is akin to blasphemy, so people are reluctant to stand out.
But, this is the way of it for now until it creates a large enough backlash. Time will tell. 🙂
Cheers!
Paul.
Big concern. POPI (Privacy of Personal Information) acts are being promulgated all over the world, specifically to safeguard the individual and organization/s that collect individual information, whatever the nature of the information. Ultimately, the POPI act states that the individual should have a means to agree to information sharing, as well as what information is shared, and for what purpose, etc.
I believe strongly in the security regime to implement a set of security rules that gives the individual the option to release some, or all of its permissible information, and then also a method of checking what information has been shared, and with whom.
Absolutely right. I find this whole thing distasteful. I actually built a privacy module into the Shield to prevent collection of this data but never got it fully completed. Your comment has reminded me that this is actually quite an important issue that remains.
Thanks for your comments!