I just discovered that, when you update a plugin, theme, or the WordPress core, from WordPress v3.8.2 extra statistics data is now sent back to WordPress.org.

iControlWP WordPres Extra Stats Collection
Extra Stats Data Collection

I just fixed a bug yesterday with the Shield Security plugin. It was one that took a bit of digging and revealed what is, I feel at least, to be a Privacy issue with WordPress.org.

There would already be a lot of data collected when your site does an update check… and currently there doesn’t seem to be a lot of extra data explicitly collected, but the question I have … is where does it end?

Privacy: Data mining and your right to say no to it

As a WordPress.org plugin developer you have a set of guidelines by which you must abide.

This is fair enough, of course.

One of these stipulations is:

No unauthorized collection of user data. For example, sending the admin’s email address back to your own servers without permission of the user is not allowed; but asking the user for an email address and collecting if they choose to submit it is fine. All actions taken in this respect MUST be of the user’s doing, not automatically done by the plugin.

Now, what I’m going to outline later isn’t actually “user data”, but rather “usage data”.

By now we’re all familiar with programs that you install on your computer that have a small, though normally barely visible, check-box that says something along the lines of:

Help Us Improve X: Let us collect anonymous usage data and statistics so we can improve X and better serve you.

In principle, there’s absolutely nothing wrong with it and we may add this to the WordPress Simple Firewall plugin so we can learn which features are most widely used and where we need to focus our efforts.

But of course, you’ll always have the choice to opt-in or out of that.  That is fair, and we wouldn’t offer such a choice just because WordPress.org stipulates it.

However…

It’s become increasingly clear to me as I was fixing this problem, that WordPress.org is collecting large amounts of non-anonymous usage data on every single site you run. Sure… if you want updates and all the perks that go with phoning home to WordPress.org, you can’t help that.

You get what you pay for.

However, it would seem that explicit collection of certain statistics falls outside of implicit data collection.  There is nowhere that states on your WordPress site that you agree to the collection of this data, and which data, by WordPress.org.

Alarming Signs

It’s concerning that there is:

  • NO clear and definitive documentation of what data they are mining/collecting.
  • NO clear opt-in or opt-out option for any of these data.

Even more alarming is the nature of the latest data mining introduced in WordPress v3.8.2.

There has been no “public” mention of the new additions and that they’re now collecting more statistics data.  The upgrade from WordPress 3.8.1 to WordPress 3.8.2 introduced at least 2 new statistics gathering efforts – plugins and themes updates’ successes.

Is that what WordPress point/patch releases are for?

And the more serious point to note here is that since WordPress 3.7, upgrades to patch releases is automatically enabled for everyone.  So if you’re on WordPress 3.8.1, your site will have installed WordPress 3.8.2 and all its changes (security updates or otherwise) without you having a say in the matter.

Is that cool?

Some may say “It’s all open source, go read it and find out for yourself!”.  If that’s a counter-argument to a lack of documentation in this area, you may as well take down codex.wordpress.org since we can all go to the source anyway.

Is this really a privacy concern?

That’s up to you to decide.

Personally, collection of this sort of data doesn’t bother me really.  If it helps, great!  I’m all for sharing usage data like that.

But being more than 2 years old affords me enough emotional intelligence to tell me that not everyone will agree with me.

What is a most disconcerting is the lack of transparency about what is being collected and of course the glaring lack of opt-in / opt-out.

Sure… people will give WordPress a free pass for many reasons – it’s “WordPress” after-all, and many folks will have naked pin-up pictures of WordPress on their walls regardless of whatever they do.

But again, personally, I don’t like it in principle and what it represents.

Is your privacy under threat here? No… highly doubtful

Is it worth discussing this approach to data and statistics gathering? Absolutely, yes.

There is no reason why 1 group of people are subject to certain rules while others are not.

What are your thoughts?

I’d be interested to hear other people’s thoughts on this.

Perhaps I’m raising a point that absolutely no-one cares about, or maybe I should include something within the Shield Security plugin to strip this sort of data collection wherever it is found?

That would involve much more digging to find out what exactly is being collected.

I dunno… tell me what you think.