Make WordPress Core

Opened 10 years ago

Closed 9 years ago

#27626 closed enhancement (wontfix)

wp_check_browser_version() collects information for WP and potentially poses privacy concerns, also causes slow load time

Reported by: chrismcmacken's profile chris.mcmacken Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.8.1
Component: Administration Keywords:
Focuses: Cc:

Description

Not only does wp_check_browser_version() slow down load times in the admin panel, it also collects data about people using my site. I haven't been able to find anywhere saying that this sort of information is collected by api.wordpress.com on EVERY WordPress blog with no way to opt out, but if I missed that in the agreement please let me know.

Attachments (2)

disable-wp-check-browser-version.php (1006 bytes) - added by SergeyBiryukov 10 years ago.
disable-wp-check-browser-version.0.2.php (451 bytes) - added by SergeyBiryukov 10 years ago.
Simplified version

Download all attachments as: .zip

Change History (14)

#1 @chris.mcmacken
10 years ago

The data collected.

Site URL - via home_url()
UserAgent - via $_SERVERHTTP_USER_AGENT?
WordPress Version

#2 follow-up: @SergeyBiryukov
10 years ago

  • The function is only called in the admin to display a warning when using an old or insecure browser.
  • The request is made to api.wordpress.org, not api.wordpress.com, and the endpoint is open sourced.
  • The request is made once a week, I don't see why it would slow down page load.

#3 in reply to: ↑ 2 ; follow-up: @chris.mcmacken
10 years ago

Replying to SergeyBiryukov:

  • The function is only called in the admin to display a warning when using an old or insecure browser.

Why the function is called isn't relevant to my issue, it shouldn't need to dial home in the first place or I should be able to disable it.

My mistake.

  • The request is made once a week, I don't see why it would slow down page load.

The request is made every time I load the dashboard, this is on a stock wordpress install without any caching plugins.

#4 follow-up: @nacin
10 years ago

  • Keywords reporter-feedback added

Hi chris, sounds like you have something weird going on, then. The request is made once per week and stored in a transient in the DB. There are two reasons why the request may be happening every time:

  • Your user agent is changing on every request
  • Transients are not being stored persistently

If you have a wp-content/object-cache.php file, that would point to the second bullet.

#5 in reply to: ↑ 3 ; follow-up: @SergeyBiryukov
10 years ago

Replying to chris.mcmacken:

Why the function is called isn't relevant to my issue, it shouldn't need to dial home in the first place or I should be able to disable it.

I've attached a workaround plugin to disable it: disable-wp-check-browser-version.php.

#6 in reply to: ↑ 5 ; follow-up: @chris.mcmacken
10 years ago

Replying to SergeyBiryukov:

Replying to chris.mcmacken:

Why the function is called isn't relevant to my issue, it shouldn't need to dial home in the first place or I should be able to disable it.

I've attached a workaround plugin to disable it: disable-wp-check-browser-version.php.

First of all, thank you very much for the quick work around, that's great! However, I assume it would not be difficult to add an option to disable this in the WordPress core? I would be happy to submit a patch if this is something that would be considered. Since this is core wordpress functionality, it feels like the wrong solution to have to install a plugin just to disable it.

#7 in reply to: ↑ 4 @chris.mcmacken
10 years ago

Replying to nacin:

Hi chris, sounds like you have something weird going on, then. The request is made once per week and stored in a transient in the DB. There are two reasons why the request may be happening every time:

  • Your user agent is changing on every request
  • Transients are not being stored persistently

If you have a wp-content/object-cache.php file, that would point to the second bullet.

I do not have any object-cache.php file, and my user agent is not changing on every request. Any other ideas? It would be good to pinpoint this caching bug, if indeed that's what is causing it.

#8 @chris.mcmacken
10 years ago

  • Keywords reporter-feedback removed

#9 in reply to: ↑ 6 ; follow-up: @SergeyBiryukov
10 years ago

Replying to chris.mcmacken:

However, I assume it would not be difficult to add an option to disable this in the WordPress core?

Indeed, but it would go against the "Decisions, not options" philosophy.

So I guess a plugin is the only way to do it for now. BTW, I've attached a cleaner version, thanks to @Rarst for the Twitter challenge :)

#10 in reply to: ↑ 9 @chris.mcmacken
10 years ago

Replying to SergeyBiryukov:

Replying to chris.mcmacken:

However, I assume it would not be difficult to add an option to disable this in the WordPress core?

Indeed, but it would go against the "Decisions, not options" philosophy.

So I guess a plugin is the only way to do it for now. BTW, I've attached a cleaner version, thanks to @Rarst for the Twitter challenge :)

That's a good point, but after reading your philosophy I would argue that the entire feature goes against the "Clean, Lean, and Mean" philosophy. As it's only purpose for the end user is to tell them if they are using an outdated browser. Which is probably a lot less than 20% of your users, but I don't have your statistics to be certain.

Also, nice work on the cleaner plugin.

#11 @tszming
10 years ago

I agree with chris, if you cannot afford to make this feature configurable - just remove it, people will not feel surprised anyway.

#12 @chriscct7
9 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

No traction to remove. Against adding another UI element to disable this, and there's a filter that's already existing that can be used to disable it (as seen in plugin above). Closing as wontfix.

Note: See TracTickets for help on using tickets.