Make WordPress Core

Opened 2 months ago

Closed 2 months ago

Last modified 2 months ago

#62377 closed enhancement (duplicate)

Remove telemetry from update.php

Reported by: ianatkins's profile ianatkins Owned by:
Milestone: Priority: normal
Severity: normal Version: 6.6.2
Component: Upgrade/Install Keywords:
Focuses: privacy Cc:

Description

Why is the install URL, user counts and additional information being sent to WordPress.org:
https://core.trac.wordpress.org/browser/trunk/src/wp-includes/update.php#L199

I don't think it's obvious this behaviour happens and exposes what would have been considered private installs ( Intranets, non public sites, locally developed install's etc ).

I can't find any history as to why that is there, besides discussion of privacy concerns that were ignored on the ticket below regarding adding user counts:
https://core.trac.wordpress.org/ticket/12672

What purpose does it serve? If it serves a purpose where and how is the data logged, and what security measures are in place to keep the data secure?

Given GDPR, if this is to be retained, there should be an obvious consent checkbox when installing WordPress ( the site install URL could contain PIP and you have no way of knowing ).

It is also unclear who controls the data that is being sent. Presumably it is Matt in a personal capacity as the owner of wordpress.org and Matt is the DPO ( data protection officer )? If the wordpress.org server is located in the US, then for EU installs there is also a data transfer to consider.

I think this should be a process based on consent, if being retained, or the data anonymised if it's being used for internal metrics.

Would appreciate some clarity on the purpose and usage.

Change History (2)

#1 @desrosj
2 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

This is pretty closely related to #43492, which also has some context around how these values are used.

#2 @ianatkins
2 months ago

Interesting reading, especially the brevity of Matt's reply on a meeting note:
https://make.wordpress.org/core/2009/12/10/suggest-agenda-items-for-dec-17th-dev-ch/#comment-1042

Seems no one in that ticket is quite sure who actually controls the data. There is some suggestion it's Automattic Inc?

There is this, now archived GIST, listing what is logged - whether that remains current.
https://github.com/wordpress-privacy/info/blob/master/v1archive/Synched-info.md

Seem's whomever controls api.wordpress.org is non-compliant in terms of GDPR ( and probably other privacy frameworks ) and will remain at risk of enforcement.

Further clarity would be appreciated.

Note: See TracTickets for help on using tickets.