Slashdot Mirror

← Back to Stories (view on slashdot.org)

WordPress 2.3 Does Not Spy On Users [UPDATED]

Posted by kdawson on from the if-you-don't-like-it-fork-it dept.

Marilyn Miller writes "Popular open-source blogging engine WordPress has been upgraded to 2.3 — with some unexpected nasties in the mix. As of version 2.3, WordPress now periodically (every 12 hours) sends personally identifying information (blog name & URI) to the mothership, along with an alarming amount of information including $_SERVER dumps, a list of installed plugins, and your current PHP/MySQL settings. Most unfortunately, it does not provide any way of disabling this functionality, and WordPress does not have any privacy policy protecting this information. In a thread about the issue, lead developer Matt Mullenweg defends his actions and staunchly refuses to add an opt-in interface, telling users to 'fork WordPress' if they aren't willing to put up with this behavior." Update: 09/25 17:52 GMT by KD : This article is misleading enough to be called "just wrong." Matt Mullenweg writes: "As mentioned in our release announcement, the update notification sends your blog URL, plugins, and version info when it checks api.wordpress.org for new and compatible updates. It does not include $_SERVER dumps, or any settings beyond version numbers (for checking compatibility), or your blog name, or your credit card number. We do provide a way of disabling this feature; in fact I link to one of the plugins in the release announcement and in my original response to Morty's thread."

3 of 229 comments (clear)

  1. well by stoolpigeon · · Score: 4, Interesting

    one way to disable it is to go into the code and remove the offending portion. couldn't be that hard to do. and once somebody does it and posts instructions, it gets even simpler. no reason to fork the project.
     
    and wordpress isn't that complicated that this is something that no one but the most hard core will do. tons of wordpress users regularly go in and tweak it for their own uses. i haven't moved to this new versions with my site yet - i always wait a bit for things to shake out, and stuff like this is why. when i do upgrade, i'll just fix my install.

    --
    It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
  2. Pyblosxom by Marcion · · Score: 4, Interesting

    Well if anyone is looking for an alternate upgrade path, I 'upgraded' my blog from Wordpress 2.2 to Pyblosxom and am really enjoying using it:
    - its really light and fast
    - I can edit posts in a text editor rather than a web based interface
    - its in Python and very easy to customise
    - theming far simpler, just rip your HTML template into a header and footer, rather than having to make 12 files with Wordpress.

    Plug over... Move along...

    --
    My little Linux and tech blog
  3. Alternatives, in that case? by Spy+der+Mann · · Score: 4, Interesting
    Wow - to think that such a popular blogging engine is so flawed...

    Anyway, i googled and found this link:

    http://www.mitchelaneous.com/2007/09/19/9-wordpress-alternatives/

    9 WordPress Alternatives

    September 19, 2007 at 7:16 am Web Development

    No doubt that WordPress is the king of the hill when it comes to content management these days. It seems like in a lot of people's eyes they can do no wrong. There have to a few other choices out there though right?

    Now don't get me wrong, I am totally happy with Wordpress - but, there are several cool alternatives that might be worth checking out for your next web project.

    Drupal - Drupal is a little more of a WordPress on steroids. Lots of goodies and better membership system in place too.

    AJAXPress - A little buggy by looking at the demo but will become a better idea once it has had more time to get polished.

    Textpattern - Flexable and open source blogging solution - much of the same WordPress look and feel.

    Serendipity - This is a PHP-powered weblog application which gives the user an easy way to maintain a weblog or even a complete homepage.

    Joomla - Like Drupal, might be too feature rich for the casual blogging fan - but a good engine for in depth web sites or basic blogs.

    b2evolution - An old one, but still a good one - and can hold it's own weight still with the other selections out there.

    Simplog - Simple, yet powerful - the name says it all here. You want basics without the fluff - go with Simplog.

    Wikiblog - This one tries to mix the blogging and wiki sides of things into an interesting mashup of content creation.

    Sblog - Another one similar to WordPress, looks like it is playing catchup too. Once it gets there though, might be worthy competition.

    There you have it - nine other tools you can use to get your content published and your articles out there to the world. Have one I missed?


    Now, my question is - how secure are they for you, sethawoolley? Which one would you choose?