Which of my blog and personal data is being transfered when WordPress automatically checks for updates?

I’m generally concerned about privacy and I’ve heard that with each contact to the WordPress API for update checks and similar a lot of my blogs data is being transfered.

To get a better impression, I’d like to more specifically know which data is being transfered and when.

What’s done with the information and who has access to the information? How long is it stored?

I found no information about that in the packages readme nor on the worpdress.org website so far.

2 s
2

This does not answer the question in specific, but those are some resources regarding the question (feel free to add stuff).

Blog Articles and Discussions

  • Who is WordPress talking to? (Interconnect IT, 07 March 2011)
  • What Data Does WordPress Send Back to the Mothership (Lynne Pope; 14 Dec 2009)
  • Is WordPress Spyware? (Jeff Chandler; 10 Dec 2009)
  • WordPress Tavern Forums: WordPress and phone home (Started 7 Dec 2009)
  • wp-hackers Mailinglist: Revisiting phone home and privacy (Started 7 Dec 2009)
  • WordPress 2.3 Does Not Spy On Users [UPDATED] (Slashdot; 25 Sep 2007)
  • WP, phone home (24 Sep 2007)

  • wp-hackers Mailinglist: Plugin update & security / privacy Options (Started 23 Sep 2007)

WP core resources and Trac Tickets

  1. WordPress.org Privacy Policy
  2. Trac tickets
    • Ticket #16818 – Akismet should suggest user to check current legal situation regarding data protection
    • Ticket #16778 – wordpress is leaking user/blog information during wp_version_check()
    • Ticket #12672 – Provide Multisite stats to api.wordpress.org
    • Ticket #5066 – Anonymize update checking
    • Ticket #5065 – Unify User-Agent strings
  3. Core code snippets
    • trunk/wp-includes/update.php

Code Stubs

  • Mark Jaquith’s demo-plugin how to exclude a plugin from API version check (15 Dec 2009)

Questions regarding Akismet, Facebook and other Add-Ons alike that deal with personal data

  • Blogs making use of third-party tools should check the current legal situation regarding data protection while making a third-party dealing with user-input.
  • Can you as a blog owner ensure that you can fulfill your blogs users rights on their data? Like document to whom you sent their data and how to deal with deletion requests on your behalf?

International/Country specific Resources and Pointers

  • DE: Rechtswidrig: WordPress.com-Stats Plugin als Trojaner für Werbetracker
  • DE: WordPress.com-Stats (Plugin/Jetpack/Blogs) datenschutzkonform nutzen (mit Muster der Datenschutzerklärung)

Leave a Comment