ClassicPress PetitionsClassicPress Petitions
This is a read-only archive. Post or comment on the live version of this page on our forums.

Remove tracking of data from ClassicPress sites

April 1, 2019 · 19:36 · Elisabetta Carrara (Emc2)
Description

As discussed in slack (about woocommerce tracking users sensible data) I would like to see removed unecessary data tracking from ClassicPress, such as:

https://github.com/ClassicPress/ClassicPress/blob/1.0.1+dev/src/wp-includes/update.php#L93-L94

I think we can just collect statistical data needed for serving updates/troubleshooting, in an anonymous way.

Also I would like to see the enforcing of rules limiting data plugins can collect.

#remove feature

Voters
+27 more
Discussion
James Nylen

Link to Slack discussion: https://classicpress.slack.com/archives/CCNEEH86P/p1554145386015600

I'm happy to remove these two specific values (blog and user count) at any time. We don't need them, and the queries that generate these numbers can actually be very slow on large sites.

>I think we can just collect statistical data needed for serving updates/troubleshooting, in an anonymous way.

Yes, this is exactly what we do.

We do need to be able to track active ClassicPress sites, along with the versions of ClassicPress, PHP, and MySQL the site is running. We also monitor for errors with the upgrade process. All of this is done anonymously without storing any personally identifiable information.

Rob

There is a difference between 'want' and 'need'. I run lots of software that does not need to call home. That should not be any different for a blog software, just because it is online.

William Patton

+1 for doing everything possible to minimise data collection and reduce the (perceived) need for mass telemetry tracking.

Jesse

> I think we can just collect statistical data needed for serving updates/troubleshooting, in an anonymous way.
> Also I would like to see the enforcing of rules limiting data plugins can collect.

Great goals on both counts.

In fact I'd suggest ClassicPress go further in its pledges -- not so much focused on being a "Business" CMS per se, but emphasizing:

  • non-profit / community driven
  • transparency of code / identity / maintainers / relationships / disclosure
  • pledges re: no favoritism / pay-to-play / backroom deals
  • pledges re: no tracking + strong privacy

Perhaps software like Mozilla could be a good role model.

For example, requiring real names and profile photos for anyone who contributes to the website code or Core code, etc. Imagine how many malware plugins could have been avoided at WordPress.org with such a policy. This is why privacy and transparency often go hand-in-hand...

That said, requiring plugin and theme authors to do XYZ is risky, because you alienate agencies who are trying to earn a living. You also alienate agencies who only offer their extensions via third party sites or homepages. So to be realistic, it might need to apply only to ClassicPress assets.