Earlier today I was banging around the various WordPress developer’s resources and the people involved with this new release and I was surprised to see a great deal of consternation over the new automatic WP core update and WP plugin update notification features, most notably the automatic plugin update notification feature.
Disclaimer: The following is for information purposes only. I personally don’t have a problem with the fact that the new update notifications in WordPress 2.3 sends basic information about my blog’s setup and the blog’s (home) URL to the WordPress servers no more than I care that my Windows XP PRO and most of my programs call home to momma now and then. I’m constantly leaving my blog’s URL all over heck and breakfast with every comment I leave, my plugins are public knowledge, my SEO score is 97%, why the heck would I care if WordPress phones home every now and then?
Anyway, here’s the complaints…
Why send the blog’s (home) URL?
The new update notification feature sends certain expected information back to the WP servers like your plugin’s version numbers, WP version, etc, but it also sends your blog’s (home) URL along with it and that’s where some folks that were following and/or involved with the project were taking exception. As of now the WP servers don’t do a thing with your blog’s URL and by what I’ve read, this is just in preparation for some possible new features that may show up in future WP versions. If they end up not using it, the blog’s URL will be removed from the information package. The point of the whole matter is that some consider the URL to be personal information, is not needed in the info anyway and that it should not be sent to WordPress and it’s servers along with the rest of the plugin data in the first place. The biggest beef being that along with the basic and expected data that is required in any type of auto update notification process, the inclusion of the blog’s home URL might open a gateway for hackers. This is not proven of course, just opinion.
Do they need to let you know about this?
The second argument I found was that currently there is no obvious disclaimer that that this info is being sent to WordPress.org’s servers nor what info is included. Of course anyone with the least bit of tech background at all or even longtime experience with running their blog on a WordPress install is going to realize that an auto update function for anything requires information of your existing setup to be sent to the update servers otherwise it wouldn’t work. But do they need to provide an obvious disclaimer stating this? Well, probably. If it was Microsoft or Google rather than WordPress, the entire world would be up in arms now wouldn’t it?.
The last complaint revolved around the fact that this update notification service is built into the core and you can’t turn it off via the admin and even others stated that it should be off as default with an “opt in”/”opt out” section in the admin so the user has a choice whether to have the auto update notifications and the information sent thereof turned on or off as they please.
Now if I remember correctly, there’s been a ton of posts over the past couple of months seen on various blogs from the pro’s to the personals that listed all the upcoming features of this new release including…this new plugin update notification feature. I don’t remember anyone complaining then.
And that’s it.
Like I stated at the beginning of this post, this new auto update notification feature and how it works simply doesn’t concern me in fact, I’m glad to have it. Saves me about an hour or so each weekend hunting down any new updates for my installed plugins and I wouldn’t turn this new feature off even if they provided an easy way for me to do so. I do believe however, that they should have let people know up front of the fact this version sends certain information back to the WordPress servers for the new plugins update notification feature. It’s just good press if nothing else. Other than that–I’m not worried about it.
By the way, this blog is now running on the just newly released WP 2.3, my “plugins I use” page still lives at the top of my header image and you all know my blog’s URL. So this is a problem?
What do you think?
Update: As of this morning, the official announcement of WordPress 2.3 includes in it’s new features write up, an announcement of the new update notification functions and the information sent to the new
api.wordpress.org service that bounces this info against the plugin database which then lets you know if there are any new versions available. I’ll tip my hat to the folks at WordPress for being up front about it. Now let’s see how many requests come in for an “opt out” feature added to the next release.