search

Automattic / vip-block-data-api

WordPress plugin that provides an API to retrieve Gutenberg content as structured JSON.
http://wpvip.com
GNU General Public License v3.0
103 stars 7 forks source link

Privacy Analytics on by default for everybody and can't be turned off #39

Closed tomjn closed 1 year ago

tomjn commented 1 year ago

Describe the bug

The plugin phones home on every use, doesn't share a privacy policy, uses a wp.com tracking pixel to perform this with no mention of it in the readme, and provides no constants/filters/settings to control this.

To Reproduce

Use the plugin

Expected behavior

Actual behavior Other than a brief mention in the readme there's no details on how it does it, where the data goes, or how to disable it

Block Data API URL

*

Version of the plugin

1.0.1

Additional context

I understand if you want this always on while used on the VIP platform where you're protected by a literal contract, that makes sense.

I do know though that although you're sending the data from PHP, protecting the visitor to the site, you're still exposing information about the host, which can be problematic. Staging environments for unlaunched sites, personal machines, etc.

Nevermind GDPR compliance, it's an unnecessary risk. Making it opt in eliminates all the risk, I'd settle for a simple filter or constant and a link to the wp.com privacy policy in the readme

alecgeatches commented 1 year ago

@tomjn I agree with what you've stated above. We do have a README Analytics section explaining analytics use, but as you mentioned there is no opt-in/out option or privacy policy. The analytics were originally designed for beta usage (as the only identifiable information we collect is the VIP site ID, if present) and we haven't addressed this since public release. We should fix the analytics implementation.

ingeniumed commented 1 year ago

We have turned off usage tracking for non-vip sites, as well as linked our privacy policy for vip sites in the README. We are also planning to add a filter for VIP sites to opt out of analytics as well.

As a result, this issue should be good to close?

tomjn commented 1 year ago

It will do, if you want perfection though you should mention it uses wp.com pixels as although you/VIP only send 2 data points, wp.com might store additional data based on the IP as a result of different product decisions. That could result in data being stored that is not mentioned here.

I don't expect VIP to be able to keep up with that and babysit .com divisions privacy changes but if you link to their privacy policy you don't have to.