noxonsu
commented
2 years ago нужно по умолчанию держать левые блокчейны типа ghost и т.п. отключенными, убрать сендпульс и прочие, по максимуму юзать rpc
Open noxonsu opened 2 years ago
noxonsu
commented
2 years ago нужно по умолчанию держать левые блокчейны типа ghost и т.п. отключенными, убрать сендпульс и прочие, по максимуму юзать rpc
noxonsu
commented
2 years ago при загрузке админу указать комментарий.
Sending debug data is now optional (disable by default), API keys to infura can be changed in the admin panel, defipulse removed. The description of all the endpoints is added to the readme.
Disti4ct
commented
2 years ago дефипульс убран. Использовали для запроса цены на газ. Сейчас запросы к рпс
noxonsu
commented
2 years ago
Your plugin has been closed as it has been found to be in violation of the directory guidelines, found here:
https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/
In specific, your plugin is tracking users without clear opt-in consent.
https://wordpress.org/plugins/multi-currency-wallet/
What to do next
We understand that this is frustrating to hear, and that having your plugin closed is never a great day. To help restore your plugin as quickly as possible, you are required to do the following:
Remove all non-optional tracking code Perform a full security and standards review on your own code Increase the plugin version Ensure the 'tested up to' version in your readme is the latest release of WordPress Update the code in SVN Reply to this email and request a re-review
If you feel this decision was made in error, you please reply to this email and explain why.
Plugins are closed immediately and the developer contacted when this happens, in part because we have an imperfect system of notifications. This means until your plugin is corrected to meet our guidelines, we will not reopen it.
When we re-review your code we will look at not just the changes, but the entire plugin, so there may be a delay.
Why this is a violation
We do not permit plugins to track users of their code without the tracking being 100% optional, and turned off by default. We feel strongly about the privacy of plugin users, and by that standard, they should not have their actions recorded.
Furthermore, even just contacting your own servers without disclosure and consent is a GDPR and EU Privacy violation. In the United States, California has already instituted a law related to these. By not allowing your users to opt-in to sending data to or pulling information from your servers, you put yourself in severe legal jeopardy which we will not be able to protect you from.
Your plugin sends back data usage to https://noxon.wpmix.net/counter.php?msg="+encodeURI(msg)
While you claim there's no 'private' data, the reality is that by sending data AT ALL, without express and clear OPT IN consent, you have violated our guidelines.
In addition, looking at your plugin, your readme fails entirely to properly document that you use these services:
https://mainnet.infura.io/v3/5ffc47f65c4042ce847ef66a3fa70d4c https://www.blockchain.com/btc https://live.blockcypher.com/ https://etherscan.io https://ghostscan.io https://explore.next.exchange https://horizon.stellar.org https://api.blocktrail.com/v1/BTC https://data-api.defipulse.com/api/v1/egs/api/ethgasAPI.json?api-key=53be2a60f8bc0bb818ad161f034286d709a9c4ccb1362054b0543df78e27 https://api.bitcore.io/api/BTC/mainnet https://next.swaponline.io/mainnet https://api.blockcypher.com/v1/btc/main" https://noxon.wpmix.net
And? Some of those have API keys in public. We checked DefiPulse and while they don't expressly state each individual human needs their OWN API key, they do limit keys heavily to the point that if you have more than 1000 users, your code will start costing you money.
Not to mention you can track the API usage on your own, which again is illegally tracking users without permission or consent.
Please either remove the code for tracking or change to be an opt-in feature of your code.
If you have any questions, please let us know.