Angela Byron wrote:
>
>
> It's true that it always has been, but as of the code
in HEAD right now,
> it's (currently) not.
>
> a) update.module is enabled by default, making this
"opt-out" rather
> than "opt-in."
> b) It sends off an md5 hash of the site URL and a
private key variable
> with each request, the frequency of which is determined
by a setting
> (defaults to daily). There is no personally
identifiable information in
> this md5 string, and it is used as a key for checking
update status.
> c) It is possible to "opt-out" of this
behaviour, but the only way is to
> disable update.module altogether. The option in the 5.x
update status
> module was removed for the core inclusion, per Dries.
>
> I think due to this being a security tool, it makes
complete sense for
> this to be opt-out, rather than opt-in. Is the lack of
ability to
> prevent sending the md5 hash enough to get us in
trouble with privacy
> watchdogs? I'm not sure.
>
> -Angie
>
I believe IP addresses are personally identifiable
information,
especially where the site is configured on a dedicated box.
I would
prefer to opt-in (and I will).
If nothing else, the administrator logging in, going to
modules, and
activating the update module lets them know Drupal does
phone home from
that module and they can do the reading in the docs to find
out how
exactly it does and decide on their own. Then phoning home
is not
shocking news to get people all in a panic about.
|
