Michael Eriksson's Blog

A Swede in Germany

Posts Tagged ‘WordPress

Follow-up: Wordpress and more post-by-email distortions

leave a comment »

Looking at the actual results of the WordPress-spelling issue just mentioned, it seems that all-but-one occurrence of “Wordpress” were indeed turned into “WordPress”—the one that actually was in quotation marks.

This has the advantage that it does allow discussions of spelling and correct quoting of others statements; however, it does so at the cost of an inconsistent behavior, and a behavior that is highly unpredictable. To boot, it does not resolve the overall problem. The correct solution is and remains to keep all occurrences the way that the blogger actually wrote them.


Written by michaeleriksson

January 7, 2019 at 10:53 pm

Wordpress and more post-by-email distortions

with one comment

I have already written about how WordPress distorts quotation marks in “post by email” texts, and why this is idiotic. However, these are not the only artificial problems caused by WordPress. For instance, I have long noticed that line-breaks are often added or removed compared to the display of my HTML original, e.g. in the list entries in my recent blogroll update. Looking at the actual HTML code, I can see that WordPress has simply removed closing paragraph-tags (p) before a closing-listentry tag (li), which is very poor style. Not only does the result indisputably display differently* in my browser, but good code does not rely on implicit closures of that kind.

*Unlike in my original, very preliminary observations, when I first experimented with post-by-email. Then, I had mainly (or exclusively?) seen a removal of tags around the asterisks that I use for footnotes, which indeed did not seem to affect display. (At least in my browser and with the fonts used—there is always a risk that the situation is different in other circumstances.)

Another issue is that I write “Wordpress” (as I attempt here; let us see whether it is changed) with a small “p”, but that this somehow always turns out as “WordPress” (with a capital “P”). WordPress might have its own preferred spelling, but it has no right to impose it on me, especially since the word could conceivably refer to something else in some context (possibly, within a book by Jasper Fforde?). Certainly, there are a few* people who disapprove strongly of such unconventional casing, and imposing something that it disapproves of in such a manner would be doubly unethical—with strong parallels to a recent text on distortion of literary works. Or what about a text (e.g. this one) discussing the spelling, which is now unable to quote the word in variant forms? Or what about an attempt to quote something that someone else said, which simply did not use the preferred-by-Wordpress spelling?

*I am not one of them, but I have sufficiently strong opinions in other areas that I can sympathize and put myself in their shoes in this scenario.

Moreover: What guarantees do we have that no more insidious changes take place (or later will take place)? What if someone decides that words like “nigger” and “fuck” are to be auto-censored*, that all spelling be converted to U.S. conventions to suit the broadest spectrum of readers, or that all occurrences of “he” be automatically replaced by “they” to ensure PC conformity? Also note that there is no notification whatsoever as to what changes have been made, which leaves the blogger the choice between blind trust and entirely disproportionate checks and/or manual corrections.

*In the context of forums, such auto-censorship is relatively common, and often applied in an utterly idiotic manner. For instance, words like “analyst” can be turned into “****yst”, because the filters do not differ between a stand-alone “anal” and “anal” as part of a larger word with an entirely different meaning. (The question aside, whether “anal” is worthy of censorship in any context.) On the other hand, they are typically foiled by variations like “f*ck” or “F-U-C-K”, the censorship of which would be much less unreasonable (but still disputable!) than a plain-text “anal”.

This is all the more annoying, since one of the reasons that I use post-by-email is to avoid the extreme fuck-ups that WordPress causes through its GUI*.

*Cf. e.g. the current state of a text dealing with “Google’s ideological echo chamber”, where a post-by-email malfunction forced me to correct the text in the GUI—with very weird layout results. (Actually, this might be yet another example of consistent idiocy: I used the HR-tag, which has over-time been redefined from meaning “horizontal ruler” to “general content separator”. Because my original posting attempt was cut off exactly where the HR-tag was, I suspect that WordPress has imposed an even further going private semantic of “end of post”, which would yet again be an inexcusable meddling contrary to reasonable assumptions. However, I have made no further experiments with said tag in conjuncture with WordPress.)

The only reasonable solution is to respect the actual words and code of the blogger.

In order to avoid additional complications through possible WordPress interference, some of the above formulations are less explicit than they would be in another context, e.g. in that I speak of “paragraph-tags (p)” where I would normally have included an explicit tag example.

Written by michaeleriksson

January 7, 2019 at 10:31 pm

Wordpress and mangling of quotes

with one comment

Preamble: Note that the very complications discussed below make it quite hard to discuss the complications, because I cannot use the characters that I discuss and expect them to appear correctly. Please make allowances. For those with more technical knowledge: The entity references are used for what decimal Unicode-wise is 8220 / 8221 (double quotes) and 8216 / 8217 (single quotes). The literal ones correspond to ASCII/Unicode 34, which WordPress converted to the asymmetric 8220 and 8221. (I stay with the plain decimal numbers here, lest I accidentally trigger some other conversion.)

I just noticed that WordPress had engaged in another inexcusable modification of a text that I had posted as HTML by email—where a truly verbatim use of my text must be assumed.* Firstly, “fancy”** or typographic quotation marks submitted by me as “entity references”*** have been converted to literal UTF-8, which is not only unnecessary but also increases the risk of errors when the page or a portion of its contents is put in a different context.**** Secondly, non-fancy quotation marks that I had deliberately entered as literal UTF-8 had been both converted into entity references and distorted by a “fanciness” that went contrary to any reasonable interpretation of my intentions. Absolutely and utterly idiotic—and entirely unexpected!

*Excepting the special syntax used to include e.g. WordPress tags, and the changes that might be absolutely necessary to make the contents fit syntactically within the displayed page (e.g. to not have two head-blocks in the same page).

**I.e. the ones that look a little differently as a “start” and as an “end” sign. The preceding sentence should, with reservations for mangling, contain two such start and two such end signs in the double variation. This to be contrasted with the symmetrical ones that can be entered by a single key on a standard keyboard.

***A particular type of HTML/XML/whatnot code that identifies the character to display without actually using it.

****Indeed, the reason why I use entity references instead of UTF-8 is partially the risk of distortion along the road as an email (including during processing/publication through WordPress) and partially problems with Firefox (see excursion)—one of the most popular browsers on the web.

The latter conversion is particularly problematic, because it makes it hard to write texts that discuss e.g. program code, HTML markup, and similar, because there the fancy quotes are simply not equivalent. Indeed, this was specifically in a text ([1]) where I needed to use three types of quotation marks to discuss search syntax in a reasonable manner—and by this introduction of fanciness, the text becomes contradictory. Of course, cf. preamble, the current text is another example.

This is the more annoying, as I have a markup setup that automatically generates the right fancy quotes whenever I need them—I have no possible benefit from this distortion that could even remotely compete with the disadvantage. Neither would I assume that anyone else has: If someone deliberately chooses to use HTML, and not e.g. the WYSIWYG editor, sufficient expertise must be assumed, especially as the introduction of fancy quotes is easy within HTML it self—as demonstrated by the fact that I already had fancy quotes in the text, entered correctly.

Excursion of Firefox and encoding:
Note that Firefox insists on treating all* local text as (using the misleading terminology of Firefox) “Western” instead of “Unicode”, despite any local settings, despite the activation of “autodetect”, despite whatever encoding has actually been used for the file, and despite UTF-8 having been the only reasonable default assumption (possibly, excepting ASCII) for years. Notably, if I load a text in Firefox, manually set the encoding to “Unicode”, and then re-load the page, then the encoding resets to “Western”… Correspondingly, if I want to use Firefox for continual inspection of what I intend to publish, I cannot reasonably work with pure UTF-8.

*If I recall an old experiment correctly, there is one exception in that Firefox does respect an encoding declared in the HTML header. However, this is not a good work-around for use with WordPress and similar tools, because that header might be ignored at WordPress’ end. Further, this does not help when e.g. a plain-text file (e.g. of an e-book) is concerned. Further, it is conceptually disputable whether an HTML page should be allowed to contain such information, or whether it should be better left to the HTTP(S) protocol.

Written by michaeleriksson

November 29, 2018 at 8:27 pm

Wordpress at it again: Backups and security through obscurity

leave a comment »

The stream of outrageous incompetence by WordPress continues…

For the first time in half an eternity,* I decided to download a backup of my WordPress blog. In the past, this has resulted in (most likely) a zip-file being offered for saving. Today, however, I was met with a message that a link to this zip-file would be sent to my email account… The link, in turn, was valid for a full seven days, downloadable by any arbitrary Internet user, and protected only by (what I hope was) a random sequence of characters added to the file name. This is not only highly user unfriendly—it is also a great example of idiots relying on “security through obscurity”: It is true that no-one who does not know the random part of the file name (obscurity) will be able to download the file (“security”). However, with the state of email security, a great number of hostiles** would have had the opportunity to grab the email contents and find the link. To boot, this approach opens the door for simple errors or oversights by WordPress to open an unnecessary security hole, e.g. if a list with the current such links is similarly weakly protected… Other risks might exist, e.g. that it might be easier for a family member or visitor to get hold of the email/link than access to the WordPress account.*** In contrast, with the old system, the backup was transient and protected by the normal user-account controls—and if those are breached, it does not matter how backups are handled…

*This is not as bad as it sounds: I write all posts offline, with separate backups, in the first place; there are not that many comments; and I intended to leave WordPress at some point anyhow. Correspondingly, little data would actually be lost, if something bad happened.

**Notably, not necessarily parties hostile towards the individual blogger. More likely, it would be someone hostile towards WordPress or who sees WordPress as an easy source of data. Such a hostile would then watch the outgoing traffic from the WordPress mail-servers, grab all the links it could find, and then simply download everything. And, yes, many blogs will contain contents that are not intended for public viewing, including private blogs, blogs restricted to a smaller circle, and public blogs with unpublished drafts.

***Anonymous bloggers are not necessarily known to even a closer circle and even those who are might have contents not yet suitable for viewing by others. (This need not even relate to something truly secret, which would be foolish in the extreme to put on WordPress in any manner, but could include e.g. a draft of a post dealing with an upcoming proposal, surprise party, whatnot.)

If we consider only the delay, there might be see some justification to accomodate extremely large blogs, where there is at least a possibility that the time needed* for the creation of the backup might be too large for normal in-browser interaction. However, if so, the correct solution would be to present the download only within the account it self. Indeed, even if we assume that this type of linking was acceptable (it is not), the procedure is highly suboptimal: The link should have been presented in the confirmation page, not sent per email;** the availability time should have been far shorter (a day?); and the contents should have been deleted or otherwise made unavailable upon download (if something goes wrong, the user can always create a new backup).

*I received the email almost instantaneously, implying that my backup would have had to be at least one, more likely several, orders of magnitude slower than it actually was before this concern became legitimate.

**Or the contents behind an emailed link be password protected, with the password displayed in the confirmation page; or the contents only being served after a successful WordPress login.

Written by michaeleriksson

September 28, 2018 at 7:36 pm

EU’s General Data Protection Regulation (and Wordpress’ handling of it)

leave a comment »

Roughly a week ago, EU’s General Data Protection Regulation (GDPR) went into force, as many EU citizens have noticed in form of various emails from businesses* keeping their data, and a more global group in form of more, or more intrusive, alerts concerning use of cookies and whatnot. WordPress bloggers have probably also noticed a notification in their admin areas:

*While I will speak of “business” through-out, seeing that much of the discussion is in a commercial context, the regulation is not limited to businesses in the strictest sense, and replacing “business” with “organization” might be appropriate in some cases.

To help your site be compliant with GDPR and other laws requiring notification of tracking, Akismet can display a notice to your users under your comment forms. This feature is disabled by default, however, if you or your audience is located in Europe, you need to turn it on.

Below, I will briefly* discuss the GDPR, some of points relating to the Web, and why I will not follow the demand of the WordPress message.

*This is a very wide topic and a more complete discussion would require a considerable amount of both research and analysis.

By and large, the GDPR is a good thing, including a much needed change of philosophy (quoting the above Wikipedia page):

Business processes that handle personal data must be built with data protection by design and by default, meaning that personal data must be stored using pseudonymisation or full anonymisation, and use the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent, and cannot be used to identify a subject without additional information stored separately.

This quote alone addresses much of what troubles me with data handling, including that data security is often an afterthought and that users have to run through various settings (or even send a letter) to reduce data use. However, how much it will bring is yet to see, bearing in mind the difference between expectations on paper and their realization in real life, as well as various exceptions and softenings of the rules.

Unfortunately, this change of philosophy is also, indirectly, the source of much of the legitimate* criticism from the business world: Because existing software and procedures were built with a very different philosophy in mind, sometimes decades ago, the transition costs are enormous. On the positive side, while the costs after the transitional period** will be increased compared to the past, it will be by nowhere near as much as during the transitional period.

*As opposed to illegitimate criticism of the “you are spoiling our data party” kind. Other legitimate criticism includes unclear or delayed information from government institutions that have made it harder to implement the GDPR (see also the following footnote).

**In theory, businesses have had several years for this transitional period, implying that much of the cost should be history; however, from news reporting, it does not appear that this period has been used very well on average, implying that there likely will be an additional transition over the coming months. To boot, there are likely very many issues that will need resolution over the coming years, for reasons like later clarifications of regulation, upcoming court cases, and unforeseen practical obstacles.

At the same time, there are reasons to criticize it from a consumer point of view. For instance, the Wikipedia page also says:

Recital 47 of the GDPR states that “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”

This* is very unfortunate, seeing that direct marketing is one of the greatest sources of abuse of data and something many consumers are more upset with than sloppy data treatment per se.** More than that: If there had been stronger and more severe restrictions on various form of marketing, especially direct marketing, much of the reasons for data use and abuse of today would disappear, and we would almost automatically have a considerable reduction.

*This section of the Wikipedia page simultaneously and confusingly deals with both B2C and B2B marketing, and I must make some reservations for the correctness of my understanding.

**Say, when they give an email address in confidence to complete one purchase and are then spammed with unsolicited and unexpected offers to perform another on a regular basis. This is grossly unethical and should by rights be illegal; however, looking at Germany, the otherwise strong laws against spam were artificially weakened by the legal fiction that someone who had once bought something could be assumed to be keen on buying more, making the unsolicited messages quasi-solicited. This is of course an incorrect reasoning on at least three counts: Firstly, very many customers buy something once and never come back (and have no interest in coming back). Secondly, those who are interested in coming back will usually want to do so on their own terms, e.g. when they see a need. Thirdly, it makes an extremely customer hostile assumption about all those who strongly dislike such messages. As an aside, ethical marketing should always work on an opt-in basis, which is not the case here.

Looking at the German Wikipedia page, which differs considerably in content, there is a very odd claim:

Den Mitgliedstaaten ist es sonst grundsätzlich nicht erlaubt, den von der Verordnung festgeschriebenen Datenschutz durch nationale Regelungen abzuschwächen oder zu verstärken.

(Gist: It is not allowed for the member states to reduce or increase [sic!] the protection offered by the regulation.)

That no reduction is allowed is very positive, but the ban on an increase seems extremely ill-advised. Barring the influence of industry lobbyism, the only plausible seeming reason is to reduce complications when consumers and/or businesses from different (EU) countries are involved. Even so, there must be a better way*, because this way there is an artificial upper limit on consumer protections. Indeed, this could be a contributing factor to the existing protection in Germany being lowered in some cases, including criteria for the consumer’s acceptance of data use**.

*What, in detail, goes beyond the scope of this post, but an obvious step would be to allow stricter rules when both parties are situated in the same country.

**“Prinzipiell sind die Anforderungen an eine wirksame Einwilligung gegenüber dem deutschen BDSG reduziert: Die Schriftform ist nicht mehr die Regel, auch eine stillschweigende Einwilligungserklärung ist nach Erwägungsgrund (32) zulässig, wenn sie eindeutig ist.”

One of the more interesting changes from the English Wikipedia page is that “A right to be forgotten was replaced by a more limited right of erasure”. This is to some degree a limitation of consumer/user/whatnot rights; however, not one that I consider a bad thing: The original “right to be forgotten” always seemed disproportional to me, looking at gains for the individual and efforts needed from others, and also carried a risk of destroying/hiding knowledge, distorting history, …

The sheer amount* of “cookie warnings” and similar poses a considerable problem to comfortable surfing. This especially since the people who surf without cookies and JavaScript are often unable to get rid of them**; while even the rest will have a number of extra clicks to perform over the course of a day. A positive thing is that it becomes obvious how many sites actually use cookies et co, for no legitimate reason: If I enter an online shop to buy something, using cookies for the shopping cart is legitimate, but why would a cookie be needed when I am passively browsing a forum? Using a search engine? Looking at a static site with no means of interaction? My hope is that the mixture of this revelation, in combination with the increased annoyance for the visitors***, will force businesses to reduce their use of such technologies to some degree for fear of losing the visitors. Then again, if a sufficient proportion of the sites give such warnings, the users will have few alternatives and might remain anyway, taking a hit in usability on the way.

*I doubt that the amount will lessen over time, except as mentioned above, seeing that an earlier increase a few years ago, likely related to the original passing of the GDPR, did not.

**Somewhat paradoxical, seeing that these are normally not affected by the data use that necessitated the cookie warning.

***The negative effects of e.g. hidden user profiling do not hurt in such an obvious manner as the warnings: A pin-prick hurts worse than clogged arteries.

In a twist, keeping these warnings from re-occurring will require some way to keep tabs on the users, most likely through cookies… This can cause paradoxical situations where the warnings increase the amount of cookies, tracking, … performed.

A further complication is that the degree of tracking, the needed content of the warnings, whatnot, will not necessarily be under the control of the individual site, possibly necessitating a vagueness that makes the warnings misleading or unhelpful. Consider e.g. a site that uses a tracking network or that allows external content (notably advertising) that can on its pull in tracking functionality. Frankly, what we need are restrictions against user tracking, profiling, …, that goes considerably further than the GDPR—not just warnings.

I will not comply with the notification from WordPress (cf. above):

I do not actively gather or track any user data, except what is provided through e.g. comments and subscriptions*; I do not use cookies, JavaScript, …; I have no access to data excepting fully pre-anonymized read-only access statistics provided by WordPress (and the aforementioned comments etc.) To boot, I am blogging in a private capacity, as a natural person, with no monetary interests involved, which makes it likely that the GDPR does not apply to me in the first place (in this particular context).

*And even here the “actively” is typically limited to me passively accepting e.g. a comment through the wordpress software, reading (and possibly answering) it, and then forgetting that it is there.

Should* WordPress choose to engage in such practices in a manner exceeding the reasonable minimum, this is simply not my problem, not within my control, and contrary to my preferences**. WordPress, not I, has the responsibility to inform people correspondingly—better yet, it should cease these activities. An attempt to roll the responsibility over to the bloggers is unethical and amateurish. This especially seeing that the notification contains no reason whatsoever why it would be my duty to comply. Almost certainly, there is no such reason.

*Going by the privacy notice provided together with the notification, it appears that WordPress is abusive. This includes unethical over-tracking of user data, e.g. “browser type, unique device identifiers, language preference, referring site, […], operating system, and mobile network information” as well as potentially (depending on details unknown to me) unethical over-communication to e.g. “Independent Contractors” and “Third Party Vendors”. Cf. also an older analysis of WordPress’ privacy policy—a very similar document.

**If I had the power, I would explicitly forbid them to do certain things in relation to my WordPress blog. I definitely recommend readers to surf with cookies, JavaScript, …, off to the degree realistically possible, as well as to user various forms of anonymizers, in order to minimize their exposure.

To boot, if the responsibility were to reside with the bloggers, the means of communication chosen is entirely insufficient, and WordPress would have exposed its bloggers to an unnecessary period of involuntary law violation…

I note that the restriction to Europe* is somewhat arbitrary: The ethics of data economy, respect for user privacy, etc., does not end at borders, even should the law do so. It also raises so many questions and caveats that the typical blogger will not be able to make an informed decision without consulting an independent expert. For instance, what if a non-European blogger has an European following that he is not aware of? What if he blogs while spending time within Europe? Is this different for a one-week vacation and one-year period as an exchange student? Etc. With very few exceptions, he would have to activate these notifications in a blanket manner to be on the safe side.

*Of course, the GDPR does not apply to all of Europe to begin with, again making the notification too vague and poorly thought through.

What I will do is to add an extra page, giving fair warning that WordPress might be engaging in dubious practices outside of my control.

Note that the external pages quoted are unusually likely to undergo changes over time. The quotes reflect the state of the page at the time of my visit.

Written by michaeleriksson

June 3, 2018 at 11:20 am

A review of the new Wordpress/Automattic Privacy Policy

with 2 comments

A few days ago, I received an email that WordPress (more correctly, Automattic) was changing its Privacy Policy*. Fearing the worst, in the light of the unconscionable behavior of e.g. Facebook, I decided to review it. The results were depressing, although I have not investigated what was already present and what has changed for the worse: While it is not as bad as what Facebook does, it still leaves the user with minimal protections and reliant on WordPress/Automattic not engaging in abuse.

*I use initial caps for consistency with the (spurious) use in the analyzed text.

Below I will quote some selected parts (in the original order) and offer some analysis*:

*The policy can be found under https://automattic.com/privacy at the moment; however, these contents can naturally change over time. The policy is under the Creative Commons Sharealike 4.0 License, making re-use unproblematic; however, I see my use as covered under “Fair Use” and similar principles, and do not “copy-left” this post under that license. Some change of formatting and typography might have taken place.

This is our updated Privacy Policy going into effect on January 3, 2018.

(Provided for identification purposes only.)

Your privacy is critically important to us. At Automattic, we have a few fundamental principles:

We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
We store personal information for only as long as we have a reason to keep it.
We aim to make it as simple as possible for you to control what information on your website is shared publicly (or kept private), indexed by search engines, and permanently deleted.
We help protect you from overreaching government demands for your personal information.
We aim for full transparency on how we gather, use, and share your personal information.

A very promising start and a laudable attitude, provided that they actually adhere to it. Now, I raise no accusation concerning the actual use, here or below, for the simple reason that I do not know what actually happens with the data. However, in the continuation Automattic gives it self far-going rights that are not compatible with these principles, which raises considerable doubt as to the adherence—if they do not use these far-going rights, why collect them? Even without such rights, there is considerable reason to be cautious: Words are cheap and all-too-many websites abuse customer data in an inexcusable manner. The strength of a Privacy Policy, or e.g. a set of laws, must not be measured under the assumption of good intent and high competence.

Throughout this Privacy Policy we’ll refer to our website, mobile applications and other products and services collectively as “Services.”

(Given for interpretation only.)

Please note that this Privacy Policy does not apply to any of our products or services that have a separate privacy policy.

This is largely understandable, but it is opens a large opportunity for abuse, through simply smuggling in a more specific and less acceptable Privacy Policy while hoping that the users consider themselves under the general Privacy Policy. Even deliberate abuse aside, it makes it harder for the users to know what rules apply for any given service. (Giving a universal rule for how to handle this is impossible, seeing that there is virtually no limit to the constellations to consider; however, a basic guide-line would be to keep the general everywhere and to amend it as needed for the specific service under adherence to the “fundamental principles” stated above.)

We only collect information about you if we have a reason to do so—for example, to provide our Services, to communicate with you, or to make our Services better.

Looks good, but is an almost empty promise: “to make our Services better” alone is enough of an excuse for many service providers to gather any and all data they can get their hands on. At the same time, “to communicate with you”, in my personal experience, is usually code for “to spam you”.

We collect information in three ways: if and when you provide information to us, automatically through operating our services, and from outside sources.

These items are all too vague. For instance, does “you provide” include just what is entered in (in my case) the WordPress account or can it include data gathered from email communications? The “automatically through operating our services” is to some degree unavoidable, but can at the same time be abused in absurd ways, e.g. to build irrelevant and unethical profiles, including e.g. sleeping habits. The part about “outside sources” opens a limitless room for abuse. Combine these three claims, and we are not far from Facebook.

In the continuation the Privacy Policy provides a number of examples of what data can be collected and how. If these examples were exhaustive, it would alleviate the risk of abuse somewhat—but they are not. There are also enough examples remaining that range from slightly dubious to highly problematic.

Consider e.g.:

  1. Content Information: Depending on the Services you use, you may also provide us with information about you in the draft and published content for your website. For example, if you write a blog post that includes biographic information about you, we will have that information, and so will anyone with access to the Internet, if you choose to publish the post publicly.

    Depending on what is intended this is either trivial or harmless—or a sign that there is intention to make automatic evaluations. This might be OK for the actually published* content, but hardly for drafts. Indeed, even if they do have the technical ability to access drafts, they should be ethically or even legally forbidden from doing so**. Note that drafts can contain things that are simply not intended to reach third-parties, be it at all or at the current time. (Consider e.g. a whistle-blower intending to get out of harms way and then to publish a series of posts; or a homosexual having already written a draft with a “coming out” statement, which is waiting for a known-to-disapprove grand-parent to pass away.) Also note that even non-malicious access can increase the risk of inadvertently leaking information to other third parties, e.g. through a security hole or a lack of care***.

    *However, even here there should be some type of restriction, equivalent at least to the restrictions websites can state (but not enforce) through the Robots exclusion standard.

    **Except to the degree that an access is in the immediate service of the user, e.g. to allow him to edit the draft. (A general problem with the analyzed text is that it does not clearly differ between widely separate purposes, e.g. access and storage by the user through the service vs. access by the service provider independent of the user. This limits the analysis somewhat.)

    ***There have e.g. been a number of occurrences of confidential data being accidentally uploaded to servers freely accessible on the Internet without authentication and encryption. (Or possibly servers being accidentally made accessible post-upload—the result is the same.)

  2. Credentials: Depending on the Services you use, you may provide us with credentials for your website (like SSH, FTP, and SFTP username and password). For example, Jetpack and VaultPress users may provide us with these credentials in order to use our one-click restore feature if there is a problem with their site, or to allow us to troubleshoot problems on their site more quickly.

    With reservations for rare special cases, is is a horrifyingly bad idea to hand out such data to third-parties. Requiring such data, including providing services that require such data, is unethical; a user who complies is negligent.

  3. Log Information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Services—for example, when you create or make changes to your website on WordPress.com.

    The extent of data collected is too large, violating the principle of parsimony in data collection and bringing no or little legitimate benefit. Even browser information is highly dubious, seeing that a good site should work equally well with any browser; operating system is simply non of their business (and a correctly configured browser should hide such information anyway). Parts can be outright illegal in some countries*.

    *For instance, saving a non-anonymized IP address in Germany.

  4. Usage Information: We collect information about your usage of our Services. For example, we collect information about the actions that site administrators and users perform on a site—in other words, who did what, when and to what thing on a site (e.g., [WordPress.com username] deleted “” at [time/date]). We also collect information about what happens when you use our Services (e.g., page views, support document searches at en.support.wordpress.com, button clicks) along with information about your device (e.g., mobile screen size, name of cellular network, and mobile device manufacturer). We use this information to, for example, provide our Services to you, as well as get insights on how people use our Services, so we can make our Services better.

    Location Information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions. We may also collect information about your precise location via our mobile apps (when, for example, you post a photograph with location information) if you allow us to do so through your mobile device operating system’s permissions.

    Similar objections apply: Parts can be acceptable; others are definitely not so.

  5. Stored Information: We may access information stored on your mobile device via our mobile app. […]

    This is utterly and entirely unacceptable and grossly unethical. I do not use mobile apps (hardly mobile devices, for that matter), but if I did, this would be an immediate call for me to purge my devices of any and all apps underlying this Privacy Policy. I urge the readers to do the same.

  6. Information from Cookies & Other Technologies: [simplistic descriptions of cookies et al.] Automattic uses cookies and other technologies like pixel tags to help us identify and track visitors, usage, and access preferences for our Services, as well as track and understand e-mail campaign effectiveness and to deliver targeted ads. […]

    The use it self is highly disputable; email campaigns (aka spam) are unethical; targeted* ads at best ethically dubious and requiring unethical profile building.

    *In today’s Internet, the use of advertising in general might be called into question: The excesses of amount and intrusion have reached a point where an ad blocker and/or a blanket ban on images/Flash/JavaScript/whatnot per browser setting is a necessity. When it comes to advertising-driven “free” content, I apply the German phrase “Geschenkt ist noch zu teuer”—“Too expensive, even when gifted”.

  7. We may also get information about you from other sources. For example, if you create or log into your WordPress.com account through another service (like Google) or if you connect your website or account to a social media service (like Twitter) through our Publicize feature, we will receive information from that service (such as your username, basic profile information, and friends list) via the authorization procedures used by that service. The information we receive depends on which services you authorize and any options that are available.

    This is another unethical, Facebook-style, idiocy. The disclaimer about “The information we receive depends on which services you authorize and any options that are available.” might be OK if sufficient options are available and presented to the users in a reasonable manner (and/or default to “no sharing”)—but will they be? Worse, these controls are with yet another party, and now the user has to trust several parties to be both honest and competent… I urge all readers to turn any such settings off and to never engage in such “cross-site” activities. (I use a whole separate computer account for WordPress, e.g.)

  8. We may also get information from third party services about individuals who are not yet our users (…but we hope will be!), which we may use, for example, for marketing and advertising purposes.

    Doubly unethical: Firstly, this implies that individuals who have had no opportunity to read and accept/decline this Privacy Policy are affected by it. Secondly, the intended use at best amounts to ethically dubious advertising—at worst to outright spam.

A following section on (alleged) use is mostly OK, but contains:

To communicate with you about offers and promotions offered by Automattic and others we think will be of interest to you, solicit your feedback, or keep you up to date on Automattic and our products; and To personalize your experience using our Services, provide content recommendations and serve relevant advertisements.

The first amounts to spam; the second is again in the area of ethically dubious advertising. To boot, looking at WordPress (and almost any other service or software tool I have ever used), automatic personalization has no place and does/would do more harm than good: By all means, provide new options and ways of doing things—but let the user be in complete control of the choice whether to use them.

The following section on information sharing is, again, mostly OK, even if some of the talk of third-parties is on the vague side*; however, it contains at least two problematic items:

*The applicable use cases are reasonable and the third parties are required to adhere to the same rules as Automattic, but there is uncomfortably much room for third-party involvement. Note that the more parties are involved, the greater the risk that data are maliciously used, carelessly exposed to the public, or stolen through a security hole.

Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.

The given example is OK, as is, likely, aggregation in general; however, the “reasonably de-identified” is not: This allows handing out data in a per-user manner, and what is considered de-identified by Automattic need not actually be so. It is, in fact, very hard to remove the possibility to track back a non-trivial amount of data to a single individual. (I have no references at my hand, but I point more generally to discussions around the Germany census of 2011 for more information.) To illustrate the problems (without necessarily saying that this scenario would occur with Automattic) assume that I was blogging anonymously and had never made much mention of personal details, except that I was Swedish. Combine this with an IP address coming from Wuppertal, Germany, and this alone could be enough to nail me down. At any rate, there would be no more than a handful of potential candidates, and just one or two pieces of additional data would be enough to clear the others. So, OK, my being Swedish makes me more vulnerable than a German, but, critically, not by much: This amounts to a game of “twenty questions” and where two questions was enough above, a German posting from Germany might have been identified with, possibly, another five to ten*… Correspondingly, non-trivial amounts of non-aggregated data simply should not be exposed to third-parties.

*Consider the rapid reductions of the set of candidates that can occur through knowing not only place of residence but place of birth, alma mater, a previous employer, …

Published Support Requests: And if you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other users.

Such requests can contain information not suited for publication (and it would be insane to trust customer support with such decisions), and it is an unambiguous ethical duty to either collect a specific agreement for any individual such publication or to paraphrase and anonymize the text and other data to such a degree that no problems can occur*. To boot, there is a risk of outright abuse, e.g. in that someone writes a scathing complaint in anger or feigned** anger (which would be very understandable with WordPress), and that this complaint is then republished out-of-context by the service provider for revenge purposes.

*This is also recommendable because the original text can contain much that is irrelevant to the core issue and other users are helped by a corresponding filtering.

**I repeat my recommendation to take a hard line against incompetent support staff and uncooperative businesses, and to use increasingly harsher language during escalations so that it actually registers that customer dissatisfaction cannot just be shrugged off.

Various other items:

While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so.

Specifically WordPress is known to be highly problematic from a security point of view—and to large parts for reasons that code be avoided were Automattic doing a better job. This includes a better thought-through interface with greater consistency and less useless features, less reliance on JavaScript*, and, obviously, better code. Words are cheap.

*While JavaScript is always dangerous to some degree, it can become very highly problematic when third-party content is present, even in such a trivial situation like browsing ones own blog and encountering hostile or misprogrammed comments or ads.

To enhance the security of your account, we encourage you to enable our advanced security settings, like Two Step Authentication.

In many cases, such statements contain an implicit “and if you do not, we will assume that any breach was your fault and wash our hands”. (Whether this applies to Automattic, I simply do not know; however, I note that this, and a few other statements, are not part of anything that reasonably could be called “policy”, leaving the suspicion that the true purpose is not to state policy but e.g. to reduce or shift legal culpability.)

At this time, Automattic does not respond to “do not track” signals across all of our Services. However, you can usually choose to set your browser to remove or reject browser cookies before using Automattic’s websites, with the drawback that certain features of Automattic’s websites may not function properly without the aid of cookies.

Not respecting “do not track” is weak for a service provider with so large resources. Making a complex service without cookies can be hard, but it is usually possible, and some of the uses on at least WordPress are of negative value. For instance, when I try to confirm a comment subscription not made with my WordPress account, using the provided link, WordPress steps in, matches it with my WordPress session, and refuses the confirmation, claiming that it does not know the email address used for the subscription—thereby forcing me to use another browser for such confirmations. Utterly, utterly idiotic and amateurish.

Automattic encourages visitors to frequently check this page for any changes to its Privacy Policy.

Unacceptable: People have better things to do than over and over again visiting any Privacy Policy, T & C, whatnot, that any of the multitude of online services provide. It is Automattic’s job to gather consent for any and all changes. Anything else is ridiculous and unrealistic. (But, unfortunately, this follows a current destructive trend of various businesses doing their darnedest to make consent to various conditions more-or-less automatic and actual access to said conditions as hard as possible. This even outside the Internet, where I have e.g. received notifications from banks that amount to “Our conditions have changed. The conditions are available in our offices. If you do not object to the changes by X, this is considered consent.”—utterly unconscionable, especially since the changes normally would have fit in the notification message at virtually no additional cost.)

Written by michaeleriksson

December 20, 2017 at 8:49 am

Posted in Uncategorized

Tagged with , , , ,

Post by Email and current situation (follow-up on line length)

leave a comment »

As I wrote in an earlier post, there was problem with spurious line breaks when using “Post by Email”.

This is probably explained by emails having an old upper limitation on line length of 998 characters. This implies that WordPress is either not the one doing the breaking (but my mail client or one of the involved mail servers) or that it is doing the breaking in an acceptable manner.

For my last post, I simply inserted artificials line breaks at the last space before the 999 character of each potential line and everything appears (knock on wood) to have worked.

I suspect that it is OK to just send the email in normal formatting and that my original removal of all line breaks was unnecessary (unlike with the web interface), but have not yet had the time to test this.

Written by michaeleriksson

April 16, 2016 at 9:26 am

Posted in Uncategorized

Tagged with , ,