Violation of privacy | WordPress.org

Resolved Martin Stanek
(@infomartinstanekcz)

10 years, 11 months ago

This plugin violates personal privacy by sending data about activation to http://www.webfwd.co.uk/_other/pluginactivate.php. Since this behavior is not documented and the URL is base64 encoded, it is obviously malicious. Incriminated function is “getdata” in sml.php.

http://wordpress.org/extend/plugins/mail-subscribe-list/

Viewing 3 replies - 1 through 3 (of 3 total)

esmi
(@esmi)

10 years, 11 months ago

Please send these details to plugins [at] wordpress.org.

Thanks.

Plugin Contributor Richard Leishman
(@webfwd)

10 years, 11 months ago

Sorry as I am not storing any information about your website I did not realise this would be in violation of the privacy policy.

The code is there for me to keep track of how many users are actively using the plugin instead of just number of downloads. I do not keep/store any information, It does send other information to my server such as website name but this is only to distinguish one install from another. There is nothing malicious about this.

I will ensure that this is displayed on the read me from today.

Moderator Ipstenu (Mika Epstein)
(@ipstenu)

🏳️‍🌈 Advisor and Activist

10 years, 11 months ago

Richard, that is direct violation of our guideline that says no phoning home. Please remove it from your plugin ASAP.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Violation of privacy’ is closed to new replies.

In: Plugins
3 replies
4 participants
Last reply from: Ipstenu (Mika Epstein)
Last activity: 10 years, 11 months ago
Status: resolved