Sam RoseSo I've developed a plugin called "LBAK User Tracking". What it does is log every page click on your blog and report it to you in a table (and an optional dashboard widget). What I'm worried about is, is this ethical? It tracks a lot of info, here's a list for you:
Display name
User ID
User Level
IP address
Real IP address (attempts to find the IP address behind a proxy)
Referrer
Time of click
User agent (gets browser and OS info)
Page name
GET variables
POST variables
Cookies
My main concern is the POST variables... It can log unencrypted login info ^_^ I could stop it logging that but there's nothing stopping anyone with PHP/WordPress API knowledge from just editing the code and making it log unencrypted passwords.
Thoughts and feelings?
