your suggestion is not helpful. are you really claiming that i have no right to expect my machines to be online and accessible for my own limited purposes and also secure and inaccessible to unauthorised uses? that security is unobtainable, so we should simply open up our machines to spyware, viruses and crackers? and that the only other alternative is to unplug them?
a real ping is an ICMP packet and it doesn't contain any information like URLs. if my machine was sending out pings to strange hosts i wouldnt consider it spyware but i would consider it an indication of a security problem, that something was wrong, that something couldn't be trusted.
these 'pings' wordpress sends are not simple ICMP packets. i didn't enable any option for these 'pings' and i have not yet been able to find the option to turn them off, so yes, i do consider them a form of spyware. spyware is any software that sends out information about me without asking me first if i want that information sent out. yes, this definition probably does include a lot of closed-source software that 'phones home', but that's why i'm running open source software. i assumed that if anyone tried to put stuff like that into an open source project, the 'many eyes' would find it and remove it.
in this case, no harm was done, but i'm not going to run wordpress again until i have time to do a full code audit. i don't even know what these 'pings' contain. i'm assuming it is just a URL, but for all i know it could be a post title, a post abstract, or even the full body of a post. on a private site that contains sensitive information that risk is not acceptable.