Support » Plugin: Membership Plugin - Restrict Content » Please Remove Freemius

  • I”m very disappointed that you added Freemius. It is a very bad decision. It is a huge privacy issue.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author James Welbes

    (@highprrrr)

    Hi @dmccan!

    Not sure that warrants a 1 star review. I’m not sure people understand how harmful those can be =[

    Can you explain briefly how this is a privacy issue? It’s a 100% voluntary, double opt-in service that allows us to collect non-sensitive information.

    If there’s a legitimate privacy concern with Freemius that we’re not aware of we’d definitely appreciate any insight you might have.

    Thread Starter dmccan

    (@dmccan)

    Hi James,

    I installed the free version of Restrict Content plugin to test it.

    1) After installing the plugin there is an admin notice that doesn’t have the option to dismiss it that says “You are just one step away – Complete Restrict Contact activation now”. So, the plugin is activated but that message remains and it erroneously implies that it is not activated. This type of message is used to make the end user uncertain if the product will work correctly at this point and so try to get them to click on it. It is not a mistake. It is what the FCC refers to as a dark advertising pattern which are used to get people to give access to more personal information. The only way to dismiss it is to click on it, which takes you to an opt-in screen for Freemius.

    2) If you check the outgoing HTTP requests at this point, before doing anything else and having not clicked an opt-in to Freemius, you will see that your plugin has made a call to the Freemius server:

    https://api.freemius.com/v1/plugins/10401/ping.json?uid=4f9cdbdeb008a586fde1babc8be5fb3f&is_update=false&version=3.1.6&sdk=2.4.5&is_admin=true&is_ajax=false&is_cron=false&is_gdpr_test=0&is_http=true&sdk_version=2.4.5”

    I think that the number on the URL 10401 corresponds to the plugin ID for Restrict Content. Of course the HTTP request carries with it the IP address of the site that Restrict Content was installed on. Congratulations, the install of the free version with the associated IP address of the server has been recorded, but there has been no opt-in. This may violate the WordPress.org plugin policy against “phoning home.”

    3) When you look at the Freemius opt-in screen it appears that the user is being informed what will happen if they opt-in, the fact that a user account is created for that user on the Freemius server is not disclosed. Also, a user account page is then added to the site so that the user can be marketed to for upgrades. This is also not disclosed.

    4) I did not test it with Restrict Content because I didn’t want to opt in, but in my experience with other Freemius products, even if you do not respond to the email sent, from that point Freemius phones home every day with site information. The email is actually an opt-in to email marketing, which is also not clearly disclosed.

    Test it yourself on a site that has had no Freemius product before and with an email that has not been used with a Freemius product before and acknowledge that 1-3 works as I experienced. I used the plugin “snitch” from the WP plugin directory to record the outbound HTTP call. Don’t opt-in, just wait and the outbound call is made. I imagine that your iThemes Security team has even better tools to track that kind of thing.

    Please remove Freemius.

    Thread Starter dmccan

    (@dmccan)

    PS, you need to install and activate the snitch plugin before installing Restrict Content.

    Plugin Author James Welbes

    (@highprrrr)

    Interesting. Given how popular it is I highly doubt it violates WordPress phone home policies, but it’s worth looking into just in case.

    We plan to move away from freemius at some point as a company, but at the moment it’s just the easiest way to accomplish what we want and making something custom just isn’t a high priority at the moment.

    We do appreciate your feedback. Tho we likely won’t be removing freemius any time soon it’s good to get feedback like this that confirms our long term plan.

    Is there any chance I can convince you to change your 1 star review? I know you didn’t get the response you were hoping for but we do take all feedback very seriously even if we choose not to act on it every time.

    I will see if we can update the language to make it more clear that the plug-in will function even if you don’t opt in.

    Paul Jones

    (@pauljonesdesign)

    Hi James,

    Great work you are doing over at The Events Calendar.

    I saw from a recent update there is new autoload data from Freemius in the database under – fs_accounts – when you install Restrict Content from iThemes.

    I’ve seen this autoload data grow quite large on another website built using a theme using Freemius in their Pro version.

    When you move away from Freemius, do you plan to create a tool for end users to remove this autoload data?

    I may be wrong, at the moment, when you delete the plugin the Freemius autoload data still stays there.

    • This reply was modified 4 months ago by Paul Jones.
    • This reply was modified 4 months ago by Paul Jones.
    Plugin Author James Welbes

    (@highprrrr)

    @dmccan our developer is investigating some things based on your recommendations. Will keep you posted.

    @pauljonesdesign That’s a very good question! I’ll do some digging and see what I can find.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this review.