Plugins phones home

  • Resolved Thomas M

    (@webzunft)


    6 years, 4 months ago

    Hi there,

    using Query Monitor I noticed that the plugin phones home to https://api.awesomemotive.com/v1/notification/.

    I can not remember to have allowed this (especially since I noticed it on a local test site) and don’t see an option to disable it again.

    Since this is against the plugin repo terms I would kindly ask you to remove that call.

    Thomas

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Jared Atchison

    (@jaredatch)

    6 years, 4 months ago

    Hey Thomas,

    That is our product announcement feed. We use that to push update information etc to users very occasionally.

    In our next version, which should go out in the next few weeks, it contains a simple checkbox setting to opt out and disable entirely. 🙂

    Thread Starter Thomas M

    (@webzunft)

    6 years, 4 months ago

    I just saw https://wordpress.org/support/topic/http-calls-to-your-api/ where you also explain this.
    My concern is not about performance, but about privacy. This part in your code is clearly against #7 of the Plugin Guidelines:

    $response = wp_remote_retrieve_body( wp_remote_post( $this->api_url, array(
 'body' => array(
 'slug'              => $this->plugin,
 'version'           => $this->plugin_version,
 'last_notification' => $notification_id,
 'plugins'           => $this->get_plugins_list(),
 'themes'            => $this->get_themes_list(),
 ),
) ) );

    You have a useful plugin and I would like to keep it.

    Thanks

    Plugin Author Jared Atchison

    (@jaredatch)

    6 years, 4 months ago

    I understand your concern, totally.

    Currently this information is sent to our API because it’s simply used to determine what announcement to show. Eg: show WP Mail SMTP users < vX.X an announcement about updating.

    I can say *none* of this information is stored or collected in any way. It’s only used for the API side logic for determining which announcement is applicable (if any).

    Lastly, in addition to providing the opt out setting in the next release, we are working on refactoring our API to resolve these concerns.

    Right now all the details get sent to the API, which handles the logic. What we are going to be switching to is the API will return all notifications and then the logic will happen in the plugin. This means no details will need to be passed!

    Anyways, I just wanted to let you know we are taking steps to ease the (valid) concerns. 🙂

    Thread Starter Thomas M

    (@webzunft)

    6 years, 4 months ago

    Hi Jared,

    thanks for your detailed reply.

    I could personally accept this if you wouldn’t send the list of Plugins and Themes. This is too much personal information in my point of view.

    I would like to see a member of the plugin repo estimate if without that information it would be an allowed call or still be against the guidelines.

    Thomas

    Plugin Author Jared Atchison

    (@jaredatch)

    6 years, 4 months ago

    Hey Thomas,

    I completely understand your concerns. As I stated above that we don’t store any of this data on our servers. It’s simply used to send the right notification and avoid duplicate notification (since WPForms and WP Mail SMTP are both owned by WPForms).

    However we do take privacy very seriously, and if it’s even a remote concern for any of our users, we stay clear from it.

    So we’ve taken your feedback and removed both the plugin and theme detect. We’ve also added the ability to disable notification feed altogether (version 0.11.2 just went out). It may cause some duplicate notification for users that might be using both SMTP and WPForms, but we rarely send them anyways, so hopefully it wouldn’t be a huge issue.

    Once again, thank you for expressing your concerns. We always appreciate constructive user feedback because it helps us improve our product.

    Looking forward to having you as a continued user of our plugin.

    Thread Starter Thomas M

    (@webzunft)

    6 years, 4 months ago

    Hi Jared,

    thank you for addressing my concerns quickly and professionally!

    Thomas

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Plugins phones home’ is closed to new replies.