This post is a fundamental yet humble statement to make awareness and asking for an action in order to bring transparency to the “Trackers” that are being installed in WordPress sites along with the plugins that are available in WordPress.org plugin repository.
In this post the term ”Trackers” addresses the “tracking codes”, it means the codes and/or scripts that collect certain information about activities, functions and behaviour of a website, its users and visitors. Codes for the Stat Counters are most common types of the “trackers”. I need to clarify not all the trackers are harmful, suspicious, unwanted or hidden.
Few weeks back I installed WordPress directly on a web-server to make only one page for a showcase purpose. Right after the installation I activated only 2 plugins; 1. Akismet 2. A sharing button plugin ¹.
As usual after activating the plugins, I returned to the front-end to see if everything is alright, then I noticed Ghostery² notifications show thirteen trackers. I check the list of trackers provided by Ghostery and double checked the list by using “Built With” browser add-on³ . There were five trackers not related to any social network included in sharing buttons, and I never heard about three of the trackers. Having a fresh install of WordPress, the default theme and Akismet as the only other plugin, puts the existence of all the trackers on the sharing plugin’s account.
Finding these trackers which are sending data to some advertising systems made me try some other plugins, and I’m a bit shocked by the result. There are many trackers that use WordPress plugins as a carrier to collect information from the sites using those plugins.
Why the trackers create an important concern?
There are a plenty of reasons and risks that should make us cautious about the trackers. Here are some of the reasons and vulnerabilities:
- Activities of these trackers are clearly against WordPress Plugin guidelines. The clause 7 states: “No “phoning home” without user’s informed consent” and “No unauthorized collection of user data”. These trackers can also be subject to clause 9: ”The plugin must not do anything illegal, or be morally offensive.”
- WordPress now and only a decade after creation is the world’s number one CMS with tens of millions of users including: developers, designers, webmasters, editors, authors and bloggers. Everyday WordPress powered sites and applications are visited and viewed billions of times by all the internet users. Allowing the hidden trackers to function in WordPress atmosphere is a social privacy issue in a global scale.
- Many of the users who install and work with WordPress are non-technical people. They are using WordPress because of the trust, flexibility and amazing features offered by WordPress and its rich plugins. Yet these people might be unable to detect threats or risks that trackers may cause. WordPress must hold on its principles and protect these users from being used with no consent and awareness.
- Even if the hidden trackers cause no risk a user has the absolute right to decide whether to allow or disallow data collection by an advertising platform or any other third-party.
- There was a time when a few voices were alerting about the massive surveillance through the internet giants such as Google, Microsoft and Facebook. Most of us did not want to listen, some of us even called those voices illusionistic and took their message as “conspiracy theories”, It was only after Edvard Snowden’s story and NSA leaks that many of us faced the truth.
We never know; if we don’t stop the unwanted and hidden trackers now, When we might face the unwanted consequences.
- WordPress name is fairly bonded with Open Source, GPL, Freedom of Software, Community Development, Defending Freedom of Internet, Liberalising Publishing and so on. How on the earth we shall allow such the innocent brand, fame and respectable values be possibly undermined because of the trackers!
- There are countless of decent and professional developers who contributed their talent and skills to the world by sharing their priceless plugins on WordPress repository. My memory and limits of a blog post don’t allow me to mention their names and their great softwares, yet as an example I would like to highlight the professionalism of Joost de Valk(Yoast) a developer that his WordPress Plugins have been downloaded 13,928,900 times by the time I’m writing this post. About a year back when Yoast needed to collect usage data via his famous SEO plugin. He simply released an update and made the plugin asks for users permission. I’m sure many of the users accepted, and his plugin has evolved greatly by including latest “Social SEO” features. Keeping silence against trackers is helping no one it stops the productivity, and it’s certainly unfair to the decent developers and harmful to the whole community.
How to Bring Transparency?
It’s not about stopping the current trackers via the plugin repository What we need is the transparency not a ban. Trackers are useful in many cases, and we have to use them unless a tracker is harmful.
If someone asks Can transparency hurt the popularity of the plugins?
The answer is: Not at all, The highest level of transparency is the “Open Source” itself. Can we imagine where WordPress would be now if it was not an Open Source platform? First Step is to believe that in many ways transparency is helpful for all of us.
The whole WP ecosystem including paid plugins and themes should be transparent about the trackers, as well.
The solution should be according to WordPress policy that encourages developing plugins with a minimum hassle and avoids complex regulations.
The Solution should also be scalable, considering the volume of the job for the review team.
There are more than 28000 plugins in the repository, and I guess the number grows about 20% per year. We need to include updates too, It all shows asking the plugin review team to be more detailed about the trackers is not a productive approach.
The solution must come from the community and get done by the community.
The ground is only ready if people at the WordPress Foundation and Automattic acknowledge the trackers transparency is a priority. Then they have both experience and skill to offer a suitable solution.
“Trackers Transparency” Pyramid:
It’s a sample roadmap to deploy trackers transparency through out the whole WordPress Ecosystem.
After WordPress heads recognized to give a high priority to this issue and upon publishing a few blog posts by the major influencers, The community interactions will create awareness and ignite an online brainstorming to figure out the best approaches and practices.
Hopefully, The final goal of transparency is to encourage all WordPress Users ( Webmasters) to publicly announce all the trackers and cookies of their sites to the public ( visitors and viewers of WordPress Sites).
On the repository stage, maybe a simple badge system encourages plugin developers to list down the trackers included in their plugins somewhere along with plugins information. FAQ and “Other Notes” tabs provide a plenty of space for publishing a small list.
That’s all I had to say, I’ve started from this blog and here you can find the list of trackers. I hope this issue get the attention it deserves through the whole community and specially by the WordPress icons and influencers.
1. I do not intend to reveal “the sharing button” plugin that made me to address the trackers issue. But it’s easy to try, install a WordPress site and add some plugins and find out the trackers they inject into your site without your consent.
2. Ghostery is an app installable of all the major web-browsers to identify and block the trackers that are active on the websites you visit. More Info: http://www.ghostery.com/
3. “BuiltWith” is a company that tracks technology trends with very sophisticated tools. Luckily they still offer a free browser add-on. More Info: Builtwith.com
disclaimer: This Weblog does not contain any type of promotional content and/or affiliation links. The information I share is based on my best knowledge and honest opinions, Please feel free to share your feedbacks and show that you like the independent and non-commercialized blogging by sharing this post.
*WordPress Icon Credit at the featured image: Mike Koeng