the secret code
you have downloaded a free wordpress theme, right? what to think about your own privacy when this secret code is coming into action?
This photo was taken on November 3, 2008.
This photo belongs to
This photo also appears in
License
-
Some rights reserved
- Request to license DailyM = Differentieel + JeeeM's photos via Getty Images
Privacy
-
This photo is visible to everyone
keyboard shortcuts:
← previous photo
→ next photo
L view in light box
F favorite
< scroll film strip left
> scroll film strip right
? show all shortcuts
-
Photo license:
Some rights reserved
Comments and faves
Niek ten Hoopen (44 months ago | reply)
Daar heb ik vaker varianten van gezien... blijf dat achterbakse praktijken vinden.
dumpsterButt (44 months ago | reply)
That code isn't very "secret."
All it does is send an email whenever the theme has been activated. That way I can do simple tracking on it and determine the theme's popularity.
Remove it if you'd like, but I guarantee that function is in a lot of free themes floating around.
DailyM = Differentieel + JeeeM (44 months ago | reply)
@dumpsterButt why should you? you have your download figures. or don't you count.
about the others: are you going to jump in the sea when it's freezing when all the others do?
dumpsterButt (44 months ago | reply)
Download figures and activation figures are very different. This is very simple, basic reporting code - nothing more. All I track is the domain the theme activated on, that's it.
As a free theme creator, all it does is help me gauge the theme's popularity, so I know what to design or not design in upcoming ones. I'm not gathering any private info whatsoever (and can't).
Have you tried the code yourself to see how it works? Run the code on any theme you have, and see for yourself how it works.
DailyM = Differentieel + JeeeM (44 months ago | reply)
and this is what Smashing Magazine says:
woordenaar (44 months ago | reply)
So changing between theme's will send loads off messages? Cool! *evil grin*
Niek ten Hoopen (44 months ago | reply)
@woordenaar:
Nope, it checks if "whatwhat.css" exists in the theme folder on the server. If this file does exist, it will delete the file and send the e-mail. Next time the file is gone and no mail will be sent.
Bert Kommerij (44 months ago | reply)
Hi, I'm an admin for a group called Media Me, and we'd love to have this added to the group!
dumpsterButt (44 months ago | reply)
@DailyM - smashing did email me, and I let them know exactly what it does - it doesn't pass any private info whatsoever. In fact, a few of their other free themes (that weren't created by me) use the same code.
You're making this out to be something evil, and if you'd just run the code yourself, you'd realize it does zero harm.
Niek ten Hoopen (44 months ago | reply)
@dumsterButt:
I have to agree with DailyM. Code that uses someone else's server and sends an e-mail on the background is malicious, especially when the user does not know anything about it.
Fair enough, it's quite harmless and a lot of themes have a built in tracking code. But still.. it's definitely spyware.
There should be other ways to track if somebody uses your theme. Notify the user before the script sends the mail, or just don't send an e-mail. (You could also consider to e-mail the user and ask him to notify you by clicking a link or something)
Don't take it personal, it's not just about you. I just think there should be more awareness about this issue and I hope Smashing will give it some attention.
dumpsterButt (44 months ago | reply)
It'd be malicious if it were sending personal information or using servers to spam or anything alike. In this case, it's a basic one-time trackback and is the only way I've found to be able to count theme activations. All it reports is the domain name where the theme activated at; nothing more. It's hardly spyware since nothing that isn't public knowledge is being passed through.
DailyM = Differentieel + JeeeM (44 months ago | reply)
@dumsterButt:
you don't see the point don't you?
it's all about "respect for your fellow man"
privacy is about that respect.
it's about a "way of thinking" we're talking about.
not about a piece of code.
we, your customers, like to decide by our selfs if we are going to send you a message or not. you do not have to do that for us.
dumpsterButt (44 months ago | reply)
No, I see your point, and it would be valid if I were actually gathering private information but am not. Out of respect for the individuals that use the theme, I've used the most unintrusive, basic technique to do simple reporting on theme popularity.
I see your point, but still have yet to see the validity of it in this case.
dumpsterButt (44 months ago | reply)
And even though I disagree with your thoughts, just wanted to let you know the code has been removed and new files should be live here shortly.
sandervdv added this photo to his favorites. (43 months ago)
Niek ten Hoopen (43 months ago | reply)
@dumpsterButt:
I wrote a blog about it in Dutch: niektenhoopen.nl/2008/11/08/spyware-in-wordpr ess-themes/
It's mainly about the possible threats. For example: malicious code could send 100 mails to random e-mailadresses when a visitor reads a article. One of the solutions (which isn't totally foolproof) is to always download the theme directly from the author's website. (So I guess that's also a solution for your problem, dumpsterButt :-))
At the end of the article I also explain that you removed the code. "Hulde" means something like "homage" :-)