Stories
Slash Boxes
Comments

SoylentNews is people

Automattic Says Spooks Asked for Something It Can't Reveal

posted by janrinok on Wednesday July 29 2015, @02:03AM   Printer-friendly

Arthur T Knackerbracket has found an interesting story:

Automattic, the company behind content management and blogging platform WordPress, has complained that it can't reveal the full extent of state intelligence agencies' requests to probe users' accounts.

The company's new National Security report reports that the company's recorded zero “national security requests” in 2015's first six months. But the report then offers this observation:

The post goes on to say “By preventing us from sharing a more precise number of requests, the current disclosure rules diminish the trust that our users place in us and our services. For now, we are disclosing the maximum amount of information allowed by law.”

Automattic's unhappy with that so has joined the Twitter-initiated effort (PDF) to get the US attorney-general to change the rules in order to allow more detailed reporting of intelligence agency requests.

That effort could take years to resolve, so until it does it seems safest to assume that even though companies list small quantities of intelligence agency action, the reality may be rather different. ®

Original Submission

 
This discussion has been archived. No new comments can be posted.
Automattic Says Spooks Asked for Something It Can't Reveal | Log In/Create an Account | Top | 31 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Informative) by DECbot on Wednesday July 29 2015, @04:23AM

    by DECbot (832) on Wednesday July 29 2015, @04:23AM (#215249) Journal

    While it seems clear that some three-letter agency hit up Automattic, the question remains, what were they after? While it would seem automatic to ask for user account info and ip addresses for blogs hosted at wordpress.com, but Automattic is in a position to provide more. Say you host a wordpress blog on your own server. You rationally setup your apache server, lock down your php, and secure your MySQL server, download the wordpress installer and ensure that auto-updates are enabled, you even surveyed the post install tables and php files to make sure nothing fishy was going on.... but have you ever checked the automated update to ensure it doesn't pass along your SQL server user and password along to spook@fbi.gov while updating your files? Have you checked to see if it records IP addresses with posts and comments? Can you trust your wordpress install on your own server?

    --
    cats~$ sudo chown -R us /home/base
    Starting Score:    1  point
    Moderation   +2  
       Interesting=1, Informative=1, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 0) by Anonymous Coward on Wednesday July 29 2015, @03:24PM

    by Anonymous Coward on Wednesday July 29 2015, @03:24PM (#215499)

    Well, WordPress *is* open source so I'm sure *somebody* checked the code... I mean, I thought you were doing that...