{"id":6,"date":"2022-02-01T22:10:01","date_gmt":"2022-02-01T22:10:01","guid":{"rendered":"https:\/\/b.fi-works.de\/?p=6"},"modified":"2023-12-14T11:43:39","modified_gmt":"2023-12-14T11:43:39","slug":"wordpress-accesses-external-resources-by-default","status":"publish","type":"post","link":"https:\/\/b.fi-works.de\/?p=6","title":{"rendered":"WordPress \u2014 Accesses external resources by default!"},"content":{"rendered":"\n<p>A freshly installed unmodified version of <a rel=\"noreferrer noopener\" href=\"https:\/\/wordpress.org\/news\/2022\/01\/josephine\/\" target=\"_blank\">WordPress 5.9 \u201cJosephine\u201d<\/a> sadly access 3rd party servers when opened in a web browser. I noticed the following access attempts on the home page:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" href=\"https:\/\/secure.gravatar.com\/avatar\/3febc554f4202125a2d8b656624c282a?s=52&amp;d=mm&amp;r=g\" target=\"_blank\">https:\/\/secure.gravatar.com\/avatar\/3febc554f4202125a2d8b656624c282a?s=52&amp;d=mm&amp;r=g<\/a><\/li><li><a rel=\"noreferrer noopener\" href=\"https:\/\/secure.gravatar.com\/avatar\/3febc554f4202125a2d8b656624c282a?s=128&amp;d=mm&amp;r=g\" target=\"_blank\">https:\/\/secure.gravatar.com\/avatar\/3febc554f4202125a2d8b656624c282a?s=128&amp;d=mm&amp;r=g<\/a><\/li><\/ul>\n\n\n\n<p>I.e. any website created this way contains a tracker by default!<\/p>\n\n\n\n<p>The images are used to display avatars for the logged in users. I suspect the long hexadecimal part of the URL is a hash of the user name. Thus gravatar.com would receive information about my (admin) user name!<\/p>\n\n\n\n<p>Gravatar is not mentioned on the <a rel=\"noreferrer noopener\" href=\"https:\/\/wordpress.org\/support\/article\/wordpress-privacy\/\" target=\"_blank\">WordPress Privacy<\/a> page.<\/p>\n\n\n\n<p>This shows a lack of concern about privacy by the makers of <a rel=\"noreferrer noopener\" href=\"https:\/\/wordpress.org\/\" target=\"_blank\">WordPress<\/a>. For site owners this could actually cause legal problems if their privacy policy promises not to share data with 3rd parties.<\/p>\n\n\n\n<p>It&#8217;s a good thing I block gravatar.com using <a rel=\"noreferrer noopener\" href=\"https:\/\/www.obdev.at\/products\/littlesnitch\/index.html\" target=\"_blank\">Little Snitch<\/a> \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A freshly installed unmodified version of WordPress 5.9 \u201cJosephine\u201d sadly access 3rd party servers when opened in a web browser. I noticed the following access attempts on the home page: https:\/\/secure.gravatar.com\/avatar\/3febc554f4202125a2d8b656624c282a?s=52&amp;d=mm&amp;r=g https:\/\/secure.gravatar.com\/avatar\/3febc554f4202125a2d8b656624c282a?s=128&amp;d=mm&amp;r=g I.e. any website created this way contains a tracker by default! The images are used to display avatars for the logged in users.&hellip; <a class=\"more-link\" href=\"https:\/\/b.fi-works.de\/?p=6\">Continue reading <span class=\"screen-reader-text\">WordPress \u2014 Accesses external resources by default!<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6","post","type-post","status-publish","format-standard","hentry","category-uncategorized","entry"],"_links":{"self":[{"href":"https:\/\/b.fi-works.de\/index.php?rest_route=\/wp\/v2\/posts\/6","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/b.fi-works.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/b.fi-works.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/b.fi-works.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/b.fi-works.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6"}],"version-history":[{"count":1,"href":"https:\/\/b.fi-works.de\/index.php?rest_route=\/wp\/v2\/posts\/6\/revisions"}],"predecessor-version":[{"id":7,"href":"https:\/\/b.fi-works.de\/index.php?rest_route=\/wp\/v2\/posts\/6\/revisions\/7"}],"wp:attachment":[{"href":"https:\/\/b.fi-works.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/b.fi-works.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/b.fi-works.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}