✨ Visual Editor

close

palette Canvas & Background

Gradient:arrow_forward
Text Color:
135Β°

style Card Style

40px
16px

text_fields Typography

16px
Sybre Waaijer
@SybreWaaijer
Fun fact: WooCommerce collects your sensitive information without asking for consent.

Luckily, it merely consists of about 1000 data points.

Let's dive into it... 🧡

Disclosure: I'm a WooCommerce Marketplace partner.
Thread image
Sybre Waaijer
@SybreWaaijer
During installation, the "opt-in" box is pre-checked and easy to miss on larger screens.

According to the EU, this is considered opt-out, not opt-in.
Thread image
Sybre Waaijer
@SybreWaaijer
When you connect your store to Woo's services via "WooCommerce > Extensions," they'll automatically enable tracking for you β€” this time, without requesting any consent at all.
Thread image
Sybre Waaijer
@SybreWaaijer
You can disable this tracking at: WP Admin > WooCommerce > Settings > Advanced > WooCommerce dot com > Allow usage of WooCommerce to be tracked.
Thread image
Sybre Waaijer
@SybreWaaijer
All this tracking is done via class WC_Tracker. With this data, they'll know exactly how many customers you have.

The file header states: "The WooCommerce tracker class adds functionality to track WooCommerce usage based on if the customer opted in. No personal information is tracked, only general WooCommerce settings, general product, order and user counts and admin email for discount code."
Thread image
Sybre Waaijer
@SybreWaaijer
OK, cool. So, what data do they collect? Here's a small list:

- Unique identifier
- Domain name
- Email address
- Theme
- WordPress version and locale
- Server information
- Active plugins and their author names
- Inactive plugins and their author names
- Jetpack installation status
- Number of users and their roles
- Number of products and their types
- First and last order date
- Order statuses (completed, failed, refunded, pending, etc.)
- GROSS REVENUE
- Payment provider revenue (PayPal, Stripe, Braintree, etc.)
- Number of reviews on products
- Details of the first and last 20 orders
- Payment gateway configurations
- Enabled WooCommerce features
- Currency
- Postal code
- Selling locations
- Site installation date
- Custom templates
- Checkout settings
- WooCommerce subscription order data (switch count, revenue, resubscribe count, etc.)
Thread image
Thread image
Thread image
Thread image
Sybre Waaijer
@SybreWaaijer
This data includes email addresses and plugin author names, even for plugins not intended for public listing.

This is considered personal-identifiable information (PII).

Hence, having this tracking be opt-out instead of opt-in is a GDPR violation.

1. curia.europa.eu/juris/liste.js…
2. gdpr.eu/Recital-32-Con…
Thread image
Thread image
Sybre Waaijer
@SybreWaaijer
Out of curiosity, I reviewed the pull request that added tracking of the first and last 20 orders.

No explanation was provided as to why they needed this data.

Like much of WordPress, these decisions are made privately, leaving the public in the dark.

We only see the code. Never the why. Never the how. Never the plan.

And when we're invited to join the discussion, we're often ignored or overwritten.

WordPress is an open-source theater.

github.com/woocommerce/wo…
Sybre Waaijer
@SybreWaaijer
Additionally, the tracker spawns many PHP 8 deprecation notices in the logs and quickly exhausts memory thanks to badly developed queries.

These are easy to fix, but since they haven't, I can safely assume all WooCommerce developers have tracking disabled.
Sybre Waaijer
@SybreWaaijer
Also, when tracking is enabled, WooCommerce embeds a pixel in your admin area. So they don't just track your site's data but also your IP and how you're administrating it.

Pro dev tip: Stop creating hooks in your constructors. Instead, create a procedural file that contains all hooks. It makes your plugin easy to understand and super manageable. You can also remove all those "instances" you need only once.
Thread image
Thread image
Sybre Waaijer
@SybreWaaijer
Open-source software doesn't guarantee respect for its users. At WordPress, open source is uniquely used as a facade to hide dishonest practices.

This is why the community demands a new governance model that holds everyone accountable equally to ensure better software.
Sybre Waaijer
@SybreWaaijer
My next rant: WooCommerce's animated logo of inaccessibility and how they promised to remove it a year ago.

</🧡>
Generated by Thread Navigator
100%
view_carousel Carousel Studio NEW
Press ⌘ + S to quick-export