The Battle of Giants: WordPress vs. WP Engine and the Quest for Transparency

In recent weeks, the WordPress ecosystem has been abuzz with controversy surrounding the relationship between Automattic, the parent company of WordPress and WooCommerce, and WP Engine, a leading managed WordPress hosting provider.

This clash has highlighted not just a rivalry between two influential giants in the web development space but also the complexities of transparency and trust within the open-source community.

As discussions unfold, the focus has shifted to how financial incentives—often hidden from users—can impact their experiences and choices.

The crux of the matter lies in allegations that Automattic benefits from transaction commissions through its integration with Stripe, the popular payment processor. While many in the community question the ethical implications of such practices, the debate underscores a broader concern: the need for clarity and transparency in how these powerful entities operate and profit from their users.

Unpacking the Controversy

The discussion became interesting (for us) when Toni Q. M. raised alarm over claims that users of WooCommerce might not be fully aware of the financial arrangements tied to their transactions.

How was WP Engine able to create a business that was almost equal and grow bigger than Automattic? What does Automattic not have that WP Engine has? Capital? Are there any other big businesses built solely based on WordPress?

Some users alleged that Automattic could access transaction histories and customer data through their Stripe integration, suggesting that the company profits without adequate disclosure. In response, Fabio T. provided some clarification, asserting that Automattic's access is limited to basic transaction amounts, primarily related to partner commissions. But we must ask: what is the real point of this whole contention?

Tony Asked a Simple Question:

Hi everyone, I am a bit worried by a piece of code some redditors discovered on WooCommerce. Apparently WooCommerce sends Automattic's partner ID (referral) to Stripe every time you make a transaction with Stripe.

I am a bit suprised and concerned for some of my clients, as this could potentially violate the GDPR in my little understanding. This is why I am asking here to see if someone can clarify if it's good to use even with that code embedded or if it would theoretically be against GDPR.

Some Redditor user also developed a plugin, which apparently removes that bit of code. Not me and I'm not affiliated with them, only concerned. Link to WooCommerce Stripe code https://github.com/.../includes/class-wc-stripe-api.php...

Thank you!

impromptu :: As this issue captivates our interest, we feel compelled to share our own perspective, independent of any affiliations. Before we delve deeper, we'd like to offer our fictional viewpoint on the unfolding situation, highlighting the questions that we believe deserve honest exploration:

While the EU GDPR is frequently praised as a significant step toward protecting user privacy, it raises important questions reminiscent of the arguments made in Free Culture. Why does this legislation only extend to EU citizens or those within its borders? This selective enforcement seems to reflect a broader pattern where laws and technology are manipulated by powerful media interests to control culture and stifle creativity. Moreover, how can we truly enforce these regulations and prevent privacy violations when they often occur under the radar, concealed by complex financial arrangements and opaque deals? This situation highlights a hidden struggle over control and profit in the digital age, prompting us to reconsider the true impact of such regulations on our collective cultural landscape.

So, it is just a huge affiliation system incorporated into WC? With little to 0 public info about it? Nice…

Toni's concerns were not merely about profit-sharing; they also touched on compliance with European regulations requiring businesses to disclose when they earn commissions through referrals. As a developer, he expressed his obligation to inform clients of these potential commissions, underscoring the importance of transparency in business practices.

The debate quickly expanded beyond individual concerns. Venerous contributors like Vitalii K. and Renato Ć. weighed in on the larger implications for open-source software, arguing that users deserve to know if their software embeds partner IDs that can generate income for companies like Automattic (or, in this case, WP Engine - see example below).

Issues that got our attention:

" How does this violate GDPR? Theres no exchange of client/customer data. The reason this is big news is because WPEngines Stripe implementation hooks into this and replaces that partner ID with one of their own. (Which in my opinion regardless of your opinions on Matt is scummy behavior) " - by Brad T.

Sorry, but this seems like witch hunting, with some bad actors:

" Specifically, if those referrals are embedded in a product that is supposed to be open source and free to use. "

• So if that is not breaking any law, that would mean that OSS should never earn a penny. And maybe these things are how it could run as free software. Websites should be free also, and hosting probably they are around free OSS, all should be free.

Until Toni concluded: " this is my last reply because you don't seem to understand the issue. I am in a country where I must inform my clients if someone is making money off of them. Wether you like it or not. I don't like this obligation, but still have to comply. I thought the integration with Stripe didn't include any commission for Woo and as such I never informed my clients they were being referred by Auttomatic. For me, there is zero issue. I will inform my clients and end of story. However, my complain is that I have not been informed of this in any of WooCommerce's documentation which I have taken my time to read and understand. That is the only issue. Maybe you think it's nitpicking. I think so too, but I still have to inform my clients. "

" I believe if someone is making commissions with referrals that must be stated somewhere. Specifically if those referrals are embedded in a product which is supposed to be open source and free to use. I'm just trying to find where it is stated if it is. "

The sentiment echoed throughout the discussion

While many users appreciate the benefits of using established platforms, the lack of clear communication regarding financial arrangements raises questions about the integrity of those platforms.

In this complex landscape, opinions varied. Some participants downplayed the need for disclosure, suggesting that as long as these commissions do not directly affect user costs, transparency may not be critical. However, a growing number of voices emphasized that clearer communication from Automattic regarding its partnerships would foster trust and ensure that users are fully informed about the financial implications of their choices.

" Thank you for pushing to understand the situation, despite all the push back here. It “seems” fairly underhanded for a vendor to embed a money making link without disclosure. " - Nora H.

The discussion revealed a consensus that clearer documentation from WooCommerce regarding the partner ID and commission structure is necessary. As developers and users navigate this intricate web of partnerships and commissions, the call for transparency remains loud and clear.

16 Step Summary of the Heated Discussion Thread: There ain't anything like a free lunch

1. Toni Q. M.: Allegations surfaced that Automattic has full access to customers' transaction histories through Stripe, including the ability to process refunds. This raises serious concerns.
2. Fabio T.: Clarifies that Automattic only has access to basic transaction amounts related to partner commissions, as it operates like an affiliate link. He suggests testing this by signing up as a partner.
3. Toni Q. M.: Disagrees, pointing out that Stripe's terms allow for potential data sharing, though it remains uncertain if Automattic does this.
4. Fabio T.: Reiterates that the access is limited and clarifies the distinction between different types of partnerships.
5. Vitalii K.: Questions if this system is merely a large affiliate program with minimal public disclosure.
6. Fabio T.: Comments on the lack of transparency but insists that there are no GDPR violations since no client data is exchanged.
7. Toni Q. M.: Raises the concern that Automattic profiting from client transactions without informing them is problematic.
8. Arnaud D. A. II: Argues that users should read the terms they accept, emphasizing the importance of understanding these agreements.
9. Nora H.: Supports Toni's push for clarity, suggesting that undisclosed profit-sharing practices seem underhanded.
10. Samuel W.: Questions why Toni cares about the profit-sharing, asserting it doesn't affect end users directly.
11. Brenda M.: Points out the legal obligation in Spain to disclose affiliate earnings.
12. Dave K.: Suggests potential violations due to the lack of disclosure from Automattic.
13. Jeremy H.: Clarifies that there may be indications in WooCommerce policies regarding the commission structure.
14. Jordan T.: Asks for links to related discussions and encourages more transparency in the original post.
15. Toni Q. M.: Stresses the need for clear disclosures about profit-sharing within the WooCommerce framework, particularly for compliance.
16. Carlos A.: Suggests that the business model isn't unusual, but transparency is key.

impromptu :: The phrase "There ain't no such thing as a free lunch" suggests that it's impossible to get something for nothing. It implies that even if something appears to be free, there are usually hidden costs or trade-offs involved. The expression is often used to highlight the idea that resources are limited, and someone always pays for goods or services in some way, whether directly or indirectly. It's a reminder to be skeptical of offers that seem too good to be true.

WooCommerce Stripe Payment Gateway: Does each coin must have only thrice the sides?

In a traditional sense, no, a coin has two sides: heads and tails. However, in a metaphorical or philosophical context, the idea of "sides" can be more complex.

For instance, situations, decisions, or issues often have multiple perspectives or dimensions beyond just two. So while a physical coin may have two sides, many concepts in life can encompass a broader range of views.

But this thread illustrates a tension between user rights to know about profit-sharing and the practices of a large company. Many contributors call for better communication and transparency regarding commissions earned through partnerships, especially in the context of GDPR compliance.

The main promise of the WooCommerce Stripe Payment Gateway is to provide a seamless and secure way for online businesses to accept payments:

Accept Visa, MasterCard, American Express, Discover, JCB, Diners Club, SEPA, iDEAL, giropay, Alipay, and more directly on your store with the Stripe payment gateway for WooCommerce, including Apple Pay, Google Pay, and Microsoft Pay for mobile and desktop. And why? See for yourself:

Downloads history (today)

WooCommerce Stripe Payment Gateway integrates Stripe’s powerful payment processing capabilities directly into WooCommerce, allowing merchants to handle transactions efficiently. Key features include:

1. Multiple Payment Options: Support for various payment methods, including credit/debit cards, Apple Pay, and Google Pay.
2. Security: Enhanced security measures, including PCI compliance and tokenization, to protect sensitive customer information.
3. User Experience: A smooth checkout process that can improve conversion rates, with options for customizable payment forms.
4. Global Reach: Ability to accept payments from customers around the world, with support for multiple currencies.
5. Recurring Payments: Functionality for subscription-based products and services.

Overall, the WooCommerce Stripe Payment Gateway aims to streamline the payment process for both merchants and customers while ensuring security and flexibility. There's nothing as a free lunch, for transparency, privacy, anonymity etc .. ?

Final Dialogue Summary

The final dialogue highlights a crucial privacy concern raised by Toni Q. M. regarding the lack of transparency in WooCommerce’s handling of payment data.

Toni Q. M. emphasizes that when a plugin operates on a user's website to generate revenue without their knowledge, it raises legitimate privacy issues. This sentiment is echoed by Brad T. and Peter N., who question whether such concerns should be considered a privacy policy issue:

Toni Q. M. "I can't find any info in WooCommerce Privacy Policy, not even in the one specific for payments: WooCommerce Privacy Policy."

Brad T. "Toni Q. M., I don’t mean any offence — but it sounds like you’re searching for an issue that doesn’t really exist in the context you’ve brought it up in. What makes you think they need to outline this in some sort of privacy policy? The functionality has nothing to do with data protection regulations."

Peter N. "Toni Q. M., how is this a privacy policy issue?"

Toni Q. M. "Peter N., at the moment that you place something on my website to earn money from it, without me knowing it. At that precise moment, it is a privacy issue."

From our perspective, this conversation underscores the phrase "there's no such thing as a free lunch."

A narrow example from WooCommerce Privacy Policy affecting only end-users? "If you choose to accept payments through a gateway like Stripe or PayPal, some of your — and your customers’ — data will be passed to the respective third party, including information required to process or support the payment, such as the purchase total and your customer’s billing information. We recommend that store owners disclose that they are sharing information with payment providers in their privacy policy."

If a service or plugin is generating income through user interactions without offering users a clear and informed choice, it fundamentally undermines the principles of transparency and user consent.

We agree that users must be given the option to decide whether to include such functionalities in their web stores. For instance, Automattic, as the owner of WooCommerce, (or any other) should explicitly state (in their privacy policy) when and how it benefits from transactions processed through the WooCommerce Stripe plugin.

Moreover, the ongoing conflicts among providers that lead to the manipulation of partner IDs further complicate the situation, ultimately affecting all users.

A straightforward, transparent approach—one that informs users of any financial implications and gives them the ability to opt-in or opt-out—would foster trust and ensure that user privacy is respected.

This is not just about compliance with regulations but about building a user-centric ecosystem where transparency is prioritized.

In light of the passionate discussions surrounding digital privacy and corporate practices of interconnected devices the chain is as strong as its weakest link

As the battle between giants unfolds, it is evident that the WordPress community is grappling with fundamental questions about trust, transparency, and the ethical implications of financial practices.

impromptu :: copy blob with allegations of abuse of power, extortion, and greed - get the dogs out?

The recent events involving Automattic and WP Engine serve as a reminder of the importance of open communication in the software industry. As users advocate for clearer policies and greater accountability, the hope is that these discussions will pave the way for a more transparent and trustworthy ecosystem, where the interests of users and developers alike are prioritized.

The chain, as strong as its weakest link

In light of the ongoing protests around the world and the passionate discussions surrounding digital privacy and corporate practices, a dialogue like the one above can easily become compromised when it relies on contentious resources.

For instance, if a conversation draws from a Reddit article titled "How to Protest Against Matt," the context can shift dramatically.

Such a title suggests an adversarial stance against WordPress CEO Matt Mullenweg, potentially framing the discussion in a negative light and inciting further division among users. Rather than fostering constructive dialogue, it risks escalating tensions and reducing nuanced conversation to mere protests or complaints.

When discussions about corporate transparency and user trust are influenced by provocative sources, it can overshadow legitimate concerns with sensationalism. This can lead to misunderstandings, where the focus shifts from the critical issues at hand—like data access and privacy rights—to personal grievances or targeted protests against individuals.

A bottom-line nonsense: while grassroots movements and protests can be powerful, relying on polarizing resources can undermine the integrity of discussions that aim to address complex issues in the tech landscape.

impromptu :: is it time to move on (domain owners abandoning WordPress developer community)?