The Limits of Anonymity on

Not long after I began working here at Automattic, I transferred the vast majority of my personal sites over to (I keep a couple of sites for testing core stuff on an external host.) I did this because there are tremendous advantages to the platform, including what is amazing reliability, faster sites—especially compared to shared hosts, and some features that are unique to and don’t exist currently for core WordPress installations.

(My favorite of those features is Post by Email, and I actually have planned a series of posts talking about the nifty things you get by having your site at That’s another post or three, though.)

When I was using self-hosted WordPress to design and manage my sites, I was in complete control—or at least in full knowledge—of all of the data, including logs and database information. This meant that I had a pretty good understanding of what of my personal information was being kept, stored, or made available to my host and other parties.

When you’re on, you don’t have access to that information. We’re asked occasionally what information we keep or what personal information is available to someone if we are asked. This week, we published a support page that can be found here that spells out exactly what information we keep and how it can be divulged to third parties. I think this is a great thing to publish for the benefit of our users and to be up-front with them regarding their personal and identifying information.

To quote the support page, here’s the personally identifying information we keep:

We keep the following private data about sites and users:

  • The email address used to create a blog
  • The IP address from which the blog was created
  • The date and time when a blog was created
  • The IP addresses from which blog posts have been published
  • The email and IP addresses of anyone who has left a comment on a blog

Note that, as the article mentions, all of this data is bound by Automattic’s stated privacy policy. This is good.

However, it also means that is not a truly anonymous service. You should keep that in mind when you are signing up for the service and as you are using it. This information is enough to positively identify people in a lot of cases.

This is a lot less information than most service providers collect. For myself, on my self-hosted site on a shared host, I know that at least the following is collected on my activities:

  • My name, billing address, and credit card number
  • The access logs whenever I would FTP or SSH into the site, and likely most actions performed there as well
  • Access logs, including IP addresses, from all users who visited my site
  • My personal information required for WHOIS (and purchasing private registration is not a shield, but without it this information is even publicly available)

Remember that to a court, this information is fair game. It can be subpoenaed or ordered to be turned over by a judge if someone has good cause to request it—and in a lot of cases, providers of the services you use may not tell you the full extent of what they collect or the details behind this information. This is why I’m personally quite happy that we published this support page, to put the information in your hands and help you make an informed decision when choosing whether to use our services at

(As I mentioned above, I’ll try to give you some more really awesome reasons why you should join us in future posts.)

5 comments on “The Limits of Anonymity on

Comment navigation

  1. But you can anonymize all of those things rather easily. As long as you don’t buy any upgrades, you can be pretty invisible if you know what you’re doing.

  2. Very interesting information. Do you know how long WordPress keeps a record of the IP addresses from which blog posts have been published? Is it forever, or is it just the most recent X period of time (e.g. last 3 months).

Comments are closed.