Bluetrait

I just read an interesting post here about what data is sent to the Akismet servers. A surprising amount, including the whole $_SERVER array!

I wouldn't be too happy with that myself. Bluetrait's implementation of the Akismet client sends the following information:

Comment Author
Comment Author Email Address
Comment Author Website Address
Content of Comment
Author's IP Address
Type of Comment (i.e Trackback, Comment etc)

Bluetrait's implementation sends the following information:

Comment Author
Comment Author Email Address
Comment Author Website Address
Content of Comment
Author's IP Address
Type of Comment (i.e Trackback, Comment etc)

Plus the $_SERVER array with the following information removed:

'HTTP_COOKIE',
'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED_HOST',
'HTTP_MAX_FORWARDS',
'HTTP_X_FORWARDED_SERVER',
'REDIRECT_STATUS',
'SERVER_PORT',
'PATH',
'DOCUMENT_ROOT',
'SERVER_ADMIN',
'QUERY_STRING',
'PHP_SELF' ;

Unfortunately this is more than I first stated, I'm going to review the data being sent. It shouldn't contain any extra data that is personal.

EDIT: Some more info here. Looks like Akismet sends the all cookies that are from that domain. i.e anything the client (the person posting the comment) is logged into. The post is a bit old (2005) so this behavior may have changed.

EDIT2: I just checked the source code from WordPress 2.1.2 it looks like cookies are no longer sent, everything else still is.