Connect with us

News

Fall of the Zamir: A Hate Symbol Enters and Exits WordPress.org

Published

on

z exception


How did a hate symbol get into WordPress.org’s plugin repository? What can we learn from the community response? Will more transparent governance help us navigate the age of weaponized open source?

At some point in the past few days, a Russian developer forked the “Stand with Ukraine” plugin, as Nate Conley later pointed out. The forked plugin’s author called it Zamir and made it “display the `Z` symbol in support of Russia.”

The plugin was submitted for review and approved.

This is not yet common knowledge, but the `Z` symbol has been used by the Russian government as a pro-war propaganda tool. It’s also being used by Russian civilians as a sign of support for the ongoing invasion of Ukraine.

Here is how the Zamir plugin page looked before it was taken down.

First Reactions on Twitter and Post Status Slack

When Zamir appeared in the WordPress plugin repository, it was very quickly noticed with many negative reactions on Twitter. Apart from complaints about the plugin being morally offensive, many people felt it violated the guidelines plugins must follow to be accepted in the WordPress.org repo.

While the reactions on Twitter exploded, so did a heated conversation in the main #club channel in Post Status Slack. There was concern about the plugin appearing on the “new plugin” list for all WordPress.com customers. Many people were unhappy with the initial email response the plugin team sent to Carl Hancock. (Carl was one of the first people to publicly notice the Zamir plugin. He quickly sent a request to the plugin team to take it down.)

Among Post Status members, the discussion was focused on whether the plugin should (or could) be removed under current guidelines. There was no disagreement on it being offensive, although not everyone knew about the Z symbol’s emerging significance. The lack of protocols and governance in place to handle a situation like this was noted by several people, including Lesley Sim:

You know what would be cool? If the guidelines had examples or precedents so that we would have something more tangible to go on. Not just subject to everyone’s interpretations which, clearly, we all seem to disagree on. Kinda like case law in the legal system.

The Openness of Making WordPress Despite Unclear Decision Procedures

The Making WordPress #pluginreview Slack channel had a Zamir discussion underway as well, including an initial response from Mika Epstein to confirm that the plugin had been approved. (Anyone interested in how WordPress gets made should read the open and transparent discussion of the team in that channel for context.)

Very quickly a number of people in the WordPress Foundation examined the situation and took some time to make a decision. The plugin as taken down and Josepha Haden Chomphosy posted an explanation of why the plugin violated community guidelines:

While it is true that there is no current plugin guideline barring plugins that “support” political leanings, this icon symbolizes something more complicated than that. Contributors were right to report this and, with their help and the help of WordPress community members, the plugin has been removed from the directory.

The fact that the plugin made it into the repo might have been an honest oversight. “The plugin’s description eluded initial plugin checks,” according to Josepha. It has nevertheless brought up some good questions on review procedures and governance. To Josepha’s credit she does this address this:

I am aware that this issue leads to natural questions about clarifying our plugin policies moving forward. I’ll work with the community to explore our guidelines and create a clearer framework for how plugins can be evaluated in the context of current events.

Don’t Assume the Worst of Others

Matt Mullenweg also shared some thoughts in Post Status Slack after the Zamir plugin’s takedown:

Thank you to everyone who raised this issue, regardless of how you did it… Extra thanks to people who did it in a way knowing there are humans on the other side of the screen, and sometimes it may take a few hours to respond to something. This moved pretty quickly, but if it had happened in the middle of the night on a holiday or something similar it could have taken longer.

100% promise there will be mistakes or things we reverse in the future. What’s important isn’t trying to avoid mistakes, as that’s impossible, but responding to them in a thoughtful and hopefully fast way. Please don’t bash people or teams for making a mistake, we’re all human and fallible.

Thank you as well to those who didn’t jump to conclusions based on this one plugin being up for a few hours.

It doesn’t seem there was any ill-will from anyone involved in the plugin’s entry into the repo or in the removal of some hostile “reviews” in the plugin support forum before its removal. I hope we can take a lesson from this and reexamine the plugin review policies, including how take-down requests work. The procedures and policies for removal need to be clear to everyone.

Post Status Postscript

The saddest and most concerning part of of this story — the thing that is not likely to go away soon — is how anger and suspicion quickly focused a very prejudicial eye on contributors who might be Russian and/or sympathetic to the Russian invasion of Ukraine. The WordPress Plugin Review team and a moderator in the Support Forum who is also on the Russian language Translation Team became the target of hasty scrutiny from the outside. Even within the Make WordPress Slack channels for those teams there was some emotional and accusatory communication.

That’s understandable; I had similar suspicions myself. But it underscores the very serious risks facing all open source projects now, as David and I emphasize in our discussion of “weaponized open source code.” Even using code as a form of political protest against specific nation may harm open source by dividing us with deep distrust.

It’s probably good to have gotten through this as a relatively harmless learning experience. It could have been worse.

And it may well get worse. It will definitely get more complicated.

Other scenarios come to mind. What if, instead of the ‘Z’ — a fairly explicit hate symbol — the flag of the Russian Federation had been used?

So what’s to be done, constructively? At a minimum, we need the greater transparency that’s increasingly being called for in the WordPress community. Clear guidelines, processes, and roles should provide clarity about who decides, and how they decide to include or exclude plugins, themes, and many other things.

Yes, it will always be messy, and there will always be mistakes. Project and community boundaries necessarily differ and disagree. That is exactly why everyone needs to know what the boundaries are and how they are negotiated.

— Dan Knauss





Source link

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.