Easy Digital Downloads (EDD) is an open source WordPress plugin that enables individuals and companies to sell digital products online. Many WordPress plugin development companies use EDD to their handle software licensing.
EDD has a ‘Join the EDD Community’ option under the ‘Misc’ tab in the plugin settings page. This used to be called ‘Usage Tracking’.
Here is what EDD states ‘Join the EDD Community’ is for:
“Help us provide a better experience and faster fixes by sharing some anonymous data about how you use Easy Digital Downloads.”
It is important to note that this feature does not actually join you to any specific online community. Instead, it enables data tracking to help improve the plugin’s functionality and user experience.
So what does ‘Join the EDD Community’ actually mean and what data do you share with EDD if you enable this feature?
If usage tracking is enabled, EDD sends data to their server every week. This is called a ‘checkin’.
In an article on the EDD website entitled ‘What information will be tracked by opting into usage tracking?‘ they state what a checkin will provide them with:
Aggregated Store Stats: … Stats related to orders, the gateways that are used, how frequently they process refunds and similar data help us make sure our features and updates get tested in situations that closely match our customers’ site environments and Easy Digital Downloads usage. That way we can be sure those additions will work great for everyone. Don’t worry though, again, we intentionally built this in a way that does not send identifying information.
A few important points here:
- The data is not entirely aggregated. Your past weeks sales figures are pushed on a weekly basis. The last 30 days and all time sales figures are also sent (both the number and value of orders).
- The IP address of your server is, unavoidably, sent with every checkin. That being said EDD have stated that they do not store IP addresses and have removed all access logs from their servers. EDD also anonymize and redact other elements of the checkin requests (see below).
- The term ‘similar data’ effectively means EDD can, in a future plugin update, push any data they wish to their server.
What Data Does EDD Receive?
The data EDD receives as part of each checkin includes, but is not limited to:
Sales
- For all payment gateways
- Lifetime
- Sales count
- Sales amount
- Refund count
- Refund amount
- Last 30 days
- Sales count
- Sales amount
- Refund count
- Refund amount
- Last week
- Sales count
- Sales amount
- Refund count
- Refund amount
- Lifetime
The above statistics are also sent split by each payment gateway type.
Given that this data is sent every week while usage data is enabled, EDD effectively have a log of your weekly sales. The UUID allows EDD to relate checkins to the same website The data is therefore not technically aggregated once the second checkin occurs and thereafter. It can effectively be chained together into weekly statistics using this UUID.
Environment
This includes information about the server and WordPress settings
- PHP version
- WordPress version
- EDD version
- EDD PRO (yes/no)
- Site locale
- Activated theme name (Your site name is redacted if it is contained within the theme name)
- Multi-site (yes/no)
- SSL (yes/no)
- Stripe connect (yes/no)
Integrations (Plugins)
A list of all the plugins installed and activated in WordPress.
Licenses
A list of any EDD licenses installed and whether they are valid or not.
Settings
- Country
- Currency
- Post ID of purchase page
- Post ID of success page
- Post ID of failure page
- Post ID of purchase history page
- Post ID of login redirect page
- Stripe payment gateway enabled (yes/no)
- PayPal payment gateway enabled (yes/no)
- Credit card types accepted
- Invoice starting ID
Statistics
- Total activated
- Total pro activated
- Date of first order
- Number of products
- Pass ID (Highest product level licensed)
Is The Usage Data Anonymous?
Remote IP
The the IP address of the website EDD is sending the checkin request from is not and typically cannot be anonymized. Therefore the IP address of your website will be sent with every checkin request. This, in some cases, could be used to determine which website a checkin is being made from.
However, EDD state that they do not store IP addresses, have removed all server access logs and have configured their servers to not store IP addresses in any way. This ensures the UUID and IP address cannot be married together.
Theme Name
Another element that could potentially be used to identify a website is the theme name (Sent in the Environment data). If a website has a custom theme it is possible the name of the theme could be that of the website itself.
As of version 3.2.5 EDD obscures any references to your site name with asterisks. This means if your theme name matches or contains the site name configured in WordPress Settings > General, it will be redacted. So, if your theme name contains your site name, ensure it matches exactly.
How Usage Data is Sent to EDD
The tracking methods can be found in the EDD_Tracking class. The class can be found here:
includes/admin/tracking.php
View on github
The data methods can be found in the EDD_Telemetry\Data class. The class can be found here:
src/Telemetry/Data.php
View on github
The Data class is supported by the following classes for gathering the various types of data sent to EDD:
src/Telemetry/Environment.php
View on github
src/Telemetry/Integrations.php
View on github
src/Telemetry/Licenses.php
View on github
src/Telemetry/Orders.php
View on github
src/Telemetry/Settings.php
View on github
src/Telemetry/Stats.php
View on github
EDD sends usage data using the WordPress function
wp_remote_post to the follow endpoint as a POST request:
https://telemetry.easydigitaldownloads.com/v1/checkin/
When WordPress makes an HTTP request, the agent string is normally set to something such as:
WordPress/<version>; https://<your hostname>
When EDD makes a checkin, this agent string is anonymized to:
EDD/<version>; <telemetry uuid>
The Telemetry UUID is a unique identifier that is sent with each checkin. It is generated once and stored in the WordPress options table under the key edd_telemetry_uuid
. It is made up of the following MD5 hash:
- Home Page URL
wp_generate_uuid4()
gmdate( 'now' );
This provides a perfectly adequate random UUID. This UUID is sent each time the checkin occurs so that EDD can relate each request with the same source.
Summary
Although EDD makes some good attempts at anonymizing the data, there are ways in which they could potentially tie the UUID back to your particular store. Granted, in most cases this would not be possible.
By enabling ‘Join the EDD Community’ you are sharing your weekly, last 30 days and all time sales and refund figures with EDD on a weekly basis.
EDD claim that obtaining this information helps EDD “provide a better experience” and “faster fixes”.
EDD make good efforts at anonymizing your data before it is sent to them.
Resources
The following resources were used to collate the data used in this article.
- Easy Digital Downloads – Version 3.1.1.3
- Webhook.site (To analyze usage tracking data)
The data was collected on March 23, 2023.
I am grateful to the EDD team for providing updates for this document to ensure it is accurate.