Make WordPress Core

Opened 7 years ago

Last modified 5 years ago

#43713 new enhancement

Privacy: Add a UI to allow administrators to disable individual embeds / oembeds

Reported by: allendav's profile allendav Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 5.1
Component: Embeds Keywords: privacy-roadmap needs-patch has-screenshots
Focuses: privacy Cc:

Description

Builds on protecting our users from tracking that was introduced in https://core.trac.wordpress.org/ticket/41784

Embedded iframes allow 3rd parties to collect user's IP addresses and User Agents, to store and retrieve cookies on their browsers, to embed additional third party tracking, and monitor their interaction with that embedded content, including correlating your interaction with the content with their account with that service, if they are logged in to that service.

That means, especially when EU residents are visitors, that all that needs to be disclosed in the site's privacy policy.

To further improve site's users privacy, and give site owners more control over how their user's privacy is impacted (and how many 3rd party services they would need to disclose in their site's privacy policy) we should allow administrators to disable any/all embeds on their site.

This UI could live alongside the privacy page setting controls recently added to core.

Attachments (8)

duckduckgo.png (351.0 KB) - added by desrosj 6 years ago.
medium-abbreviated.png (30.2 KB) - added by desrosj 6 years ago.
medium-long-version.png (241.2 KB) - added by desrosj 6 years ago.
screenshota.PNG (39.4 KB) - added by arena 6 years ago.
screenshot 1 : existing privacy settings page
screenshotb.PNG (17.5 KB) - added by arena 6 years ago.
screenshot 2 : could be new privacy settings page
screenshotc.PNG (21.7 KB) - added by arena 6 years ago.
screenshot 3 : Help overview
screenshotd.PNG (19.3 KB) - added by arena 6 years ago.
screenshot 4 : help oEmbed
screenshote.PNG (29.5 KB) - added by arena 6 years ago.
screenshot 5 : help privacy page

Download all attachments as: .zip

Change History (28)

#1 @allendav
7 years ago

  • Keywords gdpr needs-patch added

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


7 years ago

#3 @swissspidy
7 years ago

  • Component changed from General to Embeds

#4 @allendav
7 years ago

  • Component changed from Embeds to General

Idea: maybe it could go on the Tools > Privacy page we added recently with the privacy policy page setting

#5 @allendav
7 years ago

  • Component changed from General to Embeds

Sorry @swissspidy - our edits collided :P

#6 @azaozz
7 years ago

  • Milestone changed from Awaiting Review to Future Release

Enforcing what can be embedded seems like good idea for sites with multiple authors and editors. This can be the beginning of a "content creation policy". However it's not as easy: editors can simply paste the embed code copied from source sites as they can post unfiltered_html. In addition to the above list of oEmbed providers, content can also be embedded form any WordPress site.

To do this right we'll need more stringent HTML filtering capabilities, and start filtering the HTML for admins and editors too (more specifically <script> and <iframe>). This is a big change that needs to be weighted from all possible angles.

For GDPR compliance purposes it would probably be enough to explain to the site owners that the privacy policy should cover all possible embeds. That's the case for existing content too, it won't be enough to just block embeds from some oEmbed providers.

Last edited 7 years ago by azaozz (previous) (diff)

#7 @azaozz
7 years ago

Thinking more about this: if an author "hotlinks" an image from another site, that site will still get the visitor's IP, browser UA, etc. Not sure how that affects the privacy policy...

#8 @allendav
7 years ago

That's a very good point. A site owner is ultimately responsible for what their authors do. I still think allowing admins to limit what embeds are rendered is appropriate step.

A separate ticket perhaps for adding a writing setting that disallows/strips 3rd party script, iframe and img tags from posts?

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


7 years ago

#10 @coreymckrill
7 years ago

There should probably be an equivalent UI in the Network Admin for enabling/disabling embeds across the entire network.

This ticket was mentioned in Slack in #gdpr-compliance by coreymckrill. View the logs.


7 years ago

#12 @desrosj
7 years ago

  • Component changed from Embeds to Privacy

Moving to the new Privacy component.

This ticket was mentioned in Slack in #core-privacy by allendav. View the logs.


7 years ago

#14 @desrosj
6 years ago

  • Keywords privacy-roadmap added

#15 @swissspidy
6 years ago

  • Component changed from Privacy to Embeds
  • Focuses privacy added

#16 @desrosj
6 years ago

  • Keywords gdpr removed

@desrosj
6 years ago

#17 @desrosj
6 years ago

  • Keywords has-screenshots added

Attached three examples that I came across this week. One is on DuckDuckGo, and the other two are on Medium. I like the approach and think it could translate nicely to what the user sees on the front end.

This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.


6 years ago

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.


6 years ago

@arena
6 years ago

screenshot 1 : existing privacy settings page

@arena
6 years ago

screenshot 2 : could be new privacy settings page

@arena
6 years ago

screenshot 3 : Help overview

@arena
6 years ago

screenshot 4 : help oEmbed

@arena
6 years ago

screenshot 5 : help privacy page

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.


5 years ago

Note: See TracTickets for help on using tickets.