WordPress.org

Make WordPress Core

Opened 3 months ago

Last modified 9 days ago

#43713 new enhancement

Privacy: Add a UI to allow administrators to disable individual embeds / oembeds

Reported by: allendav Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: trunk
Component: Privacy Keywords: privacy-roadmap gdpr needs-patch
Focuses: Cc:

Description

Builds on protecting our users from tracking that was introduced in https://core.trac.wordpress.org/ticket/41784

Embedded iframes allow 3rd parties to collect user's IP addresses and User Agents, to store and retrieve cookies on their browsers, to embed additional third party tracking, and monitor their interaction with that embedded content, including correlating your interaction with the content with their account with that service, if they are logged in to that service.

That means, especially when EU residents are visitors, that all that needs to be disclosed in the site's privacy policy.

To further improve site's users privacy, and give site owners more control over how their user's privacy is impacted (and how many 3rd party services they would need to disclose in their site's privacy policy) we should allow administrators to disable any/all embeds on their site.

This UI could live alongside the privacy page setting controls recently added to core.

Change History (14)

#1 @allendav
3 months ago

  • Keywords gdpr needs-patch added

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


3 months ago

#3 @swissspidy
3 months ago

  • Component changed from General to Embeds

#4 @allendav
3 months ago

  • Component changed from Embeds to General

Idea: maybe it could go on the Tools > Privacy page we added recently with the privacy policy page setting

#5 @allendav
3 months ago

  • Component changed from General to Embeds

Sorry @swissspidy - our edits collided :P

#6 @azaozz
3 months ago

  • Milestone changed from Awaiting Review to Future Release

Enforcing what can be embedded seems like good idea for sites with multiple authors and editors. This can be the beginning of a "content creation policy". However it's not as easy: editors can simply paste the embed code copied from source sites as they can post unfiltered_html. In addition to the above list of oEmbed providers, content can also be embedded form any WordPress site.

To do this right we'll need more stringent HTML filtering capabilities, and start filtering the HTML for admins and editors too (more specifically <script> and <iframe>). This is a big change that needs to be weighted from all possible angles.

For GDPR compliance purposes it would probably be enough to explain to the site owners that the privacy policy should cover all possible embeds. That's the case for existing content too, it won't be enough to just block embeds from some oEmbed providers.

Last edited 3 months ago by azaozz (previous) (diff)

#7 @azaozz
3 months ago

Thinking more about this: if an author "hotlinks" an image from another site, that site will still get the visitor's IP, browser UA, etc. Not sure how that affects the privacy policy...

#8 @allendav
3 months ago

That's a very good point. A site owner is ultimately responsible for what their authors do. I still think allowing admins to limit what embeds are rendered is appropriate step.

A separate ticket perhaps for adding a writing setting that disallows/strips 3rd party script, iframe and img tags from posts?

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


2 months ago

#10 @coreymckrill
2 months ago

There should probably be an equivalent UI in the Network Admin for enabling/disabling embeds across the entire network.

This ticket was mentioned in Slack in #gdpr-compliance by coreymckrill. View the logs.


7 weeks ago

#12 @desrosj
5 weeks ago

  • Component changed from Embeds to Privacy

Moving to the new Privacy component.

This ticket was mentioned in Slack in #core-privacy by allendav. View the logs.


3 weeks ago

#14 @desrosj
9 days ago

  • Keywords privacy-roadmap added
Note: See TracTickets for help on using tickets.