Opened 7 years ago
Last modified 5 years ago
#43713 new enhancement
Privacy: Add a UI to allow administrators to disable individual embeds / oembeds
Reported by: | allendav | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | 5.1 |
Component: | Embeds | Keywords: | privacy-roadmap needs-patch has-screenshots |
Focuses: | privacy | Cc: |
Description
Builds on protecting our users from tracking that was introduced in https://core.trac.wordpress.org/ticket/41784
Embedded iframes allow 3rd parties to collect user's IP addresses and User Agents, to store and retrieve cookies on their browsers, to embed additional third party tracking, and monitor their interaction with that embedded content, including correlating your interaction with the content with their account with that service, if they are logged in to that service.
That means, especially when EU residents are visitors, that all that needs to be disclosed in the site's privacy policy.
To further improve site's users privacy, and give site owners more control over how their user's privacy is impacted (and how many 3rd party services they would need to disclose in their site's privacy policy) we should allow administrators to disable any/all embeds on their site.
This UI could live alongside the privacy page setting controls recently added to core.
Attachments (8)
Change History (28)
This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.
7 years ago
#6
@
7 years ago
- Milestone changed from Awaiting Review to Future Release
Enforcing what can be embedded seems like good idea for sites with multiple authors and editors. This can be the beginning of a "content creation policy". However it's not as easy: editors can simply paste the embed code copied from source sites as they can post unfiltered_html
. In addition to the above list of oEmbed providers, content can also be embedded form any WordPress site.
To do this right we'll need more stringent HTML filtering capabilities, and start filtering the HTML for admins and editors too (more specifically <script>
and <iframe>
). This is a big change that needs to be weighted from all possible angles.
For GDPR compliance purposes it would probably be enough to explain to the site owners that the privacy policy should cover all possible embeds. That's the case for existing content too, it won't be enough to just block embeds from some oEmbed providers.
#7
@
7 years ago
Thinking more about this: if an author "hotlinks" an image from another site, that site will still get the visitor's IP, browser UA, etc. Not sure how that affects the privacy policy...
#8
@
7 years ago
That's a very good point. A site owner is ultimately responsible for what their authors do. I still think allowing admins to limit what embeds are rendered is appropriate step.
A separate ticket perhaps for adding a writing setting that disallows/strips 3rd party script, iframe and img tags from posts?
This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.
7 years ago
#10
@
7 years ago
There should probably be an equivalent UI in the Network Admin for enabling/disabling embeds across the entire network.
This ticket was mentioned in Slack in #gdpr-compliance by coreymckrill. View the logs.
7 years ago
This ticket was mentioned in Slack in #core-privacy by allendav. View the logs.
7 years ago
#17
@
6 years ago
- Keywords has-screenshots added
Attached three examples that I came across this week. One is on DuckDuckGo, and the other two are on Medium. I like the approach and think it could translate nicely to what the user sees on the front end.
Idea: maybe it could go on the Tools > Privacy page we added recently with the privacy policy page setting