WordPress.org

Make WordPress Core

Opened 18 months ago

Last modified 8 months ago

#43713 new enhancement

Privacy: Add a UI to allow administrators to disable individual embeds / oembeds

Reported by: allendav Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 5.1
Component: Embeds Keywords: privacy-roadmap needs-patch has-screenshots
Focuses: privacy Cc:

Description

Builds on protecting our users from tracking that was introduced in https://core.trac.wordpress.org/ticket/41784

Embedded iframes allow 3rd parties to collect user's IP addresses and User Agents, to store and retrieve cookies on their browsers, to embed additional third party tracking, and monitor their interaction with that embedded content, including correlating your interaction with the content with their account with that service, if they are logged in to that service.

That means, especially when EU residents are visitors, that all that needs to be disclosed in the site's privacy policy.

To further improve site's users privacy, and give site owners more control over how their user's privacy is impacted (and how many 3rd party services they would need to disclose in their site's privacy policy) we should allow administrators to disable any/all embeds on their site.

This UI could live alongside the privacy page setting controls recently added to core.

Attachments (8)

duckduckgo.png (351.0 KB) - added by desrosj 11 months ago.
medium-abbreviated.png (30.2 KB) - added by desrosj 11 months ago.
medium-long-version.png (241.2 KB) - added by desrosj 11 months ago.
screenshota.PNG (39.4 KB) - added by arena 7 months ago.
screenshot 1 : existing privacy settings page
screenshotb.PNG (17.5 KB) - added by arena 7 months ago.
screenshot 2 : could be new privacy settings page
screenshotc.PNG (21.7 KB) - added by arena 7 months ago.
screenshot 3 : Help overview
screenshotd.PNG (19.3 KB) - added by arena 7 months ago.
screenshot 4 : help oEmbed
screenshote.PNG (29.5 KB) - added by arena 7 months ago.
screenshot 5 : help privacy page

Download all attachments as: .zip

Change History (27)

#1 @allendav
18 months ago

  • Keywords gdpr needs-patch added

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


18 months ago

#3 @swissspidy
18 months ago

  • Component changed from General to Embeds

#4 @allendav
18 months ago

  • Component changed from Embeds to General

Idea: maybe it could go on the Tools > Privacy page we added recently with the privacy policy page setting

#5 @allendav
18 months ago

  • Component changed from General to Embeds

Sorry @swissspidy - our edits collided :P

#6 @azaozz
18 months ago

  • Milestone changed from Awaiting Review to Future Release

Enforcing what can be embedded seems like good idea for sites with multiple authors and editors. This can be the beginning of a "content creation policy". However it's not as easy: editors can simply paste the embed code copied from source sites as they can post unfiltered_html. In addition to the above list of oEmbed providers, content can also be embedded form any WordPress site.

To do this right we'll need more stringent HTML filtering capabilities, and start filtering the HTML for admins and editors too (more specifically <script> and <iframe>). This is a big change that needs to be weighted from all possible angles.

For GDPR compliance purposes it would probably be enough to explain to the site owners that the privacy policy should cover all possible embeds. That's the case for existing content too, it won't be enough to just block embeds from some oEmbed providers.

Last edited 18 months ago by azaozz (previous) (diff)

#7 @azaozz
18 months ago

Thinking more about this: if an author "hotlinks" an image from another site, that site will still get the visitor's IP, browser UA, etc. Not sure how that affects the privacy policy...

#8 @allendav
18 months ago

That's a very good point. A site owner is ultimately responsible for what their authors do. I still think allowing admins to limit what embeds are rendered is appropriate step.

A separate ticket perhaps for adding a writing setting that disallows/strips 3rd party script, iframe and img tags from posts?

This ticket was mentioned in Slack in #gdpr-compliance by allendav. View the logs.


17 months ago

#10 @coreymckrill
17 months ago

There should probably be an equivalent UI in the Network Admin for enabling/disabling embeds across the entire network.

This ticket was mentioned in Slack in #gdpr-compliance by coreymckrill. View the logs.


17 months ago

#12 @desrosj
16 months ago

  • Component changed from Embeds to Privacy

Moving to the new Privacy component.

This ticket was mentioned in Slack in #core-privacy by allendav. View the logs.


16 months ago

#14 @desrosj
15 months ago

  • Keywords privacy-roadmap added

#15 @swissspidy
15 months ago

  • Component changed from Privacy to Embeds
  • Focuses privacy added

#16 @desrosj
15 months ago

  • Keywords gdpr removed

@desrosj
11 months ago

#17 @desrosj
11 months ago

  • Keywords has-screenshots added

Attached three examples that I came across this week. One is on DuckDuckGo, and the other two are on Medium. I like the approach and think it could translate nicely to what the user sees on the front end.

This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.


11 months ago

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.


8 months ago

@arena
7 months ago

screenshot 1 : existing privacy settings page

@arena
7 months ago

screenshot 2 : could be new privacy settings page

@arena
7 months ago

screenshot 3 : Help overview

@arena
7 months ago

screenshot 4 : help oEmbed

@arena
7 months ago

screenshot 5 : help privacy page

Note: See TracTickets for help on using tickets.