Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#43932 closed defect (bug) (worksforme)

Is there any admin setting to enable Do Not Track for Twitter embeds? (Or does Twitter no longer respect dnt?)

Reported by: danyork's profile DanYork Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.5
Component: Embeds Keywords:
Focuses: Cc:


This is a follow-up to #41784.

Question - is there any admin setting I need to change to have the blocking in #41784 take effect? Or should it just be happening automatically for all oEmbed providers?

On my WP 4.9.5 sites, every time I drop the URL for a tweet into the editor, I get the nice embedded view - but I also wind up with two trackers from Twitter on my site.

Ticket #41784 seems like it should have passed along the "dnt" query parameter, which should have indicated to Twitter that I did not want the trackers. So my guess at this point is that either:

  1. There is a setting somewhere to enable this that I have not turned on; or
  1. Twitter is no longer respecting the (voluntary) "dnt" parameter.

Any insight would be greatly appreciated. Thanks!

Change History (5)

This ticket was mentioned in Slack in #gdpr-compliance by danyork. View the logs.

6 years ago

#2 @swissspidy
6 years ago

  • Keywords reporter-feedback added

Yeah the dnt parameter should be added to all embeds automatically since [41345].

There's no admin page or any setting you need to change.

Opening should return the oEmbed result data where the actual HTML looks like <blockquote class="twitter-tweet" data-dnt="true". So that is what WordPress is printing on the page. Can you confirm that you see data-dnt in the source code when embedding a tweet?

Worth noting Twitter's description of the dnt parameter:

When set to true, the Tweet and its embedded page on your site are not used for purposes that include personalized suggestions and personalized ads.

So it's still possible that Twitter loads some scripts, just that it doesn't do anything with the data. Plus, you might have some other Twitter scripts on your site, e.g. a tweet or follow button.

This ticket was mentioned in Slack in #core-media by antpb. View the logs.

6 years ago

#4 @DanYork
6 years ago

@swissspidy - Ah, thanks for the info. Here is an example on a test site where I dropped in a Twitter URL:

When I look at the source code for that page, I do indeed see the dnt parameter:

<figure class="wp-block-embed is-type-rich is-provider-twitter">
    <blockquote class="twitter-tweet" data-width="525" data-dnt="true"><p lang="en" dir="ltr">That moment when you take a long, deep breath before opening your work email and Slack after being completely offline for a week&#8230;&#8230;&#8230;&#8230;&#8230;</p>&mdash; Dan York (@danyork) <a href="">April 30, 2018</a></blockquote><script async src="" charset="utf-8"></script>

However, when I look at Privacy Badger for that page, I do see both:


as trackers.


Presumably this is coming in from this part of the code:

<script async src="" charset="utf-8"></script>

So my question is answered, in that the "dnt" parameter *IS* being correctly added.

However, in the case of Twitter they seem to be continuing to add trackers to my pages, even though they may or may not be doing anything with the data. Or they may be using the data for their own purposes, but as they say, not for "personalized suggestions and personalized ads".

#5 @swissspidy
6 years ago

  • Keywords reporter-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to worksforme
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.