Opened 7 years ago
Closed 7 years ago
#43932 closed defect (bug) (worksforme)
Is there any admin setting to enable Do Not Track for Twitter embeds? (Or does Twitter no longer respect dnt?)
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.9.5 |
Component: | Embeds | Keywords: | |
Focuses: | Cc: |
Description
This is a follow-up to #41784.
Question - is there any admin setting I need to change to have the blocking in #41784 take effect? Or should it just be happening automatically for all oEmbed providers?
On my WP 4.9.5 sites, every time I drop the URL for a tweet into the editor, I get the nice embedded view - but I also wind up with two trackers from Twitter on my site.
Ticket #41784 seems like it should have passed along the "dnt" query parameter, which should have indicated to Twitter that I did not want the trackers. So my guess at this point is that either:
- There is a setting somewhere to enable this that I have not turned on; or
- Twitter is no longer respecting the (voluntary) "dnt" parameter.
Any insight would be greatly appreciated. Thanks!
Change History (5)
This ticket was mentioned in Slack in #gdpr-compliance by danyork. View the logs.
7 years ago
This ticket was mentioned in Slack in #core-media by antpb. View the logs.
7 years ago
#4
@
7 years ago
@swissspidy - Ah, thanks for the info. Here is an example on a test site where I dropped in a Twitter URL:
http://danyork.org/2018/05/02/test-with-an-embedded-tweet/
When I look at the source code for that page, I do indeed see the dnt
parameter:
<figure class="wp-block-embed is-type-rich is-provider-twitter"> <blockquote class="twitter-tweet" data-width="525" data-dnt="true"><p lang="en" dir="ltr">That moment when you take a long, deep breath before opening your work email and Slack after being completely offline for a week……………</p>— Dan York (@danyork) <a href="https://twitter.com/danyork/status/990917186461093889?ref_src=twsrc%5Etfw">April 30, 2018</a></blockquote><script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script> </figure>
However, when I look at Privacy Badger for that page, I do see both:
- platform.twitter.com
- syndication.twitter.com
as trackers.
Presumably this is coming in from this part of the code:
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>
So my question is answered, in that the "dnt" parameter *IS* being correctly added.
However, in the case of Twitter they seem to be continuing to add trackers to my pages, even though they may or may not be doing anything with the data. Or they may be using the data for their own purposes, but as they say, not for "personalized suggestions and personalized ads".
Yeah the
dnt
parameter should be added to all embeds automatically since [41345].There's no admin page or any setting you need to change.
Opening https://publish.twitter.com/oembed?url=https://twitter.com/swissspidy/status/991317230486016001&dnt=true should return the oEmbed result data where the actual HTML looks like
<blockquote class="twitter-tweet" data-dnt="true"
. So that is what WordPress is printing on the page. Can you confirm that you seedata-dnt
in the source code when embedding a tweet?Worth noting Twitter's description of the
dnt
parameter:So it's still possible that Twitter loads some scripts, just that it doesn't do anything with the data. Plus, you might have some other Twitter scripts on your site, e.g. a tweet or follow button.