Make WordPress Core

Opened 7 weeks ago

Last modified 4 weeks ago

#43958 new enhancement

Pingbacks Trackbacks and Data Export/Deletion/GDPR

Reported by: dshanske Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Privacy Keywords: gdpr close
Focuses: Cc:


Being as there is all this talk about the ability to export or request deletion of data, we aren't factoring in the fact that these comments have no email address, only a URL.

In the successor to Pingbacks and Trackbacks, Webmention, the specification supports updating/deleting a webmention by sending a new one. https://www.w3.org/TR/webmention/#updating-existing-webmentions

Pingbacks and trackbacks have no such facility. While sending a ping is a clear indication of permission for a site to link to you(Otherwise why do it), there should be a way to hook into the new systems that supports this rather than building a separate one.

Looking for ideas on this one.

Change History (7)

This ticket was mentioned in Slack in #gdpr-compliance by dshanske. View the logs.

7 weeks ago

#2 @xkon
7 weeks ago

  • Keywords gdpr added

#3 @desrosj
5 weeks ago

  • Component changed from Pings/Trackbacks to Privacy

Moving to the new Privacy component.

#4 @azaozz
5 weeks ago

  • Keywords close added

While sending a ping is a clear indication of permission for a site to link to you...

Not exactly. It is an "invitation" for one site to link to another. Nothing in that indicates any personal data. Also, linking to someone's site is not "personal data" in any way. :)

Another aspect to this is: how would you prove that you're the rightful "owner" of any of the information saved with a pingback or a trackback? This is a very very hard thing to do. Owning a domain name doesn't prove you own the website referenced by it. Owning the domain and the site doesn't prove you owned both of these when the pingback was made. Supplying some sort of logs still doesn't prove anything as they can easily be falsified.

After all, sending information that belongs to one person to somebody else is a big violation of all privacy laws everywhere :)

#5 @dshanske
5 weeks ago

Other than my responsibility as the Component Maintainer, minimal as it is as Pingbacks aren't that popular, I'm not as personally concerned about the privacy implications. But I know how seriously the GDPR has made people think about privacy implications, so I want to make sure we have a position as a community on pingbacks and trackbacks.

I have made a case for better Pingbacks presentation, which would store more data for the sole purpose of making a richer comment and make the feature more popular. But the question being, does retrieving data from a pingback source create a privacy problem? @azaozz, you outlined some good points, how do we address them? Or should we?

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.

4 weeks ago

#7 @allendav
4 weeks ago

I'm with @azaozz in that we need to identify the personal information that a pingback/trackback contains, and my best guess is just the URL could expose a person? i.e. if their domain name incorporates their name?

Not sure how to tie these into our automated data export/erasure logic though since we don't have an email to tie them to.

Note: See TracTickets for help on using tickets.