Make WordPress Core

Opened 6 years ago

Closed 5 years ago

Last modified 5 years ago

#43958 closed enhancement (invalid)

Pingbacks Trackbacks and Data Export/Deletion/GDPR

Reported by: dshanske's profile dshanske Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Privacy Keywords:
Focuses: Cc:


Being as there is all this talk about the ability to export or request deletion of data, we aren't factoring in the fact that these comments have no email address, only a URL.

In the successor to Pingbacks and Trackbacks, Webmention, the specification supports updating/deleting a webmention by sending a new one.

Pingbacks and trackbacks have no such facility. While sending a ping is a clear indication of permission for a site to link to you(Otherwise why do it), there should be a way to hook into the new systems that supports this rather than building a separate one.

Looking for ideas on this one.

Change History (11)

This ticket was mentioned in Slack in #gdpr-compliance by dshanske. View the logs.

6 years ago

#2 @xkon
6 years ago

  • Keywords gdpr added

#3 @desrosj
6 years ago

  • Component changed from Pings/Trackbacks to Privacy

Moving to the new Privacy component.

#4 @azaozz
6 years ago

  • Keywords close added

While sending a ping is a clear indication of permission for a site to link to you...

Not exactly. It is an "invitation" for one site to link to another. Nothing in that indicates any personal data. Also, linking to someone's site is not "personal data" in any way. :)

Another aspect to this is: how would you prove that you're the rightful "owner" of any of the information saved with a pingback or a trackback? This is a very very hard thing to do. Owning a domain name doesn't prove you own the website referenced by it. Owning the domain and the site doesn't prove you owned both of these when the pingback was made. Supplying some sort of logs still doesn't prove anything as they can easily be falsified.

After all, sending information that belongs to one person to somebody else is a big violation of all privacy laws everywhere :)

#5 @dshanske
6 years ago

Other than my responsibility as the Component Maintainer, minimal as it is as Pingbacks aren't that popular, I'm not as personally concerned about the privacy implications. But I know how seriously the GDPR has made people think about privacy implications, so I want to make sure we have a position as a community on pingbacks and trackbacks.

I have made a case for better Pingbacks presentation, which would store more data for the sole purpose of making a richer comment and make the feature more popular. But the question being, does retrieving data from a pingback source create a privacy problem? @azaozz, you outlined some good points, how do we address them? Or should we?

This ticket was mentioned in Slack in #gdpr-compliance by desrosj. View the logs.

6 years ago

#7 @allendav
6 years ago

I'm with @azaozz in that we need to identify the personal information that a pingback/trackback contains, and my best guess is just the URL could expose a person? i.e. if their domain name incorporates their name?

Not sure how to tie these into our automated data export/erasure logic though since we don't have an email to tie them to.

This ticket was mentioned in Slack in #core-privacy by desrosj. View the logs.

6 years ago

This ticket was mentioned in Slack in #core-privacy by garrett-eclipse. View the logs.

5 years ago

#10 @garrett-eclipse
5 years ago

  • Keywords gdpr close removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Thanks you @dshanske for spawning this discussion on Privacy implications surrounding Trackbacks and Pingbacks.

Aside from the initial discussions and thoughts from @allendav and @azaozz I raised this into #core-privacy chats as a candidate for closure to get some last thoughts before closing this thread.

The consensus so far was that there's not currently a privacy implication posed by the Pingbacks and Trackbacks functionality. All of the information exchanged is between the servers with no personal data involved as it's a site-to-site communication.

The information exchanged such as IP address, domain, url is all public information from that originating server. Even if the domain is that of a person or the url discloses the author name and information all of that is public domain and accessible via the web. If the author name/email was exchanged in the pingback or trackback this could potentially be seen as personal information but it's currently not.

In addition both Pingbacks and Trackbacks require action/consent prior to them being sent. By that I mean Pingbacks need to be enabled in Settings > Discussion as 'Attempt to notify any blogs linked to from the article' before they'll function, and Trackbacks are manually triggered by the post author/admin. As such a default install isn't exchanging any information unless enabled.
*That being said the default WP install supports receiving both Pingbacks and Trackbacks but they are received like a comment and can be removed by the admin.

So I'm closing this as invalid since I don't see a privacy implication here. And even if there was the concern we would require the email being associated to the pingback/trackback in order to integrate it to the existing tools.

Going beyond Pingbacks and Trackbacks into Webmentions, it sounds like a good next step for your component. Concerning privacy I would second the consensus from the Security and Privacy Review at the bottom of the article;

Does this specification deal with personally-identifiable information?
The only potentially personally-identifiable information involved in Webmention are the source and target URLs.
Does this specification deal with high-value data?
No, there is no authentication or other credentials involved.

#11 @dshanske
5 years ago

@garrett-eclipse I withdrew as Pingbacks and Trackbacks component maintainer due to lack of interest on the matter from...well, most people. I contribute to the webmentions plugin though.

If anyone ever expressed an interest in working on merging that into Core, I would gladly return to work on same.

Note: See TracTickets for help on using tickets.