WordPress.org

Make WordPress Core

Opened 16 months ago

Last modified 42 hours ago

#46986 new enhancement

DNT Parameter automatically for Vimeo oEmbed requests

Reported by: djc71889 Owned by:
Milestone: 5.6 Priority: normal
Severity: major Version:
Component: Embeds Keywords: 2nd-opinion
Focuses: privacy Cc:

Description

This is a follow-up to #41784.

Summary: The “do not track” (?dnt=1) embed parameter is currently being automatically applied to all oEmbed requests for Vimeo videos, seemingly those embedded in self-hosted versions of WordPress only.

We’ve traced this back to the change made to address this ticket #41784 (https://core.trac.wordpress.org/changeset/41345) The reason this is only coming up now is that Vimeo only just recently added oEmbed support for DNT- https://github.com/vimeo/player.js/pull/403

The issue with this WordPress change is that adding a DNT parameter to Vimeo embeds is intended to automatically block all tracking in the Vimeo player, including player statistics. Stats are a big feature of Vimeo which many users rely on, so adding this parameter is currently leading to user confusion when stats are not collected. Many users aren’t aware that this parameter is being added for them by WordPress, nor do they understand the implications. Vimeo support currently receives 1-2 support tickets from users a day who are affected by this change and unaware of the parameter being added by WordPress, and it's ability to disable stats.

Documentation for the DNT parameter on Vimeo can be found here- https://vimeo.zendesk.com/hc/en-us/articles/360001494447-Using-Player-Parameters

Example webpages with DNT:

https://foodtv.dk/video/verdens-hurtigste-pastaret/
https://foodsthathealyoucbd.com/cbd-buyer-beware-know-what-youre-buying/

Check out this link for evidence of the DNT parameter in the iframe

Proposal: WordPress should not automatically append the DNT parameter. Users should have the option to add DNT if they determine that it fits their needs.

Note that unlike Twitter (which was mentioned in the initial report, the Vimeo player does not contain cookies which are unessential to player functionality (like saving language preferences or viewer statistics) It does not track 'non-essential' cookies like google analytics and other third party cookies (used for ad serving, etc).

Change History (7)

#1 @garrett-eclipse
9 months ago

  • Focuses privacy added

#2 @mikesaville
6 months ago

I concur, this is rather frustrating. We host our videos on Vimeo, but they're only view able through the member area of our site, where we have them embedded. As a result, we can't use the standard embed block (which we found out only when all our Vimeo stats were zero). Vimeo has some massive analysis tools that we just can't access in the oEmbed's current iteration.

If we just cut and paste the Vimeo embed script into a html block, does WordPress add the DNT function too do you know? I think I may have to check later.

EDIT: Just checked, if you don't use the Vimeo embed block and just use the Vimeo embed code in a HTML block, the stats ARE recorded at Vimeo.

I hope that a future update adds it as a checkable option rather than a default that you can't override easily.

Last edited 6 months ago by mikesaville (previous) (diff)

#3 @johnbillion
3 days ago

#50869 was marked as a duplicate.

#4 @freshyjon
3 days ago

This is also causing an issue that may have been overlooked.

If there are numerous Vimeo videos embedded on the page, previously (by default), Vimeo would only allow one of those video to play at a time. If a user played one video — then started playing another video — it would then pause the previous video that was playing. Again, this is default Vimeo behavior. However, when the Vimeo URL has the parameter of dnt=1 on the URL, it causes that default behavior to be overridden. Therefore, it allows the user to play multiple videos at once (which is NOT default behavior, and is arguably not very “Accessible friendly”).

Ideally, this would be looked in to further, since it now overrides default/expected Vimeo behavior. I argue that it should be removed from Vimeo URLs, or at least have an option to disable it from oEmbeds.

#5 follow-up: @johnbillion
3 days ago

  • Keywords 2nd-opinion added

I'll be completely honest, I don't know how best to fix this. According to MDN:

The DNT (Do Not Track) request header indicates the user's tracking preference. It lets users indicate whether they would prefer privacy rather than personalized content.

This makes no mention of collecting view statistics which can be gathered independently of tracking a user for personalisation purposes. It seems to me that Vimeo is being overly cautious with respect to the dnt parameter.

That said, I appreciate that this is affecting the stats collection for video producers, which is not ideal. It's unfortunate that there's nothing in the oEmbed spec that covers this, and off the top of my head there's no other header or parameter that could be used instead of dnt.

Vimeo embeds _could_ be excluded from using the dnt parameter, which isn't ideal, but realistically it might be about the only option.

This ticket was mentioned in Slack in #accessibility by ryokuhi. View the logs.


3 days ago

#7 in reply to: ↑ 5 @SergeyBiryukov
42 hours ago

  • Milestone changed from Awaiting Review to 5.6

Replying to johnbillion:

This makes no mention of collecting view statistics which can be gathered independently of tracking a user for personalisation purposes. It seems to me that Vimeo is being overly cautious with respect to the dnt parameter.

Yes, that's my understanding here as well. They seem to be using it to block all kinds of statistics, rather than just user tracking.

Vimeo embeds _could_ be excluded from using the dnt parameter, which isn't ideal, but realistically it might be about the only option.

Since this is causing accessibility issues as is, per comment:4, let's go with that for now.

Note: See TracTickets for help on using tickets.