WordPress.org

Make WordPress Core

Opened 5 months ago

Last modified 2 months ago

#49602 new enhancement

New design for Privacy settings page and hooks

Reported by: arena Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Privacy Keywords: has-patch dev-feedback needs-testing has-screenshots
Focuses: privacy Cc:

Description

I proposed a year ago some changes on privacy settings page

Hereattached are the updated screenshots

Can it be possible to add a hook on this page for plugins to add some simple settings.

Thank you

Attachments (10)

screenshota.PNG (40.9 KB) - added by arena 5 months ago.
existing privacy settings page
screenshotc.PNG (33.0 KB) - added by arena 5 months ago.
privacy settings page help (a)
screenshote.PNG (40.4 KB) - added by arena 5 months ago.
privacy settings page help (b)
#49602.patch (6.6 KB) - added by arena 5 months ago.
first patch
#49302-1.PNG (24.1 KB) - added by arena 5 months ago.
with help (privacy policy guide link on the right)
#49302-2.PNG (35.2 KB) - added by arena 5 months ago.
Policy page help
#49602_(2).patch (14.0 KB) - added by arena 5 months ago.
new patch with help + one form + settings api (settings_fields, do_settings ) + changed create and update messages + code review and indent to fit with look and feel of other setting pages
#49302_(2)-1.PNG (25.3 KB) - added by arena 5 months ago.
Screenshot of patch #49302_(2)
#49602_(2)-1.PNG (25.3 KB) - added by arena 5 months ago.
ooops ! 49602 not 302 …
#49602_(3).patch (14.0 KB) - added by arena 5 months ago.
almost done !

Download all attachments as: .zip

Change History (22)

@arena
5 months ago

existing privacy settings page

@arena
5 months ago

privacy settings page help (a)

@arena
5 months ago

privacy settings page help (b)

#1 @carike
5 months ago

It does not seem like your updated screenshots were attached.
Would it be possible for you to attach them now?

#2 @carike
5 months ago

I can see the screenshots now, thank you.

Would you please describe what sort of function you envisage a hook on this page being used for?
It would be much easier to discuss a couple of examples, than the abstract :)

#3 follow-up: @arena
5 months ago

@carike

related ticket : #49627 point 6
privacy option : remove one or all "popular" embedders

related ticket : #49627 point 7
privacy option : embedding from "fully intrusive" to "not intrusive"

related ticket : #49661
privacy option : options on "log all mails" from group privacy/ "log all events" from privacy ... for legal purpose ( in case of conflict, in front of a court, for a trial, the dpo will have to bring some evidence that he (or his/her company) did everything "by the book". This would be a plugin mixing the plugins attached in the related ticket : logphpmailer and wp_mailer_filter.
The mails (and related events : confirmation links activated, archives loaded (have to see if the url provided is filterable but as of today the zip is accessible with a direct link) would be logged in a specific table with external user anonymized (e.g. md5($email) ) and only accessible through admin screen to a new wp role to be created : equivalent of a dpo, i call it the "cop" for "Chief Of Privacy" ... ;-) The "cop" (and of course the admin) would be the only one to have access to privacy options and specific gdpr or local laws specific admin screens.

Last edited 5 months ago by arena (previous) (diff)

#4 @arena
5 months ago

Another example : that is a more ambitious one ...

related ticket : #49592
privacy option : have no idea as of today of a specific setting but the related plugin would try to give information to the dpo in order to maintain or set up the famous "Records of Processing Activities" (Chapter IV, article 30 of GDPR) listing all software components (core, external libraries, themes, plugins, ... ) and extracting from their respective readme.txt a new section called ===Privacy===, as well as all web services (oembed providers (#49627), emojis image links (s.w.org), use of gravatar, ...) etc ...

For the record here is the Privacy section i inserted in some of my plugins :

MailPress

== Privacy ==

This plugin is using the following external softwares :
1. Swiftmailer "Free Feature-rich PHP Mailer" (https://swiftmailer.symfony.com/)
	2. doctrine/lexer "Base library for a lexer" (https://github.com/doctrine/lexer)
	2. egulias/EmailValidator "PHP Email validator" (https://github.com/egulias/EmailValidator)
1. [Import Addon] Excel parsing library (http://code.google.com/p/php-excel-reader/) modified for php7 compatibility
1. [Import Addon] CSV parsing library   (https://github.com/parsecsv/parsecsv-for-php)  modified for php7 compatibility

This plugin is using - depending on your settings - the following external services & softwares
1. [Maps] Bing maps (https://www.microsoft.com/en-us/maps) (javascript and REST api)
1. [Maps] Google maps (https://cloud.google.com/maps-platform/?hl=en) (javascript and REST api) 
1. [Maps] Here maps (https://www.here.com/) (javascript and REST api) 
1. [Maps] Mapbox GL JS (https://docs.mapbox.com/mapbox-gl-js/api/) (javascript and REST api) 
1. [Maps] OpenStreetMaps and Leaflet (https://www.openstreetmap.org & https://leafletjs.com/) (javascript and REST api) 

This plugin is using - randomly - the following external services (ip adress transmitted)
1. [Ip Geocoding] https://extreme-ip-lookup.com/ (REST Api)
1. [Ip Geocoding] http://www.geoplugin.net/ (REST Api) 
1. [Ip Geocoding] https://ipapi.co (REST Api) 
1. [Ip Geocoding] http://ip-api.com/ (REST Api) 
1. [Ip Geocoding] http://ipinfo.io/ (REST Api) 
1. [Ip Geocoding] https://ipstack.com/ (REST Api) 

This plugin is storing data
1. [core] Subscribers
1. [core] Mails and recipients informations
1. [Comment addon] Subscriptions
1. [Mailinglist addon] Subscriptions
1. [Newsletter addon] Subscriptions
1. [Tracking addon] any activity on sent mails when clicking on mail links

This plugin authorize data export in csv format [Import addon]

This plugin is compliant with WordPress Export/Erase Personnal Data process (Privacy)

PoKeMoJiS

This plugin :
* is not storing data
* is not using any external software or web services

As a reminder, title of Chapter IV of GDPR is : Controller and processor

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e3022-1-1

Last edited 5 months ago by arena (previous) (diff)

#5 @arena
5 months ago

to discard this feature

3) 1/3rd of the internet can now add custom maps in a few clicks

https://blog.mapbox.com/wordpress-adds-map-block-74a75dbcb22d

https://core.trac.wordpress.org/ticket/49592#comment:8

i developped a year ago for plugin purpose a little workbench on several map providers (Google, Bing, Here, Mapbox and OpenStreetMap) available here :
https://blog.mailpress.org/maps/

IP geolocalisation is a very lucrative business ... me not doing any. If you visit the above page : your ip is collected to try to geolocalise it and the result (success or fail) is memorized in a cache file that will be deleted in the future.

the related post on my blog
https://blog.mailpress.org/2019/02/22/map-api-review-an-alternative-to-google-maps

Last edited 5 months ago by arena (previous) (diff)

#6 @arena
5 months ago

For the start, this is just an amuse-bouche ! (see first patch attached below)

@arena
5 months ago

first patch

#7 @arena
5 months ago

  • Keywords has-patch added

@arena
5 months ago

with help (privacy policy guide link on the right)

@arena
5 months ago

Policy page help

#8 @arena
5 months ago

I have to deal with the two forms (which is ugly !) and the css modifications are currently inline
Waiting for some (tech and design) advice. Do i continue ?

Last edited 5 months ago by arena (previous) (diff)

@arena
5 months ago

new patch with help + one form + settings api (settings_fields, do_settings ) + changed create and update messages + code review and indent to fit with look and feel of other setting pages

#9 @arena
5 months ago

  • Keywords dev-feedback needs-testing added

new patch with
+ help
+ one form
+ settings api (settings_fields, do_settings )
+ changed create and update messages
+ code review and indent to fit with look and feel of other setting pages

and done some tests, looks good for me.

enjoy your day !

@arena
5 months ago

Screenshot of patch #49302_(2)

#10 @arena
5 months ago

  • Keywords has-screenshots added

@arena
5 months ago

ooops ! 49602 not 302 ...

@arena
5 months ago

almost done !

#11 in reply to: ↑ 3 @arena
5 months ago

Related #43713

Replying to arena:

@carike

related ticket : #49627 point 6
privacy option : remove one or all "popular" embedders

related ticket : #49627 point 7
privacy option : embedding from "fully intrusive" to "not intrusive"

related ticket : #49661
privacy option : options on "log all mails" from group privacy/ "log all events" from privacy ... for legal purpose ( in case of conflict, in front of a court, for a trial, the dpo will have to bring some evidence that he (or his/her company) did everything "by the book". This would be a plugin mixing the plugins attached in the related ticket : logphpmailer and wp_mailer_filter.
The mails (and related events : confirmation links activated, archives loaded (have to see if the url provided is filterable but as of today the zip is accessible with a direct link) would be logged in a specific table with external user anonymized (e.g. md5($email) ) and only accessible through admin screen to a new wp role to be created : equivalent of a dpo, i call it the "cop" for "Chief Of Privacy" ... ;-) The "cop" (and of course the admin) would be the only one to have access to privacy options and specific gdpr or local laws specific admin screens.

This ticket was mentioned in Slack in #core-privacy by burtrw. View the logs.


2 months ago

Note: See TracTickets for help on using tickets.