Make WordPress Core

Opened 4 years ago

Last modified 3 years ago

#51092 new feature request

Create a JSON schema for Privacy and Other Related Disclosures — at Version 9

Reported by: carike's profile carike Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Privacy Keywords: needs-privacy-review 2nd-opinion
Focuses: rest-api Cc:

Description (last modified by carike)

Background:

The Disclosures Tab is an initiative that is underway in the Core Privacy Team.
The aim is to help site owners / admins better understand what information their site (plugins, themes and Core) collects, where the information is stored and where it is sent - and in particular, who it is shared with.
We hope to help site owners / admins make more informed privacy choices (e.g. when choosing which plugin to install) and to better understand their risk profile when it comes to privacy.
For the most part, the actual "controlling" is planned for a sibling plugin, the Permissions Tab, which is not currently intended to be merged into Core, as this will contain more advanced settings.
You can read more about the various privacy initiatives here: https://make.wordpress.org/core/2020/08/19/minutes-core-privacy-meeting-19-august-2020/

The Challenge:

Free-form disclosures in the readme.txt would create a lot of additional work for the plugins review team.
Moreover, it makes it near impossible to compare across plugins, or to use the information in any sort of automated process.
The Disclosures Tab seeks to standardize the way that plugin, theme authors and Core can disclose privacy and other related concerns to site owners / admins, by creating quasi-"headers" and limiting the acceptable values for each.

The Solution:

Timothy suggested that each plugin could have a privacy.json file, which could then be read by Core (and Meta) using relatively simple REST API functionality.
As all items are not strictly privacy related, the file will be called disclosures.json instead.

This ticket proposes a JSON schema. Future tickets will deal with the validation and the display respectively.
In its current form, the JSON schema does not set any fields as "required".
As URLs are not one of the six data types accepted by JSON, these types have been set as "string"s. However, in the ticket to follow this one, the validation of the schema should include appropriate validation of the URLs.
Further tickets should include ones to update WP-CLI and WordPress.org to make the strings translatable. Thanks to Swissspidy for the comment below!

<?php
{
   "$schema": "https://core.trac.wordpress.org/ticket/51092",
   "$id": "https://example.com/to.be.filled.in.later.disclosures.json",
   "description": "The vision of the Disclosures Tab is for site administrators to understand their site's privacy risk profile and to make more informed privacy-related choices as a result. The mission of the Disclosures Tab is to help site administrators understand what information their site collects, where it is stored and where it is sent - and in particular, with whom it is shared.",
   "type": "object",
   "properties": {
      "details": {
         "type": "object",
         "properties": {
            "component": {
               "description": "Please enter one of the following values: plugin, theme, or the specific Core component",
               "type": "string"
            },
            "slug": {
               "description": "Please supply the slug, if the code relates to a plugin or a theme.",
               "type": "string"
            },
            "version": {
               "description": "Please supply the plugin or theme's version number, or the Core version, if the component is a Core component, which introduced the current version of this disclosures.json file, i.e. this should represent the since value.",
               "type": "string"
            }
         }
      },
      "licenses": {
         "type": "object",
         "properties": {
            "component": {
               "description": "Please provide a URL to the license that applies to this component (plugin, theme, or Core component)'s use.",
               "type": "string"
            },
            "localAssets": {
               "description": "Please provide a comma-separated list of URLs to the license that applies to the use of each asset that has been included locally. This includes the license of any bundled libraries, as well as the licenses of any images, fonts, etc.",
               "type": "array",
               "items": {
                  "type": "string",
                  "format": "uri-reference"
               },
               "uniqueItems": true
            },
            "remoteAssets": {
               "description": "Please provide a comma-separated list of URLs to the license that applies to the use of each asset that is accessed remotely. This includes the licenses of any external libraries, as well as the licenses of any images, fonts, etc.",
               "type": "array",
               "items": {
                  "type": "string",
                  "format": "uri-reference"
               },
               "uniqueItems": true
            }
         }
      },
      "external": {
         "description": "Please enter a comma-separated list of URLs containing the links to the Privacy Policies of the sites to which the calls to external networks are being made.",
         "type": "object",
         "properties": {
            "PHP": {
               "type": "array",
               "items": {
                  "type": "string",
                  "format": "uri-reference"
               },
               "uniqueItems": true
            },
            "JavaScript": {
               "type": "array",
               "items": {
                  "type": "string",
                  "format": "uri-reference"
               },
               "uniqueItems": true
            },
            "CSS": {
               "type": "array",
               "items": {
                  "type": "string",
                  "format": "uri-reference"
               },
               "uniqueItems": true
            }
         }
      },
      "terms": {
         "type": "object"
         "description": "Please provide details about third party Terms and Conditions, if applicable."
         "properties": {
            "SaaS": {
               "description": "Please provide a comma-separated list of URLs to the Terms of Service of any instances of Software as a Service.",
               "type": "array",
               "items": {
                  "type": "string",
                  "format": "uri-reference"
               },
               "uniqueItems": true
            },
            "externalAPIs": {
               "description": "Please provide a comma-separated list of URLs to the Terms of Service of any external API being used.",
               "type": "array",
               "items": {
                  "type": "string",
                  "format": "uri-reference"
               },
               "uniqueItems": true
            },
            "remoteAssets": {
               "description": "Please provide a comma-separated list of URLs to the Terms of Service that applies to the use of each remote asset. This relates to the use of CDNs for images, fonts, etc.",
               "type": "array",
               "items": {
                  "type": "string",
                  "format": "uri-reference"
               },
               "uniqueItems": true
            },
            "requiresRegistration": {
               "description": "Please provide a comma-separated list of URLs to the Terms of Service that apply to any accounts that need to be registered in order to be able to make use of this component's code.",
               "type": "array",
               "items": {
                  "type": "string",
                  "format": "uri-reference"
               },
               "uniqueItems": true
            }
         }
      },
      "openWeb": {
         "type": "object",
         "description": "Please provide details about mechanisms that allow others to obtain information from the site without browsing the website's front end.",
         "properties": {
            "APIEndpoints": {
               "description": "Please provide a comma-separated list of URLs for any internal API endpoints that are created by the code using example.com as the domain.",
               "type": "array",
               "items": {
                  "type": "string",
                  "format": "uri-reference"
               },
               "uniqueItems": true
            },
            "feeds": {
               "description": "Please provide a comma-separated list of URLs for any internal feeds that are created by the code, using example.com as the domain.",
               "type": "array",
               "items": {
                  "type": "string",
                  "format": "uri-reference"
               },
               "uniqueItems": true
            }
         }
      },
      "clientSideStorage": {
         "type": "object",
         "properties": {
            "setsCookiesPHP": {
               "description": "Please provide the names of any cookies that have been set using PHP.",
               "type": "array",
               "items": {
                  "type": "string",
               },
               "uniqueItems": true
            },
            "setsCookiesJavaScript": {
               "description": "Please provide the names of any cookies that have been set using JavaScript.",
               "type": "array",
               "items": {
                  "type": "string",
               },
               "uniqueItems": true
            },
            "usesLocalStorage": {
               "description": "Please indicate whether the code makes use of local storage.",
               "type": "boolean"
            }
         }
      },
      "database": {
         "type": "object",
         "properties": {
            "writesToDB": {
               "description": "Please indicate TRUE / FALSE to whether the code writes any data to the database.",
               "type": "boolean"
            },
            "CPT": {
               "type": "object",
               "description": "Please indicate whether the component creates any Custom Post Types.",
               "properties": {
                  "auto": {
                     "description": "Please indicate the number of Custom Post Types that are automatically created by the code without user intervention.",
                     "type": "integer",
                     "minimum": 0
                  },
                  "manual": {
                     "description": "Please indicate whether the code allows for users to generate Custom Post Types.",
                     "type": "boolean"
                  }
               }
            },
            "customTables": {
               "description": "Please indicate whether the code creates any custom tables in the database.",
               "type": "object",
               "properties": {
                  "auto": {
                     "description": "Please indicate the number of custom tables that are automatically created by the code without user intervention.",
                     "type": "integer",
                     "minimum": 0
                  },
                  "manual": {
                     "description": "Please indicate whether the code allows the user to create any custom tables.",
                     "type": "boolean"
                  }
               }
            }
         }
      },
      "otherStorage": {
         "type": "object",
         "properties": {
            "writesToTxt": {
               "type": "boolean"
            },
            "altersFileStructure": {
               "type": "boolean"
            }
         }
      },
      "PPI": {
         "description": "Please indicate TRUE / FALSE as to whether the code stores any Protected Personal Information.",
         "type": "boolean"
      },
      "compatibility": {
         "type": "object",
         "description": "Please indicate the component's compatibility with Privacy Tools.",
         "properties": {
            "ppiExport": {
               "description": "Do you as a developer consider the code to be compatible with the PPI Export Tool in WordPress?",
               "type": "boolean"
            },
            "ppiErasure": {
               "description": "Do you as a developer consider the code to be compatible with the PPI Erasure Tool in WordPress?",
               "type": "boolean"
            },
            "consentAPI": {
               "description": "Do you as a developer consider the code to be compatible with the WordPress Consent API?",
               "type": "boolean"
            },
            "disclosuresTab": {
               "description": "Do you as a developer consider the code to be compatible with the Disclosure Tab?",
               "type": "boolean"
            },
            "permissionsTab": {
               "description": "Do you as a developer consider the code to be compatible with the Permissions Tab?",
               "type": "boolean"
            }
         }
      },
      "monetization": {
         "type": "object",
         "description": "Please provide details regarding monetization practices.",
         "properties": {
            "upsells": {
               "description": "Does this code promote a paid version, or extensions, or other products or services from the same author(s)?",
               "type": "boolean"
            },
            "backLinks": {
               "description": "Does this code contain or generate, or ask the site owner / admin for permission to generate, backlinks?",
               "type": "boolean"
            },
            "affiliates": {
               "description": "Does this code contain, or generate affiliate links - i.e. links from which the author may receive conditional compensation, whether in money, or in kind?",
               "type": "boolean"
            },
            "advertising": {
               "description": "Does the code contain, or generate promotions or recommendations for any products or services not directly under the control of the author(s), for which the author(s) receive any compensation, whether in money, or in kind?",
               "type": "boolean"
            }
         }
      }
   }
}

Change History (9)

#1 @carike
4 years ago

  • Description modified (diff)

#2 @carike
4 years ago

  • Description modified (diff)

#3 @swissspidy
4 years ago

If any of these values (e.g. URLs) would need to be translatable, which they probably do, the tooling in WP-CLI and WordPress.org needs to be updated accordingly.

#4 @carike
4 years ago

  • Description modified (diff)

#5 @carike
4 years ago

  • Description modified (diff)

#6 @SergeyBiryukov
4 years ago

#49272 was marked as a duplicate.

#7 @carike
4 years ago

  • Description modified (diff)

#8 @carike
4 years ago

  • Description modified (diff)

#9 @carike
4 years ago

  • Description modified (diff)
Note: See TracTickets for help on using tickets.