Skip to content

v4.4.0: GDPR

Compare
Choose a tag to compare
@kgardnr kgardnr released this 08 May 22:54
v4.4.0
eda9a0c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

🚨 IMPORTANT 🚨: This release adds an Organization Contact email to allow commenters to contact the newsroom about comment-specific issues or feedback. This MUST be set or it could break some of the other features in this release. It can be set in the Configure tab in the admin or via the CLI.

Features to help newsrooms with GDPR compliance 🇪🇺

  • For GDPR, we introduced 2 new plugins:
    • talk-plugin-local-auth - to facilitate email changes and email association
    • talk-plugin-profile-data - to facilitate comments downloads and account deletion
  • We also added GDPR support to our existing auth plugin:
    • talk-plugin-auth - to facilitate username and password changes
  • If you have your own custom auth plugin you will need to update it to take advantage of these features
  • Please refer to our technical docs for more information about using endpoints to add GDPR features to your custom auth integration: https://docs.coralproject.net/talk/integrating/gdpr/

New Plugins

talk-plugin-profile-data:

  • Download my comment data
    • Commenters can request a download of their comments
    • They're sent an email with a link to download a CSV of their comments
    • Data included: comment text, article URL, comment URL, comment ID, timestamp
    • Includes rejected comments
    • Commenters can only request this once every 7 days, to prevent database overload and gaming of the moderation system

talk-plugin-local-auth:

  • Delete my account
    • Commenters can request deletion of their account
    • Deleted account requests are pending for 24 hours to allow the user to download their comments, or to change their mind and reactivate their account before the expiry
    • Account deletions remove all their comments from the site, all their comments and actions from the database, and their account info from our system
    • Commenters can cancel this request anytime before the 24 hour period is over
    • Commenters are emailed to let them know of the deletion request/to confirm the request was canceled
  • Add an email to an Oauth/external account
    • Commenters are now prompted to add an email to their non-Talk account that uses our auth plugin (Facebook, Google, external, etc) so that they can take advantage of these and other features requiring email communication (suspensions, bans, email notifications)

talk-plugin-auth:

  • Change my username
    • Commenters can update their username
    • This is capped at once every 2 weeks to prevent abuse
    • Commenters are emailed to confirm the change
  • Change my email
    • Commenters can change their email
    • This is not capped, commenters can change their email whenever they need to
    • Commenters are forced to enter the new email twice to prevent errors
  • Change my password

Bug Fixes

  • Taking action on a comment after clicking "Load More" in the user drawer/user history no longer jumps you back to the very top comment
  • Fix schema errors with talk-plugin-facebook-auth and talk-plugin-google-auth
  • Fixes for Settings
  • Fix in notifications for commenters who haven't ignored any other commenters
  • Copy and translation updates
Assets 2
Loading