-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consent to embeds and iframes #33
Comments
Thanks for posting it here! To elaborate on that: Purpose and reasonAs mentioned above showing iFrames and oEmbeds on the first visit is problematic because cookies and privacy policies might apply that the user of our website didn't give consent to - especially if they haven't confirmed the banner yet. DescriptionFeature 1: Iframes and OEmbeds should automatically be replaced byMinimum: Settings in admin area:
Good solution:
Best solution:
Optional:
Feature 2: A shortcode to hide any type of content if (a specific) consent wasn't givenThis way we can potentially hide any scripts or iframes embedded on the frontend.
What could set the GDPR plugin apart from others
|
I was watching a video on Twitter this morning and they showed a cookie consent message before playing. So I'm guessing individual providers will take care of this issue. Making that update might mean you have to click twice if providers really go down that path. Keeping this on hold until we are closer to the deadline to see what major providers are doing. |
Interesting that twitter is already implementing sth like this. |
From what I understood, the way they do it does not pass any user data at all. They just check if their cookie is set. If not, they display the message alerting that choosing to view the video will set a cookie and an OK button. |
But a transaction of the users's ip would still be necessary to serve the cookie notice, right? I mean, we are in unprecedented territory here, but I swear I heard from some lawyers warning even from loading images from external servers before consent to the privacy policy. I am pretty sure that an iframe is just as problematic even when just showing a cookie notice. |
Another plugin called Borlabs Cookie solved it like this: Will we see this functionality in this plugin? |
Blocking content via shortcodes is a nice idea. I can add that in. |
Shortcode would be a great first step. I have hundreds of video embeds on my site though so an automatic blocking of oembeds and iframe tags (like borlabs cookie does) would be amazingly helpful. I could of course use borlabs cookies for the moment but it would be awesome to have detailed choices for the user which oEmbeds to block in the settings pop up of the GDPR plugin. |
That
…On Mon, Apr 30, 2018 at 10:22 AM, Fernando Claussen < ***@***.***> wrote:
Blocking content via shortcodes is a nice idea. I can add that in.
I'm not ready to block iframes still. But if you can block a section based
on a shortcode, then I guess that would do the trick for that case too?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#33 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEStsXqOpWx1ICn99fFIsP5sXseo7zZdks5ttx4rgaJpZM4TSNsD>
.
--
*Shawn Barrans*
President, Senior Strategist I Président, Stratégiste en Chef
Trew Knowledge Inc.
372 Richmond ST. W, Suite 209
Toronto, ON, M5V 1X6
Call me at 647.289.6838
Email me at sbarrans@trewknowledge.com <sbarrans@trewknowledge.com>
Shawn Barrans on Linked in
<http://ca.linkedin.com/pub/shawn-barrans/16/309/677>
Trew Knowledge on Facebook <https://www.facebook.com/trewknowledge>
Visit us at www.trewknowledge.com <http://www.trewknowledge.com>
This message, including any attachments, is intended only for the use of
the individual(s) to which it is addressed and may contain information that
is privileged and confidential. Any other distribution, copying or
disclosure is strictly prohibited. If you are not the intended recipient or
have received this message in error, please notify us immediately by reply
e-mail and permanently delete this message including any attachments,
without reading it or making a copy. Thank you.
Ce message (incluant ses fichiers joints) est transmis pour l'usage
exclusif de la ou des personnes à qui il est destiné et peut contenir des
renseignements confidentiels ou assujettis au secret professionnel. Il est
strictement interdit d'en faire toute autre distribution, copie ou
divulgation. Si vous n'êtes pas le destinataire visé ou que vous avez reçu
ce message par erreur, veuillez nous en aviser immédiatement par réponse à
ce courriel et le détruire (incluant ses fichiers joints) de façon
définitive sans le lire ou en faire de copie. Merci
|
That sounds like it would be a good solution. If we can block the shortcode
embed based on preference, I don't see an issue with that. Ideally, the
cookie should be available as an option in your preference window. If the
user has disabled the cookie, we can replace the embed with a generic
placeholder for the type of content ie. video, image, social and include a
button to view content. If the user clicks on the reveal button, it sets
the cookie which should be a blanket consent for all shortcode cookies.
On Mon, Apr 30, 2018 at 10:53 AM, Shawn Barrans <sbarrans@trewknowledge.com>
wrote:
… That
On Mon, Apr 30, 2018 at 10:22 AM, Fernando Claussen <
***@***.***> wrote:
> Blocking content via shortcodes is a nice idea. I can add that in.
> I'm not ready to block iframes still. But if you can block a section
> based on a shortcode, then I guess that would do the trick for that case
> too?
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <#33 (comment)>,
> or mute the thread
> <https://github.com/notifications/unsubscribe-auth/AEStsXqOpWx1ICn99fFIsP5sXseo7zZdks5ttx4rgaJpZM4TSNsD>
> .
>
--
*Shawn Barrans*
President, Senior Strategist I Président, Stratégiste en Chef
Trew Knowledge Inc.
372 Richmond ST. W, Suite 209
Toronto, ON, M5V 1X6
Call me at 647.289.6838
Email me at ***@***.*** ***@***.***>
Shawn Barrans on Linked in
<http://ca.linkedin.com/pub/shawn-barrans/16/309/677>
Trew Knowledge on Facebook <https://www.facebook.com/trewknowledge>
Visit us at www.trewknowledge.com <http://www.trewknowledge.com>
This message, including any attachments, is intended only for the use of
the individual(s) to which it is addressed and may contain information that
is privileged and confidential. Any other distribution, copying or
disclosure is strictly prohibited. If you are not the intended recipient or
have received this message in error, please notify us immediately by reply
e-mail and permanently delete this message including any attachments,
without reading it or making a copy. Thank you.
Ce message (incluant ses fichiers joints) est transmis pour l'usage
exclusif de la ou des personnes à qui il est destiné et peut contenir des
renseignements confidentiels ou assujettis au secret professionnel. Il est
strictement interdit d'en faire toute autre distribution, copie ou
divulgation. Si vous n'êtes pas le destinataire visé ou que vous avez reçu
ce message par erreur, veuillez nous en aviser immédiatement par réponse à
ce courriel et le détruire (incluant ses fichiers joints) de façon
définitive sans le lire ou en faire de copie. Merci
--
*Shawn Barrans*
President, Senior Strategist I Président, Stratégiste en Chef
Trew Knowledge Inc.
372 Richmond ST. W, Suite 209
Toronto, ON, M5V 1X6
Call me at 647.289.6838
Email me at sbarrans@trewknowledge.com <sbarrans@trewknowledge.com>
Shawn Barrans on Linked in
<http://ca.linkedin.com/pub/shawn-barrans/16/309/677>
Trew Knowledge on Facebook <https://www.facebook.com/trewknowledge>
Visit us at www.trewknowledge.com <http://www.trewknowledge.com>
This message, including any attachments, is intended only for the use of
the individual(s) to which it is addressed and may contain information that
is privileged and confidential. Any other distribution, copying or
disclosure is strictly prohibited. If you are not the intended recipient or
have received this message in error, please notify us immediately by reply
e-mail and permanently delete this message including any attachments,
without reading it or making a copy. Thank you.
Ce message (incluant ses fichiers joints) est transmis pour l'usage
exclusif de la ou des personnes à qui il est destiné et peut contenir des
renseignements confidentiels ou assujettis au secret professionnel. Il est
strictement interdit d'en faire toute autre distribution, copie ou
divulgation. Si vous n'êtes pas le destinataire visé ou que vous avez reçu
ce message par erreur, veuillez nous en aviser immédiatement par réponse à
ce courriel et le détruire (incluant ses fichiers joints) de façon
définitive sans le lire ou en faire de copie. Merci
|
I have to stress again that I see the shortcode only as an additional option. I have 5 years of YouTube and facebook embeds. An automatic solution detecting oEmbed and iFrame code is the only way to get my site GDPR compliant without checking every single post individually. Do you think this will be a function of the plugin (ideally around the GDPR deadline)? |
Any updates on this? How do we go about embedded content from YouTube or Instagram? Even though you can use youtube-nocookie.com, I'm still seeing cookies being set by google.com. (Only happens on pages with a embedded youtube video). I would very much like to lock this down if at all possible. |
This is planned for June 11th |
This would be a necessary function to make a site GDPR proof. Unfortunately this is not supported by many plugins. However Vimeo loads a cookie on embed. Twitter indeed puts a message before playing a video (however I think they still set a language cookie without permission). This plugin (https://nl.wordpress.org/plugins/eu-cookie-law/) blocks embeds with a banner, however it doesn't work with caching plugins like WP Super Cache. |
Not all cookies need blocking. Some cookies are ok. It's a fine line. |
Seems like there is no open source solution available so far. |
From: darkmoonxarx
One of the challenges of GDPR is YouTube, facebook and instagram embeds, because they save cookies from external sources. In some cases a general “I understand” click at the beginning doesn’t suffice. So how about if your plugin could detect iframes and oEmbeds, replace them with a thumbnail with some legal info and don’t load them until they are clicked.
This is a plugin that does this with YouTube links: https://github.com/michaelzangl/wp-video-embed-privacy
Your plugin could go one step further and save the consent, so the user only has to click once. Also functionality for all oEmbeds, iFrames and potentially a shortcode to hide any type of content until permission is given would be awesome.
The text was updated successfully, but these errors were encountered: