[wp-trac] [WordPress Trac] #43546: Add to the privacy tools UX a means to export personal data by username or email address

WordPress Trac noreply at wordpress.org
Tue May 8 21:34:13 UTC 2018 

#43546: Add to the privacy tools UX a means to export personal data by username or
email address
-----------------------------------+-----------------------
 Reporter:  allendav               |       Owner:  allendav
     Type:  enhancement            |      Status:  assigned
 Priority:  normal                 |   Milestone:  4.9.6
Component:  General                |     Version:  trunk
 Severity:  normal                 |  Resolution:
 Keywords:  gdpr needs-unit-tests  |     Focuses:
-----------------------------------+-----------------------

Comment (by johnstonphilip):

 @iandunn Thanks for the response and explanations - and catching me up. My
 fear with the link being in the email (or anywhere outside of a logged-in
 WP session) is how simple it is for someone to say, accidentally forward
 an email. Or say they copy the link and forget it's in their clipboard
 when they paste into an exposed place (these are just the first 2 examples
 that popped into my head).

 I just don't love the potential problems that open up when the link is
 automatically exposed in-full outside of a logged-in WordPress session.

 It's much tougher to accidentally give someone access to your account,
 especially if that account is protected by double authentication.

 For my own websites, I would love the option of ''requiring'' the
 requester to have an account in order to request/delete their data. For
 guest commenters, I would require they sign up for an account prior to
 making a data request. I realize that's not an approach everyone would
 take, but I think it's a reasonable one that certain sites with sensitive
 PII would agree with. I would prefer to make guests jump through a couple
 extra hoops for security, as opposed to reducing security overall for my
 registered users just to accommodate guests. I'm sure this is especially
 true for sites that don't allow guests to comment.

 Regarding the removal of files, I agree that shrinking the attack window
 isn't the best for UX as it's hard to know how long a file takes to
 download on slow connections and slow hosts. It would be ideal to have the
 file be automatically deleted when the download has completed. Obviously
 that is difficult to know, but when the index.html file is opened, the
 customer could let us know.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/43546#comment:65>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list