[wp-trac] [WordPress Trac] #40794: WordPress needs a privacy policy
WordPress Trac
noreply at wordpress.org
Wed Jul 19 22:23:25 UTC 2017
#40794: WordPress needs a privacy policy
-------------------------------------------------+-------------------------
Reporter: johnbillion | Owner: jnylen0
Type: enhancement | Status: reopened
Priority: normal | Milestone: 4.8.1
Component: Help/About | Version:
Severity: normal | Resolution:
Keywords: has-patch commit fixed-major i18n- | Focuses:
change |
-------------------------------------------------+-------------------------
Comment (by iandunn):
The most important thing to be transparent about regarding the Events
Widget is the partially anonymized _client_ IP address. Usually API calls
only expose the _server_ address, but this one needs to send the client so
that we can geolocate their IP to get their location.
The IP is anonymized to the netblock, e.g., `50.60.70.80` becomes
`50.60.70.0`. That’s typically accurate enough for geolocation, but
removes the ability to identify the specific user.
There are also a few other things that the Events Widget sends to
api.w.org, but they might not be sensitive enough to be worth mentioning:
* the locale for their WP user account (or site locale if user locale
isn’t set)
* the timezone from their browser (not the site timezone)
* the value they typed in to the City field, if they chose to override the
geolocated location
Core also exposes the client IP of logged-in users and front-end visitors
to external sites in several situations. In those cases, it is not
partially anonymized, so the specific device could be identified.
* Requesting images/videos/etc from the w.org CDN (like wp-
admin/about.php)
* Requesting images from Gravatar (owned by Automattic) in wp-admin and on
the front-end (via the default themes).
* Requesting images from Google Fonts on the front-end (via the default
themes)
* Maybe a few others I missed
----
Here's a rough draft at some user-oriented language:
> Your WordPress site may expose your computer's IP address, and the IP
addresses of your visitors, to external websites. This happens when
WordPress needs to download images, fonts, and other assets used within
the Administration Panels and when browsing your site. To learn more, you
can read the privacy policies for [https://wordpress.org/about/privacy/
WordPress.org], [https://automattic.com/privacy/ Gravatar], and
[https://developers.google.com/fonts/faq#what_does_using_the_google_fonts_api_mean_for_the_privacy_of_my_users
Google Fonts].
>
> Your site may also send your IP address to WordPress.org, in order to
determine your approximate location, so that you can be shown upcoming
WordPress events in your area. WordPress.org does not use your IP address
for any other purpose, and does not store it permanently.
Since the CDN requests expose the full IP, I don't think it's worth
burdening the user with information about the partial anonymizing that the
Events Widget does.
We should probably also add something about Akismet, like:
> If you choose to enable the Akismet plugin to block spam, your WordPress
site will also send data to to Akismet's API, in order to determine if the
comment should be blocked. The data may include the text of the comment,
and metadata about the commenter, including their IP address, name, and
email address. For more details, see [https://automattic.com/privacy/
Akismet's privacy policy].
>
> If you choose to install any plugins or themes that are not bundled with
WordPress, they may also send additional data to external services. You
can learn more by reading their respective privacy policies.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40794#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list