[wp-trac] [WordPress Trac] #43958: Pingbacks Trackbacks and Data Export/Deletion/GDPR
WordPress Trac
noreply at wordpress.org
Sat Mar 2 01:13:34 UTC 2019
#43958: Pingbacks Trackbacks and Data Export/Deletion/GDPR
-------------------------+----------------------
Reporter: dshanske | Owner: (none)
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Privacy | Version:
Severity: normal | Resolution: invalid
Keywords: | Focuses:
-------------------------+----------------------
Changes (by garrett-eclipse):
* keywords: gdpr close =>
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Thanks you @dshanske for spawning this discussion on Privacy implications
surrounding Trackbacks and Pingbacks.
Aside from the initial discussions and thoughts from @allendav and @azaozz
I raised this into #core-privacy chats as a candidate for closure to get
some last thoughts before closing this thread.
The consensus so far was that there's not currently a privacy implication
posed by the Pingbacks and Trackbacks functionality. All of the
information exchanged is between the servers with no personal data
involved as it's a site-to-site communication.
The information exchanged such as IP address, domain, url is all public
information from that originating server. Even if the domain is that of a
person johndoe.com or the url discloses the author name and information
all of that is public domain and accessible via the web. If the author
name/email was exchanged in the pingback or trackback this could
potentially be seen as personal information but it's currently not.
In addition both Pingbacks and Trackbacks require action/consent prior to
them being sent. By that I mean Pingbacks need to be enabled in Settings >
Discussion as 'Attempt to notify any blogs linked to from the article'
before they'll function, and Trackbacks are manually triggered by the post
author/admin. As such a default install isn't exchanging any information
unless enabled.
*That being said the default WP install supports receiving both Pingbacks
and Trackbacks but they are received like a comment and can be removed by
the admin.
So I'm closing this as invalid since I don't see a privacy implication
here. And even if there was the concern we would require the email being
associated to the pingback/trackback in order to integrate it to the
existing tools.
Going beyond Pingbacks and Trackbacks into Webmentions, it sounds like a
good next step for your component. Concerning privacy I would second the
consensus from the Security and Privacy Review at the bottom of the
article;
> '''Does this specification deal with personally-identifiable
information?'''
> The only potentially personally-identifiable information involved in
Webmention are the source and target URLs.
> '''Does this specification deal with high-value data?'''
> No, there is no authentication or other credentials involved.
https://www.w3.org/TR/webmention/#security-and-privacy-review
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43958#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list