[wp-trac] [WordPress Trac] #51156: Create developer documentation for disclosures.json
WordPress Trac
noreply at wordpress.org
Mon Aug 31 13:45:25 UTC 2020
#51156: Create developer documentation for disclosures.json
----------------------------------+--------------------------------------
Reporter: carike | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 5.6
Component: Privacy | Version: trunk
Severity: normal | Resolution:
Keywords: needs-privacy-review | Focuses: docs, template, privacy
----------------------------------+--------------------------------------
Description changed by carike:
Old description:
> **Background:**
>
> The Disclosures Tab is an initiative that is underway in the Core Privacy
> Team.
> The aim is to help site owners / admins better understand what
> information their site (plugins, themes and Core) collects, where the
> information is stored and where it is sent - and in particular, who it is
> shared with.
> We hope to help site owners / admins make more informed privacy choices
> (e.g. when choosing which plugin to install) and to better understand
> their risk profile when it comes to privacy.
> For the most part, the actual "controlling" is planned for a sibling
> plugin, the Permissions Tab, which is not currently intended to be merged
> into Core, as this will contain more advanced settings.
> You can read more about the various privacy initiatives here:
> https://make.wordpress.org/core/2020/08/19/minutes-core-privacy-
> meeting-19-august-2020/
>
> **The Challenge:**
>
> To make #51092 understandable for plugin, theme and core developers, by
> providing a template and illustrative examples.
>
> **Scope:**
>
> The following tickets represent milestones for the Disclosures Tab:
>
> #51092 proposes the schema.
> [] will be created for the validation of the schema by Core.
> [] will be created for internationalization.
> This ticket only deals with developer documentation.
> #51144 proposes a UI for site-level privacy disclosures and related
> settings.
>
> **The Solution:**
>
> Illustrative example: Licensing
>
> In this example, a theme author would like to disclose the licenses that
> apply to the theme and its assets.
> The author would include the following in a file named disclosures.json
> in the theme's main folder to indicate that:
> - Their theme itself is licensed under the General Public License version
> 2;
> - They make use of images, which are locally included in the theme, all
> of which they found on the "My Stock Photos" site;
> - They make use of the Google Fonts CDN to serve the Andika, Cousine
> fonts and Ubuntu fonts.
>
> {{{#!php
> <?php
> {
> "licenses": {
> "code": [
> "https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html"
> ],
> "localAssets": [
> "https://creativecommons.org/publicdomain/zero/1.0/legalcode"
> ],
> "remoteAssets": [
> "https://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web",
> "http://www.apache.org/licenses/LICENSE-2.0.html",
> "https://ubuntu.com/legal/font-licence"
> ]
> }
> }
> }}}
>
> Illustrative example: Database Management
>
> In this example, a plugin author would like to disclose how their code
> interacts with the site's database(s).
> The author would include the following in a file named disclosures.json
> in the plugin's main folder to indicate that:
> - The plugin does not write information to the database that was not
> explicitly input by a(n authorized) user;
> - The plugin does write information to the database that was explicitly
> input by a(n authorized) user;
> - The plugin creates a Custom Post Type called ExampleCPT;
> - The plugin allows a(n authorized) user to create their own Custom Post
> Types;
> - The plugin creates a custom table called PluginTable;
> - The plugin allows a(n authorized) user to create their own custom
> tables.
>
> {{{#!php
> <?php
> {
> "database": {
> "writesToDB": {
> "auto": [
> FALSE
> ],
> "manual": [
> TRUE,
> "edit_private_posts"
> ]
> },
> "CPT": {
> "auto": [
> TRUE,
> "ExampleCPT"
> ],
> "manual": [
> TRUE,
> "delete_private_posts"
> ]
> },
> "customTables": {
> "auto": [
> TRUE,
> "PluginTable"
> ],
> "manual": [
> TRUE,
> "delete_plugins"
> ]
> }
> }
> }
> }}}
>
> Illustrative example: Compatibility
>
> In this example, a plugin author would like to disclose which Privacy
> Tools they, in good faith, believe that they are compatible with.
> The author would include the following in a file named disclosures.json
> in the plugin's main folder to indicate that:
> - The code is compatible with Core's tool to export Protected Personal
> Information;
> - The code is compatible with Core's tool to erase Protected Personal
> Information;
> - The code is compatible with the Consent API;
> - The code is compatible with the Disclosures Tab;
> - The code is not compatible with the Permissions Tab.
>
> {{{#!php
> <?php
> {
> "compatibility": {
> "ppiExport": [
> TRUE
> ],
> "ppiErasure": [
> TRUE
> ],
> "consentAPI": [
> TRUE
> ],
> "disclosuresTab": [
> TRUE
> ],
> "permissionsTab": [
> FALSE
> ]
> }
> }
> }}}
>
> Illustrative example: Monetization
>
> In this example, a theme author would like to disclose their monetization
> practices.
> The theme author would include the following in a file named
> disclosures.json in the theme's main folder to indicate that:
> - The code contains or generates promotion for other products or services
> from the same author(s);
> - The code does not contain or generate requests for, or a mechanism to
> donate to the author(s);
> - The code contains or requests a backlink, in the form of a footer
> credit;
> - The code does not contain or generate affiliate links;
> - The code does not contain or generate paid promotion for products or
> services from others who are not the author(s).
>
> {{{#!php
> <?php
> {
> "monetization": {
> "upsells": [
> TRUE,
> "https://example.com/ToS/devsite/"
> ],
> "donations": [
> FALSE
> ],
> "backlinks": [
> TRUE,
> "https://example.com/ToS/devsite/"
> ],
> "affiliates": [
> FALSE
> ],
> "advertising": [
> FALSE
> ]
> }
> }
> }}}
New description:
**Background:**
The Disclosures Tab is an initiative that is underway in the Core Privacy
Team.
The aim is to help site owners / admins better understand what information
their site (plugins, themes and Core) collects, where the information is
stored and where it is sent - and in particular, who it is shared with.
We hope to help site owners / admins make more informed privacy choices
(e.g. when choosing which plugin to install) and to better understand
their risk profile when it comes to privacy.
For the most part, the actual "controlling" is planned for a sibling
plugin, the Permissions Tab, which is not currently intended to be merged
into Core, as this will contain more advanced settings.
You can read more about the various privacy initiatives here:
https://make.wordpress.org/core/2020/08/19/minutes-core-privacy-
meeting-19-august-2020/
**The Challenge:**
To make #51092 understandable for plugin, theme and core developers, by
providing a template and illustrative examples.
**Scope:**
The following tickets represent milestones for the Disclosures Tab:
#51092 proposes the schema.
[] will be created for the validation of the schema by Core.
[] will be created for internationalization.
This ticket only deals with developer documentation.
#51144 proposes a UI for site-level privacy disclosures and related
settings.
**The Solution:**
Illustrative example: Licensing
In this example, a theme author would like to disclose the licenses that
apply to the theme and its assets.
The author would include the following in a file named disclosures.json in
the theme's main folder to indicate that:
- Their theme itself is licensed under the General Public License version
2;
- They make use of images, which are locally included in the theme, all of
which they found on the "My Stock Photos" site;
- They make use of the Google Fonts CDN to serve the Andika, Cousine fonts
and Ubuntu fonts.
{{{#!php
<?php
{
"licenses": {
"code": [
"https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html"
],
"localAssets": [
"https://creativecommons.org/publicdomain/zero/1.0/legalcode"
],
"remoteAssets": [
"https://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web",
"http://www.apache.org/licenses/LICENSE-2.0.html",
"https://ubuntu.com/legal/font-licence"
]
}
}
}}}
Illustrative example: Calls to External Networks
In this example, a plugin author would like to disclose that their code
makes calls to external networks.
The author would like to include the following in a file named
disclosures.json in the plugin's main folder to indicate that:
- The code includes an external reference to the developer's own site (if
the user opts in to send tracking data) in the PHP;
- The code includes an external reference to Google Analytics in the
JavaScript;
- The code includes an external reference to Google Fonts in the CSS.
{{{#!php
<?php
{
"policies": {
"PHP": [
"https://developersite.example.com/privacy-policy/"
],
"JavaScript": [
"https://policies.google.com/privacy"
],
"CSS": [
"https://policies.google.com/privacy"
]
}
}
}}}
Illustrative example: Database Management
In this example, a plugin author would like to disclose how their code
interacts with the site's database(s).
The author would include the following in a file named disclosures.json in
the plugin's main folder to indicate that:
- The plugin does not write information to the database that was not
explicitly input by a(n authorized) user;
- The plugin does write information to the database that was explicitly
input by a(n authorized) user;
- The plugin creates a Custom Post Type called ExampleCPT;
- The plugin allows a(n authorized) user to create their own Custom Post
Types;
- The plugin creates a custom table called PluginTable;
- The plugin allows a(n authorized) user to create their own custom
tables.
{{{#!php
<?php
{
"database": {
"writesToDB": {
"auto": [
FALSE
],
"manual": [
TRUE,
"edit_private_posts"
]
},
"CPT": {
"auto": [
TRUE,
"ExampleCPT"
],
"manual": [
TRUE,
"delete_private_posts"
]
},
"customTables": {
"auto": [
TRUE,
"PluginTable"
],
"manual": [
TRUE,
"delete_plugins"
]
}
}
}
}}}
Illustrative example: Compatibility
In this example, a plugin author would like to disclose which Privacy
Tools they, in good faith, believe that they are compatible with.
The author would include the following in a file named disclosures.json in
the plugin's main folder to indicate that:
- The code is compatible with Core's tool to export Protected Personal
Information;
- The code is compatible with Core's tool to erase Protected Personal
Information;
- The code is compatible with the Consent API;
- The code is compatible with the Disclosures Tab;
- The code is not compatible with the Permissions Tab.
{{{#!php
<?php
{
"compatibility": {
"ppiExport": [
TRUE
],
"ppiErasure": [
TRUE
],
"consentAPI": [
TRUE
],
"disclosuresTab": [
TRUE
],
"permissionsTab": [
FALSE
]
}
}
}}}
Illustrative example: Monetization
In this example, a theme author would like to disclose their monetization
practices.
The theme author would include the following in a file named
disclosures.json in the theme's main folder to indicate that:
- The code contains or generates promotion for other products or services
from the same author(s);
- The code does not contain or generate requests for, or a mechanism to
donate to the author(s);
- The code contains or requests a backlink, in the form of a footer
credit;
- The code does not contain or generate affiliate links;
- The code does not contain or generate paid promotion for products or
services from others who are not the author(s).
{{{#!php
<?php
{
"monetization": {
"upsells": [
TRUE,
"https://example.com/ToS/devsite/"
],
"donations": [
FALSE
],
"backlinks": [
TRUE,
"https://example.com/ToS/devsite/"
],
"affiliates": [
FALSE
],
"advertising": [
FALSE
]
}
}
}}}
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51156#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list