[wp-trac] [WordPress Trac] #51156: Create developer documentation for disclosures.json

WordPress Trac noreply at wordpress.org
Mon Aug 31 13:45:25 UTC 2020


#51156: Create developer documentation for disclosures.json
----------------------------------+--------------------------------------
 Reporter:  carike                |       Owner:  (none)
     Type:  enhancement           |      Status:  new
 Priority:  normal                |   Milestone:  5.6
Component:  Privacy               |     Version:  trunk
 Severity:  normal                |  Resolution:
 Keywords:  needs-privacy-review  |     Focuses:  docs, template, privacy
----------------------------------+--------------------------------------
Description changed by carike:

Old description:

> **Background:**
>
> The Disclosures Tab is an initiative that is underway in the Core Privacy
> Team.
> The aim is to help site owners / admins better understand what
> information their site (plugins, themes and Core) collects, where the
> information is stored and where it is sent - and in particular, who it is
> shared with.
> We hope to help site owners / admins make more informed privacy choices
> (e.g. when choosing which plugin to install) and to better understand
> their risk profile when it comes to privacy.
> For the most part, the actual "controlling" is planned for a sibling
> plugin, the Permissions Tab, which is not currently intended to be merged
> into Core, as this will contain more advanced settings.
> You can read more about the various privacy initiatives here:
> https://make.wordpress.org/core/2020/08/19/minutes-core-privacy-
> meeting-19-august-2020/
>
> **The Challenge:**
>
> To make #51092 understandable for plugin, theme and core developers, by
> providing a template and illustrative examples.
>
> **Scope:**
>
> The following tickets represent milestones for the Disclosures Tab:
>
> #51092 proposes the schema.
> [] will be created for the validation of the schema by Core.
> [] will be created for internationalization.
> This ticket only deals with developer documentation.
> #51144 proposes a UI for site-level privacy disclosures and related
> settings.
>
> **The Solution:**
>
> Illustrative example: Licensing
>
> In this example, a theme author would like to disclose the licenses that
> apply to the theme and its assets.
> The author would include the following in a file named disclosures.json
> in the theme's main folder to indicate that:
> - Their theme itself is licensed under the General Public License version
> 2;
> - They make use of images, which are locally included in the theme, all
> of which they found on the "My Stock Photos" site;
> - They make use of the Google Fonts CDN to serve the Andika, Cousine
> fonts and Ubuntu fonts.
>
> {{{#!php
> <?php
> {
>    "licenses": {
>       "code": [
>          "https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html"
>       ],
>       "localAssets": [
>          "https://creativecommons.org/publicdomain/zero/1.0/legalcode"
>       ],
>       "remoteAssets": [
>          "https://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web",
>          "http://www.apache.org/licenses/LICENSE-2.0.html",
>          "https://ubuntu.com/legal/font-licence"
>       ]
>    }
> }
> }}}
>
> Illustrative example: Database Management
>
> In this example, a plugin author would like to disclose how their code
> interacts with the site's database(s).
> The author would include the following in a file named disclosures.json
> in the plugin's main folder to indicate that:
> - The plugin does not write information to the database that was not
> explicitly input by a(n authorized) user;
> - The plugin does write information to the database that was explicitly
> input by a(n authorized) user;
> - The plugin creates a Custom Post Type called ExampleCPT;
> - The plugin allows a(n authorized) user to create their own Custom Post
> Types;
> - The plugin creates a custom table called PluginTable;
> - The plugin allows a(n authorized) user to create their own custom
> tables.
>
> {{{#!php
> <?php
> {
>    "database": {
>       "writesToDB": {
>          "auto": [
>             FALSE
>          ],
>          "manual": [
>             TRUE,
>             "edit_private_posts"
>          ]
>       },
>       "CPT": {
>          "auto": [
>             TRUE,
>             "ExampleCPT"
>          ],
>          "manual": [
>             TRUE,
>             "delete_private_posts"
>          ]
>       },
>       "customTables": {
>          "auto": [
>             TRUE,
>             "PluginTable"
>          ],
>          "manual": [
>             TRUE,
>             "delete_plugins"
>          ]
>       }
>    }
> }
> }}}
>
> Illustrative example: Compatibility
>
> In this example, a plugin author would like to disclose which Privacy
> Tools they, in good faith, believe that they are compatible with.
> The author would include the following in a file named disclosures.json
> in the plugin's main folder to indicate that:
> - The code is compatible with Core's tool to export Protected Personal
> Information;
> - The code is compatible with Core's tool to erase Protected Personal
> Information;
> - The code is compatible with the Consent API;
> - The code is compatible with the Disclosures Tab;
> - The code is not compatible with the Permissions Tab.
>
> {{{#!php
> <?php
> {
>    "compatibility": {
>       "ppiExport": [
>          TRUE
>       ],
>       "ppiErasure": [
>          TRUE
>       ],
>       "consentAPI": [
>          TRUE
>       ],
>       "disclosuresTab": [
>          TRUE
>       ],
>       "permissionsTab": [
>          FALSE
>       ]
>    }
> }
> }}}
>
> Illustrative example: Monetization
>
> In this example, a theme author would like to disclose their monetization
> practices.
> The theme author would include the following in a file named
> disclosures.json in the theme's main folder to indicate that:
> - The code contains or generates promotion for other products or services
> from the same author(s);
> - The code does not contain or generate requests for, or a mechanism to
> donate to the author(s);
> - The code contains or requests a backlink, in the form of a footer
> credit;
> - The code does not contain or generate affiliate links;
> - The code does not contain or generate paid promotion for products or
> services from others who are not the author(s).
>
> {{{#!php
> <?php
> {
>    "monetization": {
>       "upsells": [
>          TRUE,
>          "https://example.com/ToS/devsite/"
>       ],
>       "donations": [
>          FALSE
>       ],
>       "backlinks": [
>          TRUE,
>          "https://example.com/ToS/devsite/"
>       ],
>       "affiliates": [
>          FALSE
>       ],
>       "advertising": [
>          FALSE
>       ]
>    }
> }
> }}}

New description:

 **Background:**

 The Disclosures Tab is an initiative that is underway in the Core Privacy
 Team.
 The aim is to help site owners / admins better understand what information
 their site (plugins, themes and Core) collects, where the information is
 stored and where it is sent - and in particular, who it is shared with.
 We hope to help site owners / admins make more informed privacy choices
 (e.g. when choosing which plugin to install) and to better understand
 their risk profile when it comes to privacy.
 For the most part, the actual "controlling" is planned for a sibling
 plugin, the Permissions Tab, which is not currently intended to be merged
 into Core, as this will contain more advanced settings.
 You can read more about the various privacy initiatives here:
 https://make.wordpress.org/core/2020/08/19/minutes-core-privacy-
 meeting-19-august-2020/

 **The Challenge:**

 To make #51092 understandable for plugin, theme and core developers, by
 providing a template and illustrative examples.

 **Scope:**

 The following tickets represent milestones for the Disclosures Tab:

 #51092 proposes the schema.
 [] will be created for the validation of the schema by Core.
 [] will be created for internationalization.
 This ticket only deals with developer documentation.
 #51144 proposes a UI for site-level privacy disclosures and related
 settings.

 **The Solution:**

 Illustrative example: Licensing

 In this example, a theme author would like to disclose the licenses that
 apply to the theme and its assets.
 The author would include the following in a file named disclosures.json in
 the theme's main folder to indicate that:
 - Their theme itself is licensed under the General Public License version
 2;
 - They make use of images, which are locally included in the theme, all of
 which they found on the "My Stock Photos" site;
 - They make use of the Google Fonts CDN to serve the Andika, Cousine fonts
 and Ubuntu fonts.

 {{{#!php
 <?php
 {
    "licenses": {
       "code": [
          "https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html"
       ],
       "localAssets": [
          "https://creativecommons.org/publicdomain/zero/1.0/legalcode"
       ],
       "remoteAssets": [
          "https://scripts.sil.org/cms/scripts/page.php?item_id=OFL_web",
          "http://www.apache.org/licenses/LICENSE-2.0.html",
          "https://ubuntu.com/legal/font-licence"
       ]
    }
 }
 }}}

 Illustrative example: Calls to External Networks

 In this example, a plugin author would like to disclose that their code
 makes calls to external networks.
 The author would like to include the following in a file named
 disclosures.json in the plugin's main folder to indicate that:
 - The code includes an external reference to the developer's own site (if
 the user opts in to send tracking data) in the PHP;
 - The code includes an external reference to Google Analytics in the
 JavaScript;
 - The code includes an external reference to Google Fonts in the CSS.

 {{{#!php
 <?php
 {
    "policies": {
       "PHP": [
          "https://developersite.example.com/privacy-policy/"
       ],
       "JavaScript": [
          "https://policies.google.com/privacy"
       ],
       "CSS": [
          "https://policies.google.com/privacy"
       ]
    }
 }
 }}}

 Illustrative example: Database Management

 In this example, a plugin author would like to disclose how their code
 interacts with the site's database(s).
 The author would include the following in a file named disclosures.json in
 the plugin's main folder to indicate that:
 - The plugin does not write information to the database that was not
 explicitly input by a(n authorized) user;
 - The plugin does write information to the database that was explicitly
 input by a(n authorized) user;
 - The plugin creates a Custom Post Type called ExampleCPT;
 - The plugin allows a(n authorized) user to create their own Custom Post
 Types;
 - The plugin creates a custom table called PluginTable;
 - The plugin allows a(n authorized) user to create their own custom
 tables.

 {{{#!php
 <?php
 {
    "database": {
       "writesToDB": {
          "auto": [
             FALSE
          ],
          "manual": [
             TRUE,
             "edit_private_posts"
          ]
       },
       "CPT": {
          "auto": [
             TRUE,
             "ExampleCPT"
          ],
          "manual": [
             TRUE,
             "delete_private_posts"
          ]
       },
       "customTables": {
          "auto": [
             TRUE,
             "PluginTable"
          ],
          "manual": [
             TRUE,
             "delete_plugins"
          ]
       }
    }
 }
 }}}

 Illustrative example: Compatibility

 In this example, a plugin author would like to disclose which Privacy
 Tools they, in good faith, believe that they are compatible with.
 The author would include the following in a file named disclosures.json in
 the plugin's main folder to indicate that:
 - The code is compatible with Core's tool to export Protected Personal
 Information;
 - The code is compatible with Core's tool to erase Protected Personal
 Information;
 - The code is compatible with the Consent API;
 - The code is compatible with the Disclosures Tab;
 - The code is not compatible with the Permissions Tab.

 {{{#!php
 <?php
 {
    "compatibility": {
       "ppiExport": [
          TRUE
       ],
       "ppiErasure": [
          TRUE
       ],
       "consentAPI": [
          TRUE
       ],
       "disclosuresTab": [
          TRUE
       ],
       "permissionsTab": [
          FALSE
       ]
    }
 }
 }}}

 Illustrative example: Monetization

 In this example, a theme author would like to disclose their monetization
 practices.
 The theme author would include the following in a file named
 disclosures.json in the theme's main folder to indicate that:
 - The code contains or generates promotion for other products or services
 from the same author(s);
 - The code does not contain or generate requests for, or a mechanism to
 donate to the author(s);
 - The code contains or requests a backlink, in the form of a footer
 credit;
 - The code does not contain or generate affiliate links;
 - The code does not contain or generate paid promotion for products or
 services from others who are not the author(s).

 {{{#!php
 <?php
 {
    "monetization": {
       "upsells": [
          TRUE,
          "https://example.com/ToS/devsite/"
       ],
       "donations": [
          FALSE
       ],
       "backlinks": [
          TRUE,
          "https://example.com/ToS/devsite/"
       ],
       "affiliates": [
          FALSE
       ],
       "advertising": [
          FALSE
       ]
    }
 }
 }}}

--

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/51156#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list