[wp-trac] [WordPress Trac] #44610: Allow Youtube-Player to use youtube-nocookie.com URLS to avoid setting cookies.
WordPress Trac
noreply at wordpress.org
Tue Oct 20 14:54:30 UTC 2020
#44610: Allow Youtube-Player to use youtube-nocookie.com URLS to avoid setting
cookies.
-------------------------------------+-----------------------------
Reporter: jepperask | Owner: williampatton
Type: enhancement | Status: assigned
Priority: normal | Milestone: Future Release
Component: Embeds | Version: 4.9.7
Severity: normal | Resolution:
Keywords: needs-testing has-patch | Focuses: privacy
-------------------------------------+-----------------------------
Comment (by adakaleh):
Replying to [comment:22 BjornW]:
> - What is Google storing in local storage data?
What sticks out to me is `yt-remote-device-id`. It is stored before
pressing play and contains a UUID which expires after one year. It looks
similar to a tracking cookie, but it doesn't get sent back automatically
with each request. Instead it has to be retrieved using JavaScript. I
presume it's only sent to Google when the video is played.
Even so, using youtube-nocookie is a significant win for privacy. Google
claims:
> When you turn on privacy-enhanced mode, YouTube won't store information
about visitors on your website unless they play the video.
WordPress is very widely used, so having this on by default would make a
big difference.
If YouTube's oEmbed endpoint would support the dnt (Do Not Track)
parameter (see https://core.trac.wordpress.org/changeset/41345), youtube-
nocookie would already be the default in WordPress. But, since YouTube
ignores DNT, we need to add some code to modify YouTube's oEmbed response.
I just created a pull request for this, please check if it's ok:
https://github.com/WordPress/wordpress-develop/pull/630. I tested it
locally, it works well for me.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44610#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list