[wp-trac] [WordPress Trac] #44610: Allow Youtube-Player to use youtube-nocookie.com URLS to avoid setting cookies.

WordPress Trac noreply at wordpress.org
Tue Oct 20 14:54:30 UTC 2020


#44610: Allow Youtube-Player to use youtube-nocookie.com URLS to avoid setting
cookies.
-------------------------------------+-----------------------------
 Reporter:  jepperask                |       Owner:  williampatton
     Type:  enhancement              |      Status:  assigned
 Priority:  normal                   |   Milestone:  Future Release
Component:  Embeds                   |     Version:  4.9.7
 Severity:  normal                   |  Resolution:
 Keywords:  needs-testing has-patch  |     Focuses:  privacy
-------------------------------------+-----------------------------

Comment (by adakaleh):

 Replying to [comment:22 BjornW]:
 > - What is Google storing in local storage data?

 What sticks out to me is `yt-remote-device-id`. It is stored before
 pressing play and contains a UUID which expires after one year. It looks
 similar to a tracking cookie, but it doesn't get sent back automatically
 with each request. Instead it has to be retrieved using JavaScript. I
 presume it's only sent to Google when the video is played.

 Even so, using youtube-nocookie is a significant win for privacy. Google
 claims:

 > When you turn on privacy-enhanced mode, YouTube won't store information
 about visitors on your website unless they play the video.

 WordPress is very widely used, so having this on by default would make a
 big difference.

 If YouTube's oEmbed endpoint would support the dnt (Do Not Track)
 parameter (see https://core.trac.wordpress.org/changeset/41345), youtube-
 nocookie would already be the default in WordPress. But, since YouTube
 ignores DNT, we need to add some code to modify YouTube's oEmbed response.
 I just created a pull request for this, please check if it's ok:
 https://github.com/WordPress/wordpress-develop/pull/630. I tested it
 locally, it works well for me.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/44610#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list