[wp-trac] [WordPress Trac] #46986: DNT Parameter automatically for Vimeo oEmbed requests
WordPress Trac
noreply at wordpress.org
Tue Oct 20 21:36:58 UTC 2020
#46986: DNT Parameter automatically for Vimeo oEmbed requests
-------------------------------------------------+-------------------------
Reporter: djc71889 | Owner: garrett-
| eclipse
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 5.6
Component: Embeds | Version: 4.9
Severity: major | Resolution:
Keywords: has-patch needs-dev-note has-unit- | Focuses: privacy
tests commit |
-------------------------------------------------+-------------------------
Comment (by adakaleh):
Before deciding on this, I think several points ought to be clarified:
Replying to [ticket:46986 djc71889]:
> Note that unlike Twitter (which was mentioned in the initial report, the
Vimeo player does not contain cookies which are unessential to player
functionality (like saving language preferences or viewer statistics) It
does not track 'non-essential' cookies like google analytics and other
third party cookies (used for ad serving, etc).
The above statement is false. Vimeo's player stores an unessential
tracking cookie called `vuid`. It's unessential because the video player
works without it when DNT is used. This cookie can be used by Vimeo to
track people across the web through its embedded videos.
Vimeo also sets the `sync_active` key in local storage. This is what Vimeo
[https://stackoverflow.com/questions/27614407/soundcloud-and-vimeo-
synchronize-their-players-in-different-tabs-and-sometimes uses] to stop
videos from playing simultaneously in different tabs and iframes. It can
also be used to track people across websites, which is why Vimeo blocks it
when DNT is used.
The stats mentioned in https://vimeo.com/analytics can be obtained without
unique identifiers. The same viewer might be counted more than once, but
Vimeo could still show its clients ''"where they’re coming from, how
they’re finding your videos, and what devices they’re watching them on"''
(and more) without tagging each visitor with a unique ID. Even so, much of
this data is perhaps too invasive and it's arguably a good thing that DNT
prevents its collection.
As for [comment:4 the issue raised by freshyjon]:
> it allows the user to play multiple videos at once (which is NOT default
behavior, and is arguably not very “Accessible friendly”).
How is this an accessibility issue? To me it looks like a tiny
inconvenience, far outweighed by the privacy costs of going through with
this change.
To conclude, please be mindful of the privacy implications herein. I
suggest not allowing Vimeo to push its tracking-by-default exception into
WordPress.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46986#comment:25>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list