WordPress.org

Making WordPress.org

Opened 11 months ago

Closed 2 months ago

Last modified 6 weeks ago

#3655 closed enhancement (fixed)

Remove twitter, facebook, google plus and quantserve scripts from https://wordpress.org footer

Reported by: allendav Owned by: SergeyBiryukov
Milestone: Priority: high
Component: General Keywords:
Cc:

Description (last modified by allendav)

The twitter and facebook buttons in the page footer are flagged by some privacy extensions like ghostery as poor for user privacy. Let's replace the script powered buttons with plain buttons to those social media services.

To reproduce: Open https://wordpress.org/about/privacy/ incognito with the ghostery extension active.

Attachments (2)

3655.png (11.4 KB) - added by SergeyBiryukov 2 months ago.
Screen Shot 2019-02-21 at 9.10.18 AM.png (101.4 KB) - added by garrett-eclipse 2 months ago.
Trac Footer w/ displaced social links

Download all attachments as: .zip

Change History (53)

This ticket was mentioned in Slack in #core-privacy by allendav. View the logs.


11 months ago

#2 @Otto42
11 months ago

We don't run "trackers" on that page, we run the various like and tweet buttons in the footer of every page on WordPress.org.

So, if you want to get into a discussion about removing them from the footer, then you'd do best to not refer to them as "trackers" since not everybody agrees with you on the privacy implications of such buttons.

That includes me, and because of your wording, my vote for this ticket is -1.

#3 @allendav
11 months ago

Hi @Otto42 - I respectfully disagree. They are trackers.

That said, we should be able to replace those third party like and tweet buttons with links that still allow our users to like and tweet the page AND preserve our non-tweeting, non-liking users' privacy.

Also, when Safari for iOS 12 and Mohave releases this fall, users of that browser will be prompted about this: https://www.cnet.com/news/new-safari-privacy-features-on-macos-mojave-and-ios-12-crack-down-on-nosy-websites/

Last edited 11 months ago by allendav (previous) (diff)

This ticket was mentioned in Slack in #meta by tellyworth. View the logs.


11 months ago

#5 @tellyworth
11 months ago

  • Priority changed from normal to high

#6 follow-up: @gibrown
11 months ago

The Jetpack sharing buttons explicitly do not use the standard version of these buttons and so should not be subject to any tracking. Needs some customization to add them to a different part of the page, but should be easy enough: https://jetpack.com/support/sharing/

#7 follow-up: @netweb
11 months ago

I think it is pretty disingenuous to only make this change for https://wordpress.org/about/privacy/

If a potential user of WordPress reads that page and are satisfied by what they read there to then visit a different page on w.org and have an entirely different privacy experience is misleading IMHO.

#8 in reply to: ↑ 7 @allendav
11 months ago

Replying to netweb:

I think it is pretty disingenuous to only make this change for https://wordpress.org/about/privacy/

If a potential user of WordPress reads that page and are satisfied by what they read there to then visit a different page on w.org and have an entirely different privacy experience is misleading IMHO.

I completely agree. When I wrote the issue I was just thinking about the privacy page - a consistent privacy experience (at least with respect to third party scripts like these) from page to page (and site to site) would be much better.

#9 in reply to: ↑ 6 @allendav
11 months ago

Replying to gibrown:

The Jetpack sharing buttons explicitly do not use the standard version of these buttons and so should not be subject to any tracking. Needs some customization to add them to a different part of the page, but should be easy enough: https://jetpack.com/support/sharing/

Hey @gibrown

You mean when Jetpack Sharing is set to use "Icon & Text", "Icon Only" or "Text Only" right? If a user uses the "Official Buttons" setting then those buttons are tracked by Facebook, etc.

#10 @gibrown
11 months ago

Yep, that's what I mean. We won't have the counts anymore, but would still have the buttons.

This ticket was mentioned in Slack in #meta by tellyworth. View the logs.


10 months ago

#12 @tellyworth
10 months ago

To clarify: in Icon Only mode and similar, the buttons will all still function as before right, other than the count display?

#13 @mkaz
6 months ago

https://cldup.com/NST945Zwvj.png

As far as trackers, with Firefox Tracking Protection on, I get notices for both Twitter and Facebook widgets on WordPress.org footer. My vote would be to remove and replace with static images or text.

I would actually vote to remove Facebook altogether, but that's a whole other thing.

Also, quantserve is another tracker that probably should be removed, but at least provides a smidge of value if we care about popularity.

#14 @iandunn
6 months ago

Is there any good reason to embed FB/Twitter JavaScript on the site, instead of just using "intent" links? I've always preferred intent links because they're simpler, don't take up extra bandwidth, have zero memory footprint, don't rely on external services, etc.

I'm not aware of any compelling benefit of actually embedding the third-party scripts.

#15 @allendav
6 months ago

  • Summary changed from Could we not run twitter, facebook and google plus trackers on https://wordpress.org/about/privacy/ please to Remove twitter, facebook and google plus scripts from https://wordpress.org/about/privacy/

#16 @allendav
6 months ago

@mkaz wrote

Also, quantserve is another tracker that probably should be removed, but at least provides a smidge of value if we care about popularity.

How can I figure out who added / uses that so I can chat with them?

#17 @allendav
6 months ago

@iandunn wrote:

Is there any good reason to embed FB/Twitter JavaScript on the site, instead of just using "intent" links? I've always preferred intent links because they're simpler, don't take up extra bandwidth, have zero memory footprint, don't rely on external services, etc.

By "intent" links do you mean the plain vanilla, do-not-incorporate-third-party-scripts, "Icon & Text", "Icon Only" or "Text Only" style links?

The downside is we lose that little "X people liked this" count for the service - the upside is our users' privacy is preserved and users that want to can still like/tweet the page.

#18 @iandunn
6 months ago

Yeah, that's what I meant. Personally, I don't see much value in the "X people..." bit. Everybody knows we power 31% of the web, no need to brag about it.

This ticket was mentioned in Slack in #meta by allendav. View the logs.


6 months ago

#20 @allendav
6 months ago

  • Description modified (diff)

#21 @garrett-eclipse
6 months ago

Thought this chat sounded familiar, just wanted to flag this was raised in #core-privacy on Oct 22nd so am happy to see the dicussion continue.
Original post flagging these in Slack #core-privacy - https://wordpress.slack.com/archives/C9695RJBW/p1540223792000100

#22 @garrett-eclipse
6 months ago

  • Summary changed from Remove twitter, facebook and google plus scripts from https://wordpress.org/about/privacy/ to Remove twitter, facebook, google plus and quantserve scripts from https://wordpress.org footer

Tweaked ticket title to include quantserve and remove page specificity so it's known it affects the footer on the entire WP.org network.

This ticket was mentioned in Slack in #meta by allendav. View the logs.


5 months ago

#24 follow-up: @Otto42
5 months ago

You will need matt's approval for this.

#25 in reply to: ↑ 24 @allendav
5 months ago

Replying to Otto42:

You will need matt's approval for this.

OK - will do

#26 @allendav
5 months ago

Matt has approved it: "yeah you can kill quantcast, and fine with the buttons being switched to something that loads faster / doesn’t call remote"

#27 @ocean90
5 months ago

In 7847:

Trac: Remove tracking via Quantserve (Quantcast).

See ​#3655.

#28 @ocean90
5 months ago

In 7848:

Trac: Remove tracking via Quantserve (Quantcast) in all Trac footer templates.

See ​#3655.

This ticket was mentioned in Slack in #core-privacy by webdevlaw. View the logs.


3 months ago

#30 @garrett-eclipse
3 months ago

  • Keywords needs-patch added

Thanks everyone for their work on this. I'm glad we were able to get Quantcast removed. After discussion in #core-privacy it seems the next steps are replacing the Twitter/Facebook Follow/Like iFrames with static versions. As such I updated this ticket to needs-patch to denote there's further work to be done.

#31 follow-up: @pputzer
3 months ago

AFAIK there is no way to get the FB "Like" functionality without the tracking. Two things we can do:

  • Embed a static image and simply link to the FB page, or
  • add a working "Share" button.
Last edited 3 months ago by pputzer (previous) (diff)

#32 in reply to: ↑ 31 @garrett-eclipse
3 months ago

Replying to pputzer:

AFAIK there is no way to get the FB "Like" functionality without the tracking. Two things we can do:

  • Embed a static image and simply link to the FB page, or
  • add a working "Share" button.

Thanks @pputzer. For reference, here's the slack discussion - https://wordpress.slack.com/archives/C9695RJBW/p1549047578654000?thread_ts=1549038800.604700&cid=C9695RJBW

IMHO I feel just the static icon w/ link would suffice.

#33 @pputzer
3 months ago

For Twitter's "Follow" button, it should be possible via their "intent" API: https://twitter.com/intent/follow/?screen_name=@wordpress

#34 @garrett-eclipse
3 months ago

Discussing this on #core-privacy further it would make the most sense to simply replace with social icons that link to the social communities as currently the purpose of those iframes are to promote those communities and get users to follow/like them. The other option was replace with static sharer links but that doesn't feel appropriate as we're not promoting users to share the current page.

The links to be used;
Twitter - https://twitter.com/WordPress
Facebook - https://www.facebook.com/WordPress/

For icons unless a designer has a better idea, the dashicons already on site can be used for this;
.dashicons-twitter
.dashicons-facebook

Let me know if you require further direction.
Thanks

#35 @pputzer
3 months ago

I suggest we use this URL for the Twitter link - it preserves the existing semantics of the "Follow" button (and, unlike the version I posted earlier, it is independent of any future changes to the display name of the WordPress Twitter account):

https://twitter.com/intent/follow/?user_id=685513

Using the intent handler will ensure a smoother UX on mobile devices because it's handled by their native apps. More information on the Twitter Web Intents API.

Last edited 3 months ago by pputzer (previous) (diff)

This ticket was mentioned in Slack in #meta by pepe. View the logs.


2 months ago

@SergeyBiryukov
2 months ago

#37 @SergeyBiryukov
2 months ago

As per comment:34, here's how the links would look like with Dashicons: 3655.png.

Haven't found any pages where Dashicons are not loaded, should be good to go.

The code in the screenshot, for reference:

<ul>
	<li><span class="dashicons dashicons-twitter"></span><a href="https://twitter.com/WordPress" title="Follow @WordPress on Twitter">@WordPress</a></li>
	<li><span class="dashicons dashicons-facebook"></span><a href="https://www.facebook.com/WordPress/" title="Like WordPress on Facebook">WordPress</a></li>
</ul>

#38 @SergeyBiryukov
2 months ago

  • Owner set to SergeyBiryukov
  • Status changed from new to accepted

#39 @SergeyBiryukov
2 months ago

Note: Trac footer, as seen in sites/trunk/trac.wordpress.org/templates/wporg-footer.html, doesn't have these links/buttons for some reason, whereas all the other links are the same. Not sure if that's intentional or an oversight.

#40 @SergeyBiryukov
2 months ago

  • Keywords needs-patch removed
  • Resolution set to fixed
  • Status changed from accepted to closed

Fixed in [dotorg14838].

#41 @SergeyBiryukov
2 months ago

In 8303:

Trac: Footer: Add a column with social links, for consistency with the global WP.org footer.

See #3655.

#42 @SergeyBiryukov
2 months ago

In 8304:

Trac: Bump scripts version after [8303]. See #3655.

This ticket was mentioned in Slack in #core-privacy by pepe. View the logs.


2 months ago

@garrett-eclipse
2 months ago

Trac Footer w/ displaced social links

#44 follow-up: @garrett-eclipse
2 months ago

THANKS @SergeyBiryukov you're a rockstar.

That works nicely and happy to hear the dashicons worked out.

One minor note the Trac footer seems to have a slight display issue dropping the links into a new row. See screenshot I just uploaded.

Cheers

#45 in reply to: ↑ 44 ; follow-up: @SergeyBiryukov
2 months ago

Replying to garrett-eclipse:

One minor note the Trac footer seems to have a slight display issue dropping the links into a new row. See screenshot I just uploaded.

Thanks! The CSS change in [8303] was correct, it's just that it wasn't fully deployed, probably because the version bump in [8304] followed too quickly. A second version bump in [8314] appears to have fixed it.

#46 in reply to: ↑ 45 @garrett-eclipse
2 months ago

Replying to SergeyBiryukov:

Replying to garrett-eclipse:

One minor note the Trac footer seems to have a slight display issue dropping the links into a new row. See screenshot I just uploaded.

Thanks! The CSS change in [8303] was correct, it's just that it wasn't fully deployed, probably because the version bump in [8304] followed too quickly. A second version bump in [8314] appears to have fixed it.

Awesome thanks @SergeyBiryukov I can confirm it's looking correct now. Appreciate you tackling that.

#47 @garrett-eclipse
2 months ago

Related - #4216
I opened a ticket to clean up the Cookie Policy now that Quantcast has been removed form WP.org

#48 @coffee2code
2 months ago

In 8346:

Main Theme, Privacy: Remove mentions of Quantcast from Cookie Policy.

Props garrett-eclipse.
See #3655.
Fixes #4216.

#49 @garrett-eclipse
8 weeks ago

Related - #4227
*There's some custom .dashicons css on the download page that affected the footer. I've uploaded a patch for it on the above mentioned ticket.

#50 @coffee2code
6 weeks ago

In 8443:

Jobs: Replace Twitter and Facebook iframes with static links.

See #3655

#51 @garrett-eclipse
6 weeks ago

Nice catch thanks @coffee2code

Note: See TracTickets for help on using tickets.