WordPress.org

Making WordPress.org

Opened 9 months ago

Last modified 2 weeks ago

#3655 new enhancement

Remove twitter, facebook, google plus and quantserve scripts from https://wordpress.org footer

Reported by: allendav Owned by:
Milestone: Priority: high
Component: General Keywords: needs-patch
Cc:

Description (last modified by allendav)

The twitter and facebook buttons in the page footer are flagged by some privacy extensions like ghostery as poor for user privacy. Let's replace the script powered buttons with plain buttons to those social media services.

To reproduce: Open https://wordpress.org/about/privacy/ incognito with the ghostery extension active.

Change History (35)

This ticket was mentioned in Slack in #core-privacy by allendav. View the logs.


9 months ago

#2 @Otto42
9 months ago

We don't run "trackers" on that page, we run the various like and tweet buttons in the footer of every page on WordPress.org.

So, if you want to get into a discussion about removing them from the footer, then you'd do best to not refer to them as "trackers" since not everybody agrees with you on the privacy implications of such buttons.

That includes me, and because of your wording, my vote for this ticket is -1.

#3 @allendav
9 months ago

Hi @Otto42 - I respectfully disagree. They are trackers.

That said, we should be able to replace those third party like and tweet buttons with links that still allow our users to like and tweet the page AND preserve our non-tweeting, non-liking users' privacy.

Also, when Safari for iOS 12 and Mohave releases this fall, users of that browser will be prompted about this: https://www.cnet.com/news/new-safari-privacy-features-on-macos-mojave-and-ios-12-crack-down-on-nosy-websites/

Last edited 9 months ago by allendav (previous) (diff)

This ticket was mentioned in Slack in #meta by tellyworth. View the logs.


9 months ago

#5 @tellyworth
9 months ago

  • Priority changed from normal to high

#6 follow-up: @gibrown
9 months ago

The Jetpack sharing buttons explicitly do not use the standard version of these buttons and so should not be subject to any tracking. Needs some customization to add them to a different part of the page, but should be easy enough: https://jetpack.com/support/sharing/

#7 follow-up: @netweb
9 months ago

I think it is pretty disingenuous to only make this change for https://wordpress.org/about/privacy/

If a potential user of WordPress reads that page and are satisfied by what they read there to then visit a different page on w.org and have an entirely different privacy experience is misleading IMHO.

#8 in reply to: ↑ 7 @allendav
8 months ago

Replying to netweb:

I think it is pretty disingenuous to only make this change for https://wordpress.org/about/privacy/

If a potential user of WordPress reads that page and are satisfied by what they read there to then visit a different page on w.org and have an entirely different privacy experience is misleading IMHO.

I completely agree. When I wrote the issue I was just thinking about the privacy page - a consistent privacy experience (at least with respect to third party scripts like these) from page to page (and site to site) would be much better.

#9 in reply to: ↑ 6 @allendav
8 months ago

Replying to gibrown:

The Jetpack sharing buttons explicitly do not use the standard version of these buttons and so should not be subject to any tracking. Needs some customization to add them to a different part of the page, but should be easy enough: https://jetpack.com/support/sharing/

Hey @gibrown

You mean when Jetpack Sharing is set to use "Icon & Text", "Icon Only" or "Text Only" right? If a user uses the "Official Buttons" setting then those buttons are tracked by Facebook, etc.

#10 @gibrown
8 months ago

Yep, that's what I mean. We won't have the counts anymore, but would still have the buttons.

This ticket was mentioned in Slack in #meta by tellyworth. View the logs.


8 months ago

#12 @tellyworth
8 months ago

To clarify: in Icon Only mode and similar, the buttons will all still function as before right, other than the count display?

#13 @mkaz
4 months ago

https://cldup.com/NST945Zwvj.png

As far as trackers, with Firefox Tracking Protection on, I get notices for both Twitter and Facebook widgets on WordPress.org footer. My vote would be to remove and replace with static images or text.

I would actually vote to remove Facebook altogether, but that's a whole other thing.

Also, quantserve is another tracker that probably should be removed, but at least provides a smidge of value if we care about popularity.

#14 @iandunn
4 months ago

Is there any good reason to embed FB/Twitter JavaScript on the site, instead of just using "intent" links? I've always preferred intent links because they're simpler, don't take up extra bandwidth, have zero memory footprint, don't rely on external services, etc.

I'm not aware of any compelling benefit of actually embedding the third-party scripts.

#15 @allendav
4 months ago

  • Summary changed from Could we not run twitter, facebook and google plus trackers on https://wordpress.org/about/privacy/ please to Remove twitter, facebook and google plus scripts from https://wordpress.org/about/privacy/

#16 @allendav
4 months ago

@mkaz wrote

Also, quantserve is another tracker that probably should be removed, but at least provides a smidge of value if we care about popularity.

How can I figure out who added / uses that so I can chat with them?

#17 @allendav
4 months ago

@iandunn wrote:

Is there any good reason to embed FB/Twitter JavaScript on the site, instead of just using "intent" links? I've always preferred intent links because they're simpler, don't take up extra bandwidth, have zero memory footprint, don't rely on external services, etc.

By "intent" links do you mean the plain vanilla, do-not-incorporate-third-party-scripts, "Icon & Text", "Icon Only" or "Text Only" style links?

The downside is we lose that little "X people liked this" count for the service - the upside is our users' privacy is preserved and users that want to can still like/tweet the page.

#18 @iandunn
4 months ago

Yeah, that's what I meant. Personally, I don't see much value in the "X people..." bit. Everybody knows we power 31% of the web, no need to brag about it.

This ticket was mentioned in Slack in #meta by allendav. View the logs.


4 months ago

#20 @allendav
4 months ago

  • Description modified (diff)

#21 @garrett-eclipse
4 months ago

Thought this chat sounded familiar, just wanted to flag this was raised in #core-privacy on Oct 22nd so am happy to see the dicussion continue.
Original post flagging these in Slack #core-privacy - https://wordpress.slack.com/archives/C9695RJBW/p1540223792000100

#22 @garrett-eclipse
4 months ago

  • Summary changed from Remove twitter, facebook and google plus scripts from https://wordpress.org/about/privacy/ to Remove twitter, facebook, google plus and quantserve scripts from https://wordpress.org footer

Tweaked ticket title to include quantserve and remove page specificity so it's known it affects the footer on the entire WP.org network.

This ticket was mentioned in Slack in #meta by allendav. View the logs.


3 months ago

#24 follow-up: @Otto42
3 months ago

You will need matt's approval for this.

#25 in reply to: ↑ 24 @allendav
3 months ago

Replying to Otto42:

You will need matt's approval for this.

OK - will do

#26 @allendav
3 months ago

Matt has approved it: "yeah you can kill quantcast, and fine with the buttons being switched to something that loads faster / doesn’t call remote"

#27 @ocean90
3 months ago

In 7847:

Trac: Remove tracking via Quantserve (Quantcast).

See ​#3655.

#28 @ocean90
3 months ago

In 7848:

Trac: Remove tracking via Quantserve (Quantcast) in all Trac footer templates.

See ​#3655.

This ticket was mentioned in Slack in #core-privacy by webdevlaw. View the logs.


2 weeks ago

#30 @garrett-eclipse
2 weeks ago

  • Keywords needs-patch added

Thanks everyone for their work on this. I'm glad we were able to get Quantcast removed. After discussion in #core-privacy it seems the next steps are replacing the Twitter/Facebook Follow/Like iFrames with static versions. As such I updated this ticket to needs-patch to denote there's further work to be done.

#31 follow-up: @pputzer
2 weeks ago

AFAIK there is no way to get the FB "Like" functionality without the tracking. Two things we can do:

  • Embed a static image and simply link to the FB page, or
  • add a working "Share" button.
Last edited 2 weeks ago by pputzer (previous) (diff)

#32 in reply to: ↑ 31 @garrett-eclipse
2 weeks ago

Replying to pputzer:

AFAIK there is no way to get the FB "Like" functionality without the tracking. Two things we can do:

  • Embed a static image and simply link to the FB page, or
  • add a working "Share" button.

Thanks @pputzer. For reference, here's the slack discussion - https://wordpress.slack.com/archives/C9695RJBW/p1549047578654000?thread_ts=1549038800.604700&cid=C9695RJBW

IMHO I feel just the static icon w/ link would suffice.

#33 @pputzer
2 weeks ago

For Twitter's "Follow" button, it should be possible via their "intent" API: https://twitter.com/intent/follow/?screen_name=@wordpress

#34 @garrett-eclipse
2 weeks ago

Discussing this on #core-privacy further it would make the most sense to simply replace with social icons that link to the social communities as currently the purpose of those iframes are to promote those communities and get users to follow/like them. The other option was replace with static sharer links but that doesn't feel appropriate as we're not promoting users to share the current page.

The links to be used;
Twitter - https://twitter.com/WordPress
Facebook - https://www.facebook.com/WordPress/

For icons unless a designer has a better idea, the dashicons already on site can be used for this;
.dashicons-twitter
.dashicons-facebook

Let me know if you require further direction.
Thanks

#35 @pputzer
2 weeks ago

I suggest we use this URL for the Twitter link - it preserves the existing semantics of the "Follow" button (and, unlike the version I posted earlier, it is independent of any future changes to the display name of the WordPress Twitter account):

https://twitter.com/intent/follow/?user_id=685513

Using the intent handler will ensure a smoother UX on mobile devices because it's handled by their native apps. More information on the Twitter Web Intents API.

Last edited 2 weeks ago by pputzer (previous) (diff)
Note: See TracTickets for help on using tickets.