Opened 4 years ago
Last modified 3 years ago
#5618 accepted enhancement
Require ToS/Privacy at login and record acceptance
Reported by: | tellyworth | Owned by: | dd32 |
---|---|---|---|
Milestone: | Priority: | high | |
Component: | Login & Authentication | Keywords: | |
Cc: |
Description
For legal reasons it is necessary that WordPress.org enforces acceptance of a ToS and Privacy Policy at login, and record the date and version of the policy most recently accepted by each user. This means:
- The login form will need to include a checkbox such as
[ ] I have read and accept the terms of service and privacy policy
with appropriate links. - Failure to check the box will prevent login.
- Login sessions should remain capped at 2 weeks to ensure all active users regularly accept new terms.
- On successful login, a usermeta or similar value should be set recording the timestamp and version of the ToS and Privacy policy documents (perhaps the currently deployed svn rev# for each?)
- It should probably also record the rev # of the login form and theme, since that may be relevant info.
Attachments (2)
Change History (11)
#2
in reply to:
↑ 1
@
4 years ago
Replying to dd32:
Alternatively:
- The registration form should have the checkbox
- The login form should only prompt if the user hasn't reviewed the terms since last update
I prefer this :) Better user experience, less compliance fatigue, more meaningful interaction.
This ticket was mentioned in Slack in #meta by tellyworth. View the logs.
3 years ago
This ticket was mentioned in Slack in #community-team by tobifjellner. View the logs.
3 years ago
Note: See
TracTickets for help on using
tickets.
Alternatively:
Perhaps the login validation could be a post-login screen, with a "Yes I agree / No I do not" button instead of a checkbox though.
Recording the timestamp that they've agreed to should be enough I think, ie. It's safe to assume that someone's timestamp of 2021-06-01 01:02:03 will indicate that they've agreed to the 2021-05-01 policy, but not the 2021-07-01 version.
Note, that WordPress.org does not currently have a published TOS, this would probably go well with #957