Open Tirokk opened 3 years ago
FYI - Individual workaround until this feature is implemented:
This is not a general workaround covering all users but it requires an action by the individual user.
@roschaefer Is it correct that in the example above user data is shared with the third party provider due to the URL of the image tag?
As discussed with @Tirokk
@Tirokk Can I work on this issue?
@ogerly here the data privacy warning is not shown anymore, says @sushidave . See screen shot above. Or have we removed it?
Could you have a look on this?
Because if we show the preview the content provider gets information from the user, says @sushidave , what shouldn't happen. Or?.
@Tirokk Can I work on this issue?
Yes, you can !!! ππΌ @sushidave
@Tirokk and I discussed two alternative solutions:
Decision:
:rocket: Feature
This is step 2 of 2 to enhance data privacy for embedded content of third party providers. The 1st step is #3657
Privacy by design: Third party content providers should not get any user data due to embedded content unless users opt-in - by agreeing to load third party content or unless they click on a link.
User Problems
Currently, user data is shared with third party providers even if the user has not agreed to display embedded content. This also applies to other providers than those listed in the account settings.
For videos:
The embed code shows that the preview image has been loaded from a third party provider.
For videos, this contradicts to what is shown to the user:
Other content:
Content from providers not listed in the account settings is embedded by default too, so user data is disclosed to those providers as well.
Implementation
Implement privacy by design and a consistent opt-in policy.
For embedded content if the user disagreed to display embedded content:
Design & Layout
If the option for displaying embedded content is set to "No thanks" show the warning box instead of a content preview:
If the user clicks on 'Continue' show the embedded content:
Validation
Comply with privacy by design.
Additional context
This is step 2 of 2 to enhance the data privacy for embedded content. The 1st step is #3657.
To Dos