stevejalim
commented
9 months ago @alexgibson Is there anything you'd like to add to this so far?
Open stevejalim opened 9 months ago
stevejalim
commented
9 months ago @alexgibson Is there anything you'd like to add to this so far?
alexgibson
commented
9 months ago @alexgibson Is there anything you'd like to add to this so far?
Only that we should use caution when adding third party embeds, and consult with legal first if we have questions. These iframes can often come loaded with cookies which need to adhere to our privacy policy, and they are also potential third party trackers (e.g. person logged in to social media site X loads one of our pages that contains an embed from X, which tells X that the person has visited our site).
In bedrock we currently only really use YouTube embeds, but we load these using their www.youtube-nocookie.com domain, and also only initiate loading third parts assets after a visitor has expressed an action to indicate they want to watch a video.
We support video embeds from Youtube and Vimeo right now, although no BB site is using them for the time being.
Vimeo uses only essential cookies and in theory we can use a no-cookie version of YouTube, but that will require custom work.
However, we should go further than that:
If we want to extend support to other providers beyond YouTube and Vimeo, we will need to review how we can do that in a privacy-preserving way.
We could extend support to include:
However, we'll need to do this in a way that definitely doesn't conflict with our privacy policy. This'll need a bit of research and discussion. Hat-tip to @alexgibson for pointing this out.
Footnote: embeds from Meta companies now need an API key, which is another factor to weigh here.