馃殌 [Feature] Privacy by design for embedded content
Created by: Tirokk
Authored by sushidave
馃殌 Feature
This is step 2 of 2 to enhance data privacy for embedded content of third party providers. The 1st step is #3657 (closed)
Privacy by design: Third party content providers should not get any user data due to embedded content unless users opt-in - by agreeing to load third party content or unless they click on a link.
User Problems
Currently, user data is shared with third party providers even if the user has not agreed to display embedded content. This also applies to other providers than those listed in the account settings.
For videos:
The embed code shows that the preview image has been loaded from a third party provider.
For videos, this contradicts to what is shown to the user:
Other content:
Content from providers not listed in the account settings is embedded by default too, so user data is disclosed to those providers as well.
Implementation
Implement privacy by design and a consistent opt-in policy.
For embedded content if the user disagreed to display embedded content:
-
Neither load any data from third party providers nor display it. -
Applies to all third party content, not just those providers listed in the account settings. -
Instead show the existing warning box. -
Crop the box to fit the warning content. -
Additionally, show the link to the third party provider's content. -
Change the text, see screenshot: -
If the user agrees the embedded third party load and display the content.
Design & Layout
If the option for displaying embedded content is set to "No thanks" show the warning box instead of a content preview:
If the user clicks on 'Continue' show the embedded content:
Validation
Comply with privacy by design.
Additional context
This is step 2 of 2 to enhance the data privacy for embedded content. The 1st step is #3657 (closed).
To Dos
-
Create an issue for comment https://github.com/Ocelot-Social-Community/Ocelot-Social/issues/3658#issuecomment-1236948496