Privacy Office Hour Notes – January 9th, 2019

Huge thank you to all who attended the very productive office hours! The recap notes are a bit delayed, but they were not forgotten! A full agenda can also be found in an earlier post, and the full transcript can be found in Slack.

Here are the highlights of the meeting:

Agenda Item 1 – Roadmap Review

  • @idea15 reminded us that there is a more recent version of the Roadmap.
    • @desrosj will investigate how to give more maintainers access to update the roadmap page.
  • @lakenh mentioned Trac issue #44161, regarding IP addresses stored within the usermeta table.
    • @xkon provided an example of a user meta session token, and it contained both a user agent and IP address.
    • @lakenh also discovered that the community-events-location user meta field also contains a full IP address.
      • He also suggested perhaps anonymizing that particular IP by dropping the last few places as the geographical location shouldn’t change by much.
    • @desrosj then asked if these fields were accounted for within the original data export/erasure tools.
      • @garrett-eclipse delivers the bad news that they were not.
      • Ticket to track this issue has been opened, #45889.

Agenda Item 2 – 2019

  • @idea15 gave an update on the cross-project privacy group which broke ground at Drupal Europe. Joomla’s Glip (similar to WordPress’ Slack) now has representatives from this WordPress Privacy team, Drupal, Joomla, Typo3, Umbraco, as well as other industry representatives who are all providing aid to make all CMSs have great privacy features built-in.
  • @desrosj helped to set expectations for what privacy-related changes are acceptable moving forward based on a recent discussion in #core-committers. Small enhancements and bug fixes will generally be OK to include in new releases with little oversight. Larger enhancements will need approval by version release leads.
  • Brainstorm session for how the team’s goals and the greater WordPress project’s goals overlap in 2019.
    • @desrosj suggested the following three areas of being places that we can help out:
      • Providing a way for users to opt-in to automatic plugin and theme updates.
      • Providing a way for users to opt-in to automatic updates of major Core releases.
      • Building a directory for discovering blocks, and a way to seamlessly install them.
    • @desrosj also suggested Health Check as a possible area, as perhaps there are some server level privacy checks that could be built in.
      • @clorith expressed that the team was open to any ideas and that privacy features for Health Check can be created as GitHub issues on its repo for consideration.

#core-privacy, #privacy