Carike 5:46 pm on July 25, 2020
Tags: core-privacy ( 49 )

Open Agenda Item: #core-privacy and Gutenberg

The Difficulty: GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ development happens on GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/, instead of on TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. (which allows for “needs-privacy-review” to be added to the workflow of any ticketticket Created for both bug reports and feature development on the bug tracker.). This makes it very difficult for other teams to keep up with changes that have a potential significant impact on their team. The Gutenberg repository is huge and it is simply not possible for those working on smaller teams to keep up with all issues / PRs while trying to run their own teams and dealing with other responsibilities.

Other Solutions We Have Considered: We have considered subscribing the #core-privacy channel on SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. to GitHub. The rest-api channel did this, but it leads to some flooding and does not work when labels are added later on (which would usually be the case with privacy).

So What Do We DO? All triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. volunteers on the Gutenberg repository on GitHub should please consider whether a particular issue touches on any of the following. If it does, the issue should not proceed / the PR should not be committed, before the Privacy team has been given a meaningful opportunity to consult. If you find such an issue, please post a link here, so we can have a look. Please also make use of the #core-privacy channel on Slack if you need our help. We rely on the Gutenberg triage volunteers’ assistance in this matter.

Issues / PRs that are considered to affect privacy:

1. If the issue / PR suggests that an external call should be made from the site owners’ WordPress installation to any other external site (whether PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 5.6.20 or higher / JavaScriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. / CSSCSS Cascading Style Sheets.), even if this site is WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/;

2. If an account with a third party would be needed in order to utilize any functionality (basically SaaS – I do not expect that this is likely to happen, but I am including it here for the sake of completeness);

3. Calls to any APIs (including, but not limited to calls to external APIs for the purposes of updates);

4. Use of any remote assets (e.g. images / JavaScript libraries / fonts hosted elsewhere);

5. Any cookies are proposed / use of local browser storage, or similar;

6. If the editor proposes to write any information to the DB (other than content like posts explicitly generated by the user);

7. If new Custom Post Types are proposed;

8. If new custom tables are proposed;

9. If any PPI (Protected Personal Information) may be stored;

10. If any e-mails will be sent by the code;

11. If there will be any advertisements in wp-adminadmin (and super admin) (again, not something I think is likely, just including it for completeness);

12. If any backlinks are requested (again, probably unlikely for Gutenberg).

Please also report any items not listed here, which you think may affect the privacy component.

Thank you for your co-operation and transparency in this matter.

Joy 8:45 pm on July 25, 2020

Was the privacy team consulted for blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. patterns that are going into 5.5? They are storing the images on s.w.org (see ticketticket Created for both bug reports and feature development on the bug tracker. #50727) so that hits items 1 and 4, doesn’t it?
- pepe 1:11 am on July 26, 2020
  
  Not to my knowledge, no.
- Carike 7:13 pm on July 29, 2020
  
  Thanks, @joyously!
  I will try to have a look soon.
arena 11:27 pm on July 25, 2020

Privacy by design has to spread all over WP components,
not limited in a privacy component and not limited to an editor

api.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ In wp 5.4 (Mar 2020), api.wordpress.org is referenced 18 times in the code [http://(12), https://(6)].
Emojis If allowed, the emojis images are provided by the following site : s.w.org
Avatars If allowed, avatarAvatar An avatar is an image or illustration that specifically refers to a character that represents an online user. It’s usually a square box that appears next to the user’s name. images are provided by default by the following site : 2.gravatar.com ( Displayed in adminadmin (and super admin) settings even if not allowed ! 🙂
xmlrpc, rest apiREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/. enabled by default (potential data breach ?)

and maybe heartbeat monitoring human activity enabled by default

fonts.googleapis in themes 2012, 2013, 2014, 2015, 2016, 2017,
and in script-loader.php

new icon component (replacing dashicons) to be audited … https://wptavern.com/wordpress-dashicons-project-to-discontinue-development-in-favor-of-new-icon-component

Just to name a few
- pepe 11:01 am on July 26, 2020
  
  Yes, but we cannot, unfortunately, fix legacy code with the touch of a button. There are existing TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. tickets for most of these things and for new functionality, we are alerted with `needs-privacy-review` tagtag A directory in Subversion. WordPress uses tags to store a single snapshot of a version (3.6, 3.6.1, etc.), the common convention of tags in version control systems. (Not to be confused with post tags.). Unfortunately, GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ is different in that development discussion does not happen on Trac and we therefore need a different mechanism – that’s what this post is about.
  - arena 2:12 pm on July 26, 2020
    
    Was not expecting to get this fixed with ‘the touch of a button’, there is a lot of work to be done. TRACTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. tickets are just pinpointing local issues with a lack of global consistency.
    May be for GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ (or any blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. editor) privacy by design approach should classify blocks (from non intrusive to intrusive) and provide a way to revoke some if not all the intrusive ones. To be addressed to the Gutenberg team ?
    - Carike 7:14 pm on July 29, 2020
      
      What @pepe said.
      If you notice tickets on CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. that relate to privacy, please do tagtag A directory in Subversion. WordPress uses tags to store a single snapshot of a version (3.6, 3.6.1, etc.), the common convention of tags in version control systems. (Not to be confused with post tags.) them with the needs-privacy-review workflow tag.
      Thanks, @arena! 🙂
Darren Ethier (nerrad) 3:26 pm on July 26, 2020
Thanks for taking the time to write this post! I have a few questions:
- Would adding a label to the GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ repository for issues potentially touching on privacy concerns assist here?
- From the title of this post “Open Agenda Item…” does that mean this post is intended as a proposal for further discussion, or is it intended as a directive from the privacy team? (I’m hoping the former). If the former, which meeting is this intended to be discussed in?
- For all the points listed to aid with knowing what should be brought to the attention of the privacy team, could you provide some clarity around why it is important? I realize some may have more obvious reasons than others. For instance, point 3 is a bit ambiguous as “calls to any APIs” could refer to anything from REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/. resources to APIs in the code. Also in the case of REST API requests to the host site (as opposed to offsite), how is that something privacy related – or there any further distinctions on what would be a signal needing further evaluation? As is, imo point 3 is simply too broad.
- Andrei Draganescu 3:02 pm on July 29, 2020
  I will add my 2 cents here:
  - sending calls in itself to an external APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. is not a privacy breach in itself, is it?. The problem is to audit the calls and see if any personally identifiable information is sent OR if any fingerprinting can be done based on the sent data.
  - loading resources from external domains poses the same problems: is the resource loaded with the minimum amount of headers sent? Could the request be used to fingerprinting?
  - probably the same for cookies, are they functional or do they work for tracking and identification?
  Also, I wonder if flagging every singe instance when calls are made to the WordPress REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/. wouldn’t just bog down the Privacy team with useless work? Wouldn’t audits based on new features work better? In this case, the new things in a release are usually know ahead of time here on coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. blogs so looking at any potential privacy concerns just for new features looks possible and more feasible.
  
  As for catching issues at development time, I think @nerrad ‘s suggestion to have a privacy related label in the GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ repository is best. There is a difference when doing triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. focused on some aspect or general triage. In general triage privacy or accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility) aspects may be missed. Teams that do focused triage cam more easily identify if the issue is related to the focus.
  - pepe 7:21 am on July 30, 2020
    
    The IP address is considered personal information under (at least) the GDPR, so yes, any external call (whether to an APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. or for loading resources,) is an issue, because personal data is always transmitted.
    - Andrei Draganescu 9:06 am on July 30, 2020
      
      I won’t contradict you but there is in my memory a principle of triangulation, as in it’s not readily possible for, say w.org to identify _me_ personally only using my IP.
      - pepe 7:51 pm on July 31, 2020
        
        Yes, you need to be able to use ”legal means” to link IP address to an identity, but these almost always exist (e.g. you can get a subpoena for the ISP, or Google’s or Facebooks extensive dataset linking IPs to your accounts).
        
        BTW: WP.org can certainly identify you if you have a WP.org account. At least you’d have to assume they could, so act accordingly as a website owner.
        
        pepe 7:57 pm on July 31, 2020
        
        Also, the court case was before GDPR IIRC. Since possible indirect identification of a natural person (through various characteristics) is sufficient, I don’t think there are any situations where left where the IP address of an individual would not be considered personal data.
- Carike 7:29 pm on July 29, 2020
  :wave: @nerrad
```
Would adding a label to the Gutenberg repository for issues potentially touching on privacy concerns assist here?
```
  Yes, it would. A lot. We still need to figure out a way to integrate this into a .org workflow though.
```
From the title of this post “Open Agenda Item…” does that mean this post is intended as a proposal for further discussion, or is it intended as a directive from the privacy team? (I’m hoping the former). If the former, which meeting is this intended to be discussed in?
```
  By “open agenda item” I mean that tickets that are raised here (such as the one Joy raised) are considered agenda items for privacy office hours.
```
For all the points listed to aid with knowing what should be brought to the attention of the privacy team, could you provide some clarity around why it is important? I realize some may have more obvious reasons than others. For instance, point 3 is a bit ambiguous as “calls to any APIs” could refer to anything from REST API resources to APIs in the code. Also in the case of REST API requests to the host site (as opposed to offsite), how is that something privacy related – or there any further distinctions on what would be a signal needing further evaluation? As is, imo point 3 is simply too broad.
```
  We mainly care about calls to external APIs to be able to comment on their Terms of Service. 🙂
  However, we will be documenting various privacy-related matters over the coming months (for the purpose of a feature pluginFeature Plugin A plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See Features as Plugins. to help site owners and administrators choose an appropriate privacy risk profile for their site and the associated settings) and being aware of any new APIs created by the code is important for that.
  We don’t intend to be prescriptive or combative. While there will definitely be issues where we will have more of a stake, I foresee new REST APIREST API The REST API is an acronym for the RESTful Application Program Interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data. It is how the front end of an application (think “phone app” or “website”) can communicate with the data store (think “database” or “file system”) https://developer.wordpress.org/rest-api/. endpoints, for example, as more of an FYI (“you” being the privacy team) type of scenario.
  If the volumes for that become too significant, then we should re-evaluate.
  - Darren Ethier (nerrad) 7:42 pm on July 29, 2020
    
    Thanks for the reply and clarifications @carike!
    
    I applaud the intent and motivation behind your post. I’d like to try and articulate what I read as the intent here. This is not intended to put words in anyone’s mouth, or speak on behalf of anyone, it’s just to make sure I’m understanding correctly the motivation and intent behind the post (so I’m writing in the voice of that perspective). Keep in mind the following paragraph is my understanding of the motivation (not getting to solutions yet):
    
    As the privacy team, we are working on ways to surface tools and utilities for site owners of WordPress based sites that help them be aware of and manage privacy related data on their sites. As a part of that effort, we monitor WordPress tracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. for changes that touch on privacy concerns and would like to do the same for GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ but find it difficult to do that given the rapid development and unfamiliarity with the repository. We would like to have insight into things that touch on privacy concerns as they surface on Gutenberg so that we can include them in our team meetings and contribute to discussions on those issues. We need help in surfacing those issues.
    
    Does that accurately capture the motivation and intent?
    
    I think it’s important we capture what the privacy team needs before we get to any solutions on how those needs are met. I’m wary of the current “solution list” because it comes across as a directive for folks triaging Gutenberg issues in a way that might not really help anyone reach their goals. I think if we could first capture really well the problem and make sure folks are on the same page with that, then we can solicit ideas from others on how to solve that problem so that the privacy team is best equipped to solve it. I think this could also help make things clear to other teams that might be participating in helping that problem get solved.
    - Carike 8:09 pm on July 29, 2020
      
      I think that captures the intent very well 🙂
      
      The problem is that tickets (some of them proposing sending data about [individual installations] to non-.org sites) are currently only being reviewed by GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. volunteers and that there is no communication with the privacy team in this regard. I am sure you can understand that that does not inspire trust and (cross-)team spirit.
      GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ presents a significant barrier to entry as it is very intimidating to non-developers.
      Everyone on .org should be able to comment on development aspects – even if it is just expressing their needs. Patches are not the only means of contributing (definitely an important part, but not the only part).
      
      I am not okay with spending months debating the perfect solution – and myself and others on the privacy team simply do not have the capacity to review thousands of issues on a non-.org resource to find those that may (or may not, but sometimes just determining that means taking a look at the substance of the issue / PR / ticketticket Created for both bug reports and feature development on the bug tracker.) affect the team.
      
      The items above were taken from the proposed disclosures for plugins in the proposed disclosures.jsonJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. file. Not all of them will be applicable to GB, nor will all of them be applicable to the same degree.
      If there are items you strongly disagree with, those are actually ones that are really worth-while taking a look at (at least a few actual examples), since that will really help to refine processes. 🙂
      
      Cross-team collaboration simply can’t wait till that is perfectly in place though. :coffee:
      - Andrei Draganescu 8:17 am on July 31, 2020
        
        @carike while I think I understand and agree with the efforts to standardize collaboration, and to establish good privacy practices, I wonder why do you see GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ as a separate thing?
        
        Gutenberg is coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.. The pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party is a way to test things before being merged (like all feature plugins). If the privacy team feels empowered to use TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. to triagetriage The act of evaluating and sorting bug reports, in order to decide priority, severity, and other factors. a part of core’s codebase it can transfer that empowerment to GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ as well.
        
        The Gutenberg team should not be, in my personal opinion, a catch-all team that handles design, coding, architecture, privacy, accessibilityAccessibility Accessibility (commonly shortened to a11y) refers to the design of products, devices, services, or environments for people with disabilities. The concept of accessible design ensures both “direct access” (i.e. unassisted) and “indirect access” meaning compatibility with a person’s assistive technology (for example, computer screen readers). (https://en.wikipedia.org/wiki/Accessibility), usability, extensibility, backwards compatibility, and so on, for an arbitrary section of WordPress … It’s a team that is stretched enough with building a 1st class blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. editor.
        
        Triage of Gutenberg issues will always be ,focused on a perspective of advancing the block editor. Privacy focus is something that the Privacy team should feel enabled to do and handle across the entirety of WordPress. Having a second repository should not be such a blockerblocker A bug which is so severe that it blocks a release.. As a joke, if I may, it’s not like we need to fly a plane between to URLs on the Internet.
        
        If the team is too small we should focus on recruiting more privacy interested people from the WordPress ecosystem not to externalize work to another team (the editor team in this case).
        
        The fact that there should be more inter-team communication is so true that it feels like it doesn’t help. Of course there should be.
        GitHub presents a significant barrier to entry as it is very intimidating to non-developers.
        
        How can we make it so that the community leans in GitHub more? There has to be something about it that makes it so popular. There are books written on GitHub, look at this repo https://github.com/github/opensource.guide on how to make open sourceOpen Source Open Source denotes software for which the original source code is made freely available and may be redistributed and modified. Open Source **must be** delivered via a licensing model, see GPL. for example. These folk are not all programmers.
        Everyone on .org should be able to comment on development aspects – even if it is just expressing their needs.
        
        Yes to that. An issue in GitHub can be anything really. It can be akin to a forum open question, it can be an overview of a plan, it can be a question! There even is a question label afaik. So, there is no blocker or gate being closed in commenting on any aspect of Gutenberg, right there where the bricks are laid. You may even open a Track ticketticket Created for both bug reports and feature development on the bug tracker. and reference it in an issue on GH.
        
        Ok, sorry for the long reply. The gist is:
        
        Gutenberg is core
        
        having a separate repo and repository management for a huge WordPress component is not a blocker towards collaboration
        
        teams should help themselves to grow and flourish and if they encounter blockers while doing so, we should all be made aware of such blockers – not externalize domain specific work to other teams with other focuses.
        
        🙂
        
        pepe 7:52 pm on July 31, 2020
        
        GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ is different because it uses a different development process than the rest of CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress..
        
        Carike 6:21 pm on August 5, 2020
        
        GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ is different because you cannot sign in to it by simply using your WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ account.
        Non-developers are not keen to sign up for other services (even SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. is a challenge), especially if they don’t look and feel like WordPress.
Carike 6:23 pm on August 5, 2020

https://github.com/WordPress/gutenberg/issues/23812

Comments are closed.

Welcome!

Communication

Open Agenda Item: #core-privacy and Gutenberg

Welcome!

Communication

Share this: