Developer Focused Privacy Updates in 5.2

WordPress 5.2 brings several improvements for developers working with Privacy Policy pages and data exports.

New Privacy Policy Page Helpers

Four new features have been added to make customizing and designing the Privacy Policy page easier:

  • A new function, is_privacy_policy(), can be used in conditionals to identify whether the current $wp_query is for the Privacy Policy page.
  • A new theme template file, privacy-policy.php, is used for rendering the page assigned as the Privacy Policy.
  • .privacy-policy has been added as a body class and is inserted when the currently rendered page is the Privacy Policy page.
  • .menu-item-privacy-policy has been added as a menu item class to specify the menu link that points to the Privacy Policy page.

Backwards Compatibility

The only backwards compatibility concern with using these new helpers is with the is_privacy_policy() function, which would trigger a Call to undefined function fatal error.

Themes and plugins that would like to support the is_privacy_policy() function in older versions of WordPress can use the following shim:

if ( ! function_exists( 'is_privacy_policy' ) ) {
    function is_privacy_policy() {
        return get_option( 'wp_page_for_privacy_policy' ) && is_page( get_option( 'wp_page_for_privacy_policy' ) );
    }
}

For more information, see #44005.

Loosened Tag Restrictions in User Data Exports

User Data exports no longer use a hardcoded list of allowed tags, limited to just <a> and <br>. They will now use the default list of allowed tags in wp_kses().

Furthermore, the code facilitating the export now passes a personal_data_export context to wp_kses(), so that the allowed tags and attributes can be filtered using the wp_kses_allowed_html filterFilter Filters are one of the two types of Hooks https://codex.wordpress.org/Plugin_API/Hooks. They provide a way for functions to modify data of other functions. They are the counterpart to Actions. Unlike Actions, filters are meant to work in an isolated manner, and should never have side effects such as affecting global variables and output. and checking for the personal_data_export context.

Here’s a filter example that adds support for the <sub> and <sup> tags to the personal data export:

function prefix_allowed_html_filter( $allowedtags, $context ) {
	// Only target personal data export.
	if ( 'personal_data_export' !== $context ) {
		return $allowedtags;
	}

	// Add support for the sub tag.
	if ( ! isset( $allowedtags['sub'] ) ) {
		$allowedtags['sub'] = array();
	}

	// Add support for the sup tag.
	if ( ! isset( $allowedtags['sup'] ) ) {
		$allowedtags['sup'] = array();
	}

	return $allowedtags;
}
add_filter( 'wp_kses_allowed_html', 'prefix_allowed_html_filter', 2, 10);

For more information, check out the documentation for the wp_kses_allowed_html filter.

See: #44044

#5-2, #core-privacy, #dev-notes, #privacy, #themes

#Core-privacy March update

This is a cumulative update for #core-privacy office hours and bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. scrubs held in March 2019.

Office hours are held every Wednesday at 19:00 UTC in the #core-privacy channel on Making WordPress SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/.. Bug scrubs are Mondays at 1600 UTC.

We have welcomed several new members into our channel, and were also delighted to welcome back @xkon and @javorszky 🙂

Ticketticket Created for both bug reports and feature development on the bug tracker. and bug scrub update

The team has shipped all of its enhancements for the 5.2 release: #44005, #44044, #44707, #44761, #44822, #44833, #44901, #45136, #45999, #46041, #46254, #46369, #43438, #44233, and #44876.

Props @desrosj, @birgire, @garrett-eclipse, @tz-media, @xkon, @cc0a, @itowhid06, @mmuhsin, @arena, @duckdagobert, @dejliglama, @afercia, @mukesh27, @iandunn, @pbiron, @allendav, @azaozz, @jesperher, @davidbinda, @ocean90, @mikejolley, @Clorith, @pento, @ianbelanger, @jplojohn, @joostdevalk

The remaining 5.2 work will focus on resolving a few bugs which reside outside of the component but have a privacy feature. These are the two i18ni18n Internationalization, or the act of writing and preparing code to be fully translatable into other languages. Also see localization. Often written with a lowercase i so it is not confused with a lowercase L or the numeral 1. Often an acquired skill. issues affecting privacy notifications (#44721 and #46056) and an improvement (#37782) to the Menus which introduces the Privacy Policy page as an important page in the list.

@garrett-eclipse worked with MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. to update the Privacy Policy to link to the Data Erasure Request page (meta: 4223) and remove Quantcast verbiage (meta: 4216), and to start work on introducing the Data Export Request page (meta: 4224).

The team has begun to flag privacy-related tickets which should be built as feature plugins with the `feature-pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party` manual tagtag A directory in Subversion. WordPress uses tags to store a single snapshot of a version (3.6, 3.6.1, etc.), the common convention of tags in version control systems. (Not to be confused with post tags.).

V2 Roadmap

The team’s 2019 roadmap has been published to Make. @postphotos wrote a blog post on Make announcing its publication and explaining how the team has structured the plan.

GithubGitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ repo

@postphotos has gained adminadmin (and super admin) access to the Github repo which we used for the V1 GDPR phase of our work. It has had no updates since 17 May of last year.

The team will now begin actively using the Github repo. The #core-privacy component maintainers have been given owner access to use it to build the feature plugins detailed in the V2 roadmap.

The existing pages on the repo from the V1 GDPR phase of the team’s existence will be retained on the repo and archived for reference.

Conference talks

Cross-project privacy cooperation

Please review and comment on the draft plugin privacy audit workflow drafted by @idea15 and Achilleas from the Joomla! privacy team.

The cross-privacy group will be participating in the Mozilla Open Leaders global sprint in May. It is essentially a virtual contributor dayContributor Day Contributor Days are standalone days, frequently held before or after WordCamps but they can also happen at any time. They are events where people get together to work on various areas of https://make.wordpress.org/ There are many teams that people can participate in, each with a different focus. https://2017.us.wordcamp.org/contributor-day/ https://make.wordpress.org/support/handbook/getting-started/getting-started-at-a-contributor-day/. or days focused on something over and above the usual ticket scrubs and doc updates. The #core-privacy team participants should brainstorm something fun to do in cooperation with the Drupal, Joomla, and Umbraco privacy teams to advance global internet health.

#core-privacy
#privacy

Core Privacy’s 2019 Roadmap Published

We are super excited and proud to announce the #core-privacy team’s V2 Roadmap, which was published last week.

  • We’ve worked through the roadmap for the past few months, focusing on building for general privacy enhancements rather than specific legal obligations.
  • We intend to enhance our existing tools (the Privacy Policy generator, export tool, and the erasure tool we built for the V1 GDPR phase) while also developing extended support for things like Embed Privacy Controls and WP-CLIWP-CLI WP-CLI is the Command Line Interface for WordPress, used to do administrative and development tasks in a programmatic way. The project page is http://wp-cli.org/ https://make.wordpress.org/cli/ support. We are, of course, keeping an eye on legal developments in the privacy sphere to learn what tools and enhancements we’ll need to build a little later on as the needs change.
  • Where possible, we’ll work to build out plugins first, in order to make development easier for features, and then offer them as a merge to CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress..

Let us know what you think of our roadmap! Share your feedback in the #core-privacy SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. channel.

As a friendly reminder, we are always looking for new contributors to our great little team. You can find our open Trac tickets here. We have bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. scrubs on Mondays at 1600 UTC and we meet for office hours on Wednesdays at 19:00 UTC.

#core-privacy

#core-privacy Office Hours Agenda – 27 February 2019

The following is the agenda for the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.-privacy weekly office hours meeting. The meeting is held every Wednesday at 19:00 UTC in the #core-privacy channel on Making WordPress SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..

Current items

Ticketticket Created for both bug reports and feature development on the bug tracker. and bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. scrub update

  • #44822, #46254, #44707 – ready to commit
  • #46056 and #44721 need testing
  • #43895 depends on #44845
  • #45999@desrosj to patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing.
  • #46169, #46170 – ongoing discussion on Google Fonts and performance/privacy issues
  • #46303 – email subjects in privacy export emails (@garrett-eclipse)
  • #46304 – break word for legibility (@garrett-eclipse)
  • 4205 – Privacy policy on Jetpack-activated sites
  • 4215 – DPO email address for .org
  • 4223 needs verbiage
  • 4216 is done
  • Any other tickets arising

V2 roadmap

  • Finalise and publish to Make
  • Identify work for feature plugins, including GDPR Request Form for a GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. (see #44013)

V1 repo housekeeping (Github)

Standing Items

Recent and upcoming WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more./conference privacy talks

Cross-CMS privacy working group report

#core-privacy

#core-privacy Office Hours Minutes – 13 February 2019

The following is a summary of the weekly coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.-privacy office hours held on 13 February 2019. Weekly privacy office hours are held every Wednesday at 19:00 UTC. A full transcript can be found here in the #core-privacy channel in the Make WordPress SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..

Participants: @desrosj @dejliglama @idea15 @pepe @lakenh @chriscct7 @postphotos

Adminadmin (and super admin) pointers

@desrosj has created a patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing. (#45999) to remove the admin pointers for the privacy features which were added in 4.9.6. The attendees agreed that the pointers’ usefulness peaked around the GDPR deadline time when the features were new, but they are no longer necessary.

Workplan for 5.2

The team agreed ten tickets to focus on for release 5.2, all of which are bugfixes or enhancements of existing tools.

The bugbug A bug is an error or unexpected result. Performance improvements, code optimization, and are considered enhancements, not defects. After feature freeze, only bugs are dealt with, with regressions (adverse changes from the previous version) being the highest priority. scrub for Monday 25 February will focus on 5.2 tickets, and the bug scrub for Monday 4 March will focus on component tickets marked awaiting review.

Component roadmap

@desrosj and @dejliglama have cleaned up the draft roadmap for the component’s work in 2019. The group will finalise all outstanding issues on the roadmap during office hours on Wednesday 20 February, and will post the final roadmap to Make.

Candidates for feature plugins

The roadmap process has included discussions of which new features would be best delivered as plugins. These include embed privacy controls, WP-CLIWP-CLI WP-CLI is the Command Line Interface for WordPress, used to do administrative and development tasks in a programmatic way. The project page is http://wp-cli.org/ https://make.wordpress.org/cli/ support, multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site support, and GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ blocks for data export and erasure requests.

Google Fonts

In response to privacy and performance concerns about Google Fonts (#46169, #46170), @pepe is creating a proof of concept patch to add a customizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. option to disable Google Fonts for the older (pre-Twenty Nineteen) default themes.

Upcoming WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more./conference privacy talks

Cross-CMS privacy working group report

The cross-project privacy team is creating a draft workflow to audit project plugins, modules, and extensions for best privacy practice. The workflow is designed to be adapted to each project’s specific needs. Please review and comment on the first draft.

#core-privacy

#core-privacy Office Hours Agenda – 6 February 2019

The following is the agenda for the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.-privacy weekly office hours meeting. The meeting is held every Wednesday at 19:00 UTC in the #core-privacy channel on Making WordPress SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/..

Current items

  • Discuss removing the adminadmin (and super admin) pointers for privacy features added in 4.9.6
  • Plan work for 5.2
  • Status update on component roadmap
  • Candidates for feature plugins
  • Discuss options for handling Google Fonts in the editor (#46169) and on older default themes (#46170)

Standing Items

  • Upcoming WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more./conference privacy talks
  • Cross-CMS privacy working group report

#core-privacy

(6 February meeting not held due to lack of participants – agenda moved to next week.)

Privacy Office Hour Notes: January 30, 2019

The following is a summary of the weekly Privacy office hours that occurred on January 30, 2019. Weekly privacy office hours are held every Wednesday at 19:00 UTC. A full transcript can be found here in the #core-privacy room in the Make WordPress Slack.

Attendees: @desrosj, @idea15, @garrett-eclipse, @dejliglama.

Here are the highlights of the meeting:

Roadmap

The items in the latest roadmap revision were discussed and reprioritized. Because of uncertainty with upcoming laws, existing items should be worked on until around the time of WCEU. The priorities were reorganized into the following order:

  • CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. Feature Privacy (things already in Core)
  • GravatarGravatar Is an acronym for Globally Recognized Avatar. It is the avatar system managed by WordPress.com, and used within the WordPress software. https://gravatar.com/. Privacy Controls
  • Embed Privacy Controls
  • GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ Blocks
  • WP-CLIWP-CLI WP-CLI is the Command Line Interface for WordPress, used to do administrative and development tasks in a programmatic way. The project page is http://wp-cli.org/ https://make.wordpress.org/cli/ Support
  • Multisitemultisite Used to describe a WordPress installation with a network of multiple blogs, grouped by sites. This installation type has shared users tables, and creates separate database tables for each blog (wp_posts becomes wp_0_posts). See also network, blog, site Support

All other items were moved to the back burner.

Roadmap update will soon be published on https://make.wordpress.org/core/roadmap/privacy/

Other Items/Open Floor

  • @dejliglama was officially championed as a privacy component maintainer.

The next weekly privacy office hours will be held on Wednesday, February 6, 2019, at 19:00 UTC in the #core-privacy room in the Make WordPress Slack.

#core-privacy, #privacy

Privacy Office Hours Agenda: January 30, 2019

The following is the agenda for the privacy weekly office hours meeting. The meeting is held every Wednesday at 19:00 UTC in the #core-privacy room of the Making WordPress Slack.

  • Tie the roadmap into TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. and the other priorities for the year.
  • Resolve any outstanding comments, uncertainties, etc.
  • Get it out of a Google Doc and onto Make – here we go into the “who has permissions for what” thing again!
  • Sequencing upcoming work on the roadmap so that contributors focus on one key aspect at a time. It currently reads as a backlog.
  • Working in GithubGitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ vs. Trac for yet to be shipped in coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.
  • Cross Project Work
  • Ticketticket Created for both bug reports and feature development on the bug tracker. candidates for closure.
  • Discuss removing the adminadmin (and super admin) pointers for privacy features added in 4.9.6.

#core-privacy, #privacy

Privacy Office Hour Notes: January 23, 2019

The following is a summary of the weekly Privacy office hours that occurred on January 23, 2019. Weekly privacy office hours are held every Wednesday at 19:00 UTC. A full transcript can be found here in the #core-privacy room in the Make WordPress Slack.

Attendees: @desrosj, @garrett-eclipse, @postphotos, @riankinney, @birgire.

Here are the highlights of the meeting:

WordPress 5.1 Related Items

The full WordPress 5.1 release schedule can be found here

  • At the time of the meeting, 13 privacy component or focus tickets had been committed for release in 5.1 on February 21, 2019. Thanks to everyone that contributed to the final push to land additional tickets in 5.1.
  • Moving forwards, only tickets addressing bugs or regressions only in trunk will be considered.
  • With 5.1 closed for Privacy items, attention should shift to the Privacy component and focus tickets in the 5.2 milestone. There are currently 8 and all but 1 has an owner assigned. More can be added if they are ready.
  • Moving forward, all Privacy tickets should have an owner when being added to a numbered milestone (not Future Release). This will help ensure Privacy tickets are not punted release to release and contributors have a clearer focus.

New TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. Keywords

Two new privacy-related keywords can be found in the Trac keyword dropdown field (see Meta-3896). These keywords (needs-privacy-review, has-privacy-review) need to be added and detailed in two locations to encourage proper use:

  1. The privacy component page on Make WordPress.
  2. The Trac Workflow Keywords page in the WordPress Core Handbook.

After some wordsmith work from attendees, the following descriptions are being proposed:

  • needs-privacy-review: Input is needed from the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. privacy team with regards to the privacy implications of the suggested changes.
  • has-privacy-review: Input has been given from the core privacy team reviewing the privacy implications of the suggested changes.

Barring any feedback in the #core-privacy room on the Make WordPress SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. or in the comments below, these keywords and descriptions will be added to those locations.

Open Floor

  • #45999 was re-raised by @garrett-eclipse for feedback. The main concern expressed was “Is removing these pointers in 5.2 too soon?” Some research needs to be done to see what Core has deemed an acceptable timeline for removal in the past.
  • As items on the V2 start to be tackled, work for this should be done using GitHubGitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/.
  • Smaller, single feature focused plugins is preferred. But, there will be some features that are too closely related to build in isolation.
  • The pre-existing WordPress Privacy group on GitHub should also be utilized.

The next weekly privacy office hours will be held on Wednesday, January 30, 2019, at 19:00 UTC in the #core-privacy room in the Make WordPress Slack.

#privacy

Privacy Office Hour Notes: January 16, 2019

The following is a summary of the weekly Privacy office hours that occurred on January 16, 2019. A full transcript can be found here in the #core-privacy room in the Make WordPress Slack.

Attendees: @desrosj, @garrett-eclipse, @dejliglama, @postphotos.

Here are the highlights of the meeting:

WordPress 5.1 Related Items

The full WordPress 5.1 release schedule can be found here

  • At the time of the meeting, 9 privacy component or focus tickets had been committed for release in 5.1 on February 21, 2019.
  • There were 6 privacy component or focus tickets remaining in the 5.1 milestone that needed to be committed or punted by the 5.1 BetaBeta A pre-release of software that is given out to a large group of users to trial under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product; however, design changes often occur as part of the process. 2 release on Tuesday, January 21, 2019.
  • That list of 6 had been scrubbed the previous Monday (January 14).

Open Floor

  • @idea15 mentioned that @xkon and herself have volunteered to represent the privacy team as participants in the cross-CMS privacy group.
  • The discussion was reopened about expanding the Privacy component to a recognized team with more responsibilities. @postphotos had a discussion with @chanthaboune at WCUS. The main suggestion was to make sure office hour summaries and agendas are regularly posted. Clearer momentum and documentation, as well as a larger contributor base, are also huge pluses.
  • Moving forward in the near term, new privacy features are going to be developed as plugins so they can be quickly iterated on and improved. Bug fixes to existing privacy features in WordPress CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. and newly discovered issues that need to be addressed can continue to take place in TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress..
  • @garrett-eclipse mentioned that in some recent Trac gardening he marked a few tickets with the close keyword and would like second opinions. Those tickets are #43958, #44161, and #44464.
  • #45999 was created to explore removing the privacy adminadmin (and super admin) pointers added in 4.9.6.
  • Some attendees expressed that they were currently finding it difficult to find time to contribute. @desrosj suggested investigating better ways to divide parts of initiatives and tasks to ensure work continues even when time for contributing is inconsistent or uncertain.

The weekly privacy office hours are held every Wednesday at 19:00 UTC in the #core-privacy room in the Make WordPress Slack.

#core-privacy, #privacy