Support » Requests and Feedback » The respect of plugins/themes guidelines

  • Paride15

    (@paride15)



    Hi,
    Just a question:
    the 7 point of developer’s guidelines, it’s about the prohibition of make call towards external server.

    But in the Wp themes/plugins directory i found many plugins that embed social widget, video, analytics who set profilant cookie or cdn without user’s consent.

    How is It possibile? There is a regular control of plugins and themes in the Wp directory?

    Thanks and sorry for my english

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator t-p

    (@t-p)

    Please Contact:

    Plugin Review Team can be reached by email at plugins@wordpress.org, or via the #pluginreview channel on Slack. You’ll need to join that channel.

    Theme Review Team can be reached at #themereview channel on Slack. You’ll need to join that channel. Ask slackbot “How do I join a channel.” – themes@wordpress.org

    • This reply was modified 2 months ago by  t-p.
    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    the 7 point of developer’s guidelines, it’s about the prohibition of make call towards external server.

    Without asking for user opt-in: YES.

    Please contact the emails t-p listed with the details.

    Paride15

    (@paride15)

    @t-p, thanks, i’ve already tried to contact WP, but not with these addresses. Many thanks for answer.

    @jdembowski, yes i mean without the user’s consent. Many thanks for answer.

    Some times i’ve adviced about this the authors, but seems they dosen’t understand the rule (my english could be the problem), they are convinced about this:

    If they dosen’t collect data
    directly, it’s ok instal third part
    profiling cookie or cdn without know which data are collect and for wich purpose.

    Probably they ignore that do it, these third part profiling cookie or cdn, are setted by tutorial video, social widget ecc… in the backend.

    I really appreciate the developer’s work, i’m developer too, i know how much work there are behind themes and plugins. But ignore this rule expose the site owner (that trust in the guidelines rules) to important fine for privacy issue. Especially in Europe.

    • This reply was modified 2 months ago by  Paride15.
    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    It’s tricky and complicated.

    For example: if I write a plugin and it

    1. Collects data
    2. Sends it to my server or some other server used by me
    3. Does this by default and doesn’t let the user (the WordPress site owner) know or opt-in

    Then I’m really doing something wrong. The plugin guidelines is very clear about that.

    If my plugin

    1. turns all of that off by default
    2. informs the site owner clearly what data is being collected
    3. why it’s being collected
    4. how long it’s retained
    5. Permits collection to stop at any time

    Then that could be fine for a plugin. The WordPress site owner can turn that on and off as desired and is educated before they do enable that data collection.

    Social media plugins are where it gets complicated. If the plugin is an interface to Facebook, Twitter, etc. then that becomes messy. The plugin author doesn’t necessarily know what those services are gathering.

    *Drinks coffee*

    Like I wrote, it’s complicated. 😛

    Paride15

    (@paride15)

    I’m starting to understand the 7 point. The social media question is really hard, probally i would ban the social media embeed in plugin, if that won’t ask consent. But it’s just my opinion.

    Thanks for answer and your informations Jan

Viewing 5 replies - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.