Title: gessel's Replies | WordPress.org --- # gessel [ ](https://wordpress.org/support/users/gessel/) * [Profile](https://wordpress.org/support/users/gessel/) * [Topics Started](https://wordpress.org/support/users/gessel/topics/) * [Replies Created](https://wordpress.org/support/users/gessel/replies/) * [Reviews Written](https://wordpress.org/support/users/gessel/reviews/) * [Topics Replied To](https://wordpress.org/support/users/gessel/replied-to/) * [Engagements](https://wordpress.org/support/users/gessel/engagements/) * [Favorites](https://wordpress.org/support/users/gessel/favorites/) Search replies: ## Forum Replies Created Viewing 11 replies - 1 through 11 (of 11 total) * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[ActivityPub] “Awaiting approval” problem but tests seem OK](https://wordpress.org/support/topic/awaiting-approval-problem-but-tests-seem-ok/) * Thread Starter [gessel](https://wordpress.org/support/users/gessel/) * (@gessel) * [3 years, 5 months ago](https://wordpress.org/support/topic/awaiting-approval-problem-but-tests-seem-ok/#post-16375107) * oops, spoke too soon, definitely back to the same. An odd artifact where the user icon was successfully pulled quickly passed and it no longer does. 🙁 * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[ActivityPub] “Awaiting approval” problem but tests seem OK](https://wordpress.org/support/topic/awaiting-approval-problem-but-tests-seem-ok/) * Thread Starter [gessel](https://wordpress.org/support/users/gessel/) * (@gessel) * [3 years, 5 months ago](https://wordpress.org/support/topic/awaiting-approval-problem-but-tests-seem-ok/#post-16333880) * It seems to be working now. Not sure how, but it fixed itself. Happy New Year! * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[WP Statistics – Simple, privacy-friendly Google Analytics alternative] No more data collection since 13.1 upgrade](https://wordpress.org/support/topic/no-more-data-collection-since-13-1-upgrade/) * [gessel](https://wordpress.org/support/users/gessel/) * (@gessel) * [4 years, 9 months ago](https://wordpress.org/support/topic/no-more-data-collection-since-13-1-upgrade/#post-14885712) * On my installs (2x) data collection stopped on 5 September. I don’t see any obvious record of an upgrade or change that would have caused it. Everything else seems normal. I, too, would prefer not to delete all and restart. * Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) In reply to: [bad new editor in wordpress 5](https://wordpress.org/support/topic/bad-new-editor-in-wordpress-5/) * [gessel](https://wordpress.org/support/users/gessel/) * (@gessel) * [7 years, 4 months ago](https://wordpress.org/support/topic/bad-new-editor-in-wordpress-5/#post-11135856) * OMG, it is so, so, so horrible. It is pretty much catastrophically bad. Fortunately you can easily find thousands of hits with the search “wordpress block editor is horrible,” and the vast, vast swell of people who are just flabbergasted by this abomination created a pretty straight forward path to finding a solution. Now just to make the classic editor default and this misery something people need to search to inflict upon themselves. The classic-editors 1M+ downloads speaks volumes about the popularity of the block editor. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[WP2Social Auto Publish] Class ‘DOMDocument’ not found, xyz-functions.php line 144](https://wordpress.org/support/topic/class-domdocument-not-found-xyz-functions-php-line-144/) * Thread Starter [gessel](https://wordpress.org/support/users/gessel/) * (@gessel) * [8 years, 5 months ago](https://wordpress.org/support/topic/class-domdocument-not-found-xyz-functions-php-line-144/#post-9825491) * Thanks, that was the trick. On FreeBSD: `# cd /usr/ports/lang/php56-extensions/&& make install clean` Does the trick. Use `# make config` to choose which modules to install. - This reply was modified 8 years, 5 months ago by [gessel](https://wordpress.org/support/users/gessel/). Reason: marking as resolved * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[TablePress - Tables in WordPress made easy] Add new or copy table > 500 error](https://wordpress.org/support/topic/add-new-or-copy-table-500-error/) * Thread Starter [gessel](https://wordpress.org/support/users/gessel/) * (@gessel) * [8 years, 5 months ago](https://wordpress.org/support/topic/add-new-or-copy-table-500-error/#post-9822423) * Tobias, * Thanks for responding, but no… I really don’t have a clue. I turned on debugging to get a bit more data and… the problem went away, everything loaded as normal. Turning off debugging doesn’t seem to have brought it back. Maybe there was an update going on in the background? Possible, there was one plugin that reported it needed to be updated that had completed on a later check. :/ * anyway, thanks for the awesome plugin. * Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/) In reply to: [[TablePress - Tables in WordPress made easy] Add new or copy table > 500 error](https://wordpress.org/support/topic/add-new-or-copy-table-500-error/) * Thread Starter [gessel](https://wordpress.org/support/users/gessel/) * (@gessel) * [8 years, 5 months ago](https://wordpress.org/support/topic/add-new-or-copy-table-500-error/#post-9822169) * Weird, turned on debugging, reloaded the page, no problem. Very odd… Anyway, NP now. * Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) In reply to: [Privacy: web fonts in particular](https://wordpress.org/support/topic/privacy-web-fonts-in-particular/) * Thread Starter [gessel](https://wordpress.org/support/users/gessel/) * (@gessel) * [11 years, 11 months ago](https://wordpress.org/support/topic/privacy-web-fonts-in-particular/#post-5113735) * Ipstenu, thanks – Lightbeam failed me on Gravatar. I turned off Gravatars in the UI and saw the connection still shown in Lightbeam. Testing later, I found it was polling for the favicon that Lightbeam itself was using to display the connection. Oops. * The updates to w.org would be non-threatening to visitors, though consistent with respecting the privacy of WordPress installers, it should be possible (though obviously a security risk) to disable any callbacks through the UI. * That leaves only the one font call, which, ultimately, is a trivial fix and can hopefully be implemented promptly. * I’d suggest that a privacy disclosure be required for the core and all plugins. I’d suggest that a simple administration page enumerate any calls to third parties by the core and any plugins that call third parties (either at all or by third party) and have provisions for disabling them in that view. This would give administrators easy access to the information necessary to protect their own and their visitors privacy and developers some incentive to respect privacy where possible. * Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) In reply to: [Privacy: web fonts in particular](https://wordpress.org/support/topic/privacy-web-fonts-in-particular/) * Thread Starter [gessel](https://wordpress.org/support/users/gessel/) * (@gessel) * [11 years, 11 months ago](https://wordpress.org/support/topic/privacy-web-fonts-in-particular/#post-5113680) * > Not exactly but I am 100% certain that they model all data available to them. > 😉 * 🙂 Totally agreed – but we can’t ever be certain of what information they do make available or to whom and it seems consistent with company policy to Keep All The Datas. * In the current release, Google’s servers are summoned from two lines: * ``` ./wp-includes/script-loader.php:602: $open_sans_font_url = "//fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets"; ./wp-includes/js/tinymce/plugins/compat3x/css/dialog.css:1:@import url(//fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=latin-ext,latin); ``` * The comment above the line in script-loader.php reads… * `// Hotlink Open Sans, for now` * …implying that the hotlinking call is intended to be a temporary shortcut, perhaps one that can be cleaned up. * In dialog.css, the call is more typical (it seems atypical to define a font in a .php file rather than a .css file, no?). * ``` @import url(//fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=latin-ext,latin); /* Generic */ body { font-family: "Open Sans", sans-serif; font-size:13px; background:#fcfcfc; padding:0; margin:8px 8px 0 8px; } ``` * This can easily be cleaned up as: * ``` /* @import url(//fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=latin-ext,latin); */ /* Generic */ body { /* font-family: "Open Sans", sans-serif; */ font: "Trebuchet MS",Trebuchet,Verdana,Sans-Serif; font-size:13px; background:#fcfcfc; padding:0; margin:8px 8px 0 8px; } ``` * The TinyMCE font definition is easier to deal with as it is thenceforth known as “body” not “Open Sans.” TinyMCE looks just fine testing this fix and from now on I won’t generate Google logs every time I edit a post. Please note I am not claiming aesthetic equivalence for the substitution. If Open Sans is the One True and Right font for this application, then serve it locally (Open Sans off FontSquirrel is Apache Licensed). I personally appreciate Source Sans’ differentiation between 1,l and I; Open Sans renders I and l pretty much undifferentiably. Let’s not tar all things Adobe just because The Steve didn’t like the Flash. * The way Open Sans is used in core wordpress code is slightly less… elegant? It is referenced in 71 places (including 6 references in twentytwelve) including: * `./wp-admin/css/dashboard-rtl.css:997:/* Make the browser nags easier to read with Open Sans */` * And while I agree it is a fine font, aesthetics and convenience should not trump privacy. Further, while it is one thing to be involuntarily harvested and sold to marketers and data aggregators so a programmer can enjoy the tasty bit of cheese with which the trap was baited, people do use wordpress as a platform to disseminate information and news around repressive regimes, occasionally regimes where Google maintains a locus of business and must therefore comply with national law, laws which may mirror or exceed CALEA and NSLs. As the data aggregated includes the visitor’s IP and the referrer URL, even if the site itself is hosted on protected servers underground in Sweden and run by trusted dissidents with as much to lose as the visitors, a programmatic shortcut to a cosmetic conceit creates a backdoor that could, literally, cost lives. * Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) In reply to: [Privacy: web fonts in particular](https://wordpress.org/support/topic/privacy-web-fonts-in-particular/) * Thread Starter [gessel](https://wordpress.org/support/users/gessel/) * (@gessel) * [11 years, 11 months ago](https://wordpress.org/support/topic/privacy-web-fonts-in-particular/#post-5113656) * Unless the visitor hits the login page, and then WordPress generates these font calls * ``` # Result Protocol Host URL Body Caching Content-Type Process Comments Custom 19 200 HTTP fonts.googleapis.com /css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&subset=latin%2Clatin-ext&ver=3.9.1 1,672 private, max-age=86400; Expires: Sun, 20 Jul 2014 14:44:07 GMT text/css iexplore:9684 ``` * and then these * ``` # Result Protocol Host URL Body Caching Content-Type Process Comments Custom 25 200 HTTP themes.googleusercontent.com /static/fonts/opensans/v8/DXI1ORHCpsQm3Vp6mXoaTRa1RVmPjeKy21_GQJaLlJI.woff 38,344 public, max-age=31536000; Expires: Thu, 16 Jul 2015 05:18:34 GMT font/woff iexplore:9684 26 200 HTTP themes.googleusercontent.com /static/fonts/opensans/v8/MTP_ySUJH_bn48VBG8sNSha1RVmPjeKy21_GQJaLlJI.woff 38,484 public, max-age=31536000; Expires: Thu, 16 Jul 2015 05:18:34 GMT font/woff iexplore:9684 27 200 HTTP themes.googleusercontent.com /static/fonts/opensans/v8/PRmiXeptR36kaC0GEAetxrsuoFAk0leveMLeqYtnfAY.woff 36,816 public, max-age=31536000; Expires: Wed, 15 Jul 2015 13:49:19 GMT font/woff iexplore:9684 28 200 HTTP themes.googleusercontent.com /static/fonts/opensans/v8/PRmiXeptR36kaC0GEAetxmWeb5PoA5ztb49yLyUzH1A.woff 36,832 public, max-age=31536000; Expires: Fri, 17 Jul 2015 18:55:32 GMT font/woff iexplore:9684 ``` * Or if the user is logged in, then the header bar generates the following requests: * ``` # Result Protocol Host URL Body Caching Content-Type Process Comments Custom 73 200 HTTP fonts.googleapis.com /css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&subset=latin%2Clatin-ext&ver=3.9.1 1,672 private, max-age=86400; Expires: Sun, 20 Jul 2014 14:45:46 GMT text/css iexplore:9684 ``` * And the loads these: * ``` # Result Protocol Host URL Body Caching Content-Type Process Comments Custom 89 200 HTTP themes.googleusercontent.com /static/fonts/opensans/v8/PRmiXeptR36kaC0GEAetxrsuoFAk0leveMLeqYtnfAY.woff 36,816 public, max-age=31536000; Expires: Wed, 15 Jul 2015 13:49:19 GMT font/woff iexplore:9684 90 200 HTTP themes.googleusercontent.com /static/fonts/opensans/v8/DXI1ORHCpsQm3Vp6mXoaTRa1RVmPjeKy21_GQJaLlJI.woff 38,344 public, max-age=31536000; Expires: Thu, 16 Jul 2015 05:18:34 GMT font/woff iexplore:9684 91 200 HTTP themes.googleusercontent.com /static/fonts/opensans/v8/MTP_ySUJH_bn48VBG8sNSha1RVmPjeKy21_GQJaLlJI.woff 38,484 public, max-age=31536000; Expires: Thu, 16 Jul 2015 05:18:34 GMT font/woff iexplore:9684 92 200 HTTP themes.googleusercontent.com /static/fonts/opensans/v8/PRmiXeptR36kaC0GEAetxmWeb5PoA5ztb49yLyUzH1A.woff 36,832 public, max-age=31536000; Expires: Fri, 17 Jul 2015 18:55:32 GMT font/woff iexplore:9684 ``` * Meaning that by visiting a wordpress site (and either logging in or attempting to), a user inadvertently and (typically) unknowingly generates logs on google’s servers that create a record of the visit: IP, time, date, and browser and the referrer ID so that Google has and can (and must) provide on request to any law enforcement agency, and can (and probably does) sell to any advertiser records of every logged in visit or login attempt to any wordpress site. * Obviously Google is selling the font service in exchange for this information. While that might be a fair transaction for some, it seems inappropriate to sell user’s data for convenience without their consent or knowledge. And seriously, is this transgression of user privacy warranted to render these informational pages in something other than the system font? * Forum: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/) In reply to: [Privacy: web fonts in particular](https://wordpress.org/support/topic/privacy-web-fonts-in-particular/) * Thread Starter [gessel](https://wordpress.org/support/users/gessel/) * (@gessel) * [11 years, 11 months ago](https://wordpress.org/support/topic/privacy-web-fonts-in-particular/#post-5113597) * Line 580: // Hotlink Open Sans, for now * It would be cool if there was an option for locally serving fonts, say by incorporating this script: [https://github.com/DaAwesomeP/php-offline-fonts/](https://github.com/DaAwesomeP/php-offline-fonts/) * This would achieve all of the compatibility of Google’s user agent checks but wouldn’t leak user data to Google. * It doesn’t solve the problem of closed LAN operation, but perhaps this could be solved with local download and code like this: @font-face { font-family: ‘ MyWebFont’; src: url(‘webfont.eot’); /* IE9 Compat Modes */ src: url(‘webfont. eot?#iefix’) format(’embedded-opentype’), /* IE6-IE8 */ url(‘webfont.woff’) format(‘ woff’), /* Modern Browsers */ url(‘webfont.ttf’) format(‘truetype’), /* Safari, Android, iOS */ url(‘webfont.svg#svgFontName’) format(‘svg’); /* Legacy iOS */} * (from [http://css-tricks.com/snippets/css/using-font-face/](http://css-tricks.com/snippets/css/using-font-face/)) * The goals being: * 1) Eliminate privacy compromising calls to third parties, 2) Transparent operation on a closed LAN. Viewing 11 replies - 1 through 11 (of 11 total)