Should You Start an Anonymous Blog? 8 Reasons to Consider It (And 8 Not To)

Should You Start an Anonymous Blog? 8 Reasons to Consider It (And 8 Not To)

There’s no doubt about it: we’re living in a world of over-sharers. Bloggers, social media users, celebrity influencers… It seems like everyone wants to be a Kardashian these days; to give the world a close-up look into what’s happening behind the scenes of their lives or to share every thought that’s running through their head. […]

Read Full Article Here

WordPress.org Privacy Policy Updates

WordPress 4.9 Release Candidate

The WordPress.org privacy policy has been updated, hurray! While we weren’t able to remove all the long sentences, we hope you find the revisions make it easier to understand:

  • how we collect and use data,
  • how long the data we collect is retained, and
  • how you can request a copy of the data you’ve shared with us.

There hasn’t been any change to the data that WordPress.org collects or how that data is used; the privacy policy just provides more detail now. Happy reading, and thanks for using WordPress!

 

Read Full Article Here

How WordPress Users Can Survive the GDPR

How WordPress Users Can Survive the GDPR

The thing that attracted many of us to WordPress is that it allows you to do a lot with an extremely small budget. Where, previously, a team of developers might spend weeks or months working to enable some specific functionality, and a team of designers might spend a similar amount of time to achieve a certain look, suddenly an ordinary person, with no coding ability, could find plugins and themes that would allow them to achieve the same thing within a few hours.

Read Full Article Here

WordPress 4.9.6 Released With User Data Export and Removal Tools

WordPress 4.9.6 Released With User Data Export and Removal Tools

WordPress 4.9.6 has been released and is considered a privacy and maintenance release. Traditionally, minor versions contain security and bug fixes. This release is different as it includes a number of privacy related features such as:

  • Privacy Policy page template/creation
  • User Data Request Handling
  • User Data Export and Removal tools
  • Cookie Opt-in for Comments
  • Other features related to GDPR Compliance

Earlier this month, I reviewed the privacy features in 4.9.6 and since that post was published, the team has made a number of adjustments. For example, site admins will receive an email when a user confirms a personal data export or removal request and the text on the privacy policy template page has been simplified. 

The privacy features in WordPress 4.9.6 are largely the result of a new team of volunteers that was formed earlier this year. The team is already hard at work on improving these features for future versions of WordPress.

In addition to privacy enhancements, more than 50 bugs have been fixed. ‘Mine’ has been added as a filter in the WordPress Media Library and when viewing a plugin in the backend, it will display the minimum PHP version that’s required.

The WordPress Development team has published an update guide that provides links to technical information related to features in 4.9.6. In addition, there’s a guide available for Theme Authors as styling adjustments may be necessary.

As this is a minor release, sites are in the process of updating automatically. If you encounter an issue with 4.9.6, please report it on the Support Forums.

Read Full Article Here

WordPress 4.9.6 Beta 1 Adds Tools for GDPR Compliance

WordPress 4.9.3 Rescheduled for February 5th

WordPress 4.9.6 Beta 1 is available for testing. It’s the first step in bringing GDPR (Global Data Protection Regulation) tools to WordPress. In addition to 10 bugs being fixed, this release heavily focuses on privacy enhancements.

One of the first changes is the addition of a Privacy tab on the successful update screen. The message informs users that their sites may send data to WordPress.org for plugin and theme updates with a link to the WordPress.org privacy policy.

WordPress 4.9.6 Privacy Information

Privacy Policy Page Creation and Template

WordPress 4.9.6 includes the ability to create a Privacy Policy page from the backend. Simply browse to Settings > Privacy and select an existing page or create a new one where the policy will be displayed.

Privacy Policy Page Settings

Privacy policy pages will likely become as ubiquitous as About Us pages thanks to the GDPR, but the information that’s displayed is unique to individual sites. WordPress helps out by providing a template with suggestions on what information to display.

Privacy Policy Template

Personal Data Export and Removal Tools

To comply with the GDPR, sites need to provide a way for users to obtain their personal data and request that it be removed. WordPress 4.9.6 does not give users a button to make these requests. Instead, a site’s privacy policy needs to  include information on where to send such requests.

Once a request for a data export or removal is received, site administrators or the Data Protection Officer can browse to Tools > Export Personal Data or Tools > Remove Personal Data and send that user a verification request.

Export Personal Data Verification UI
Data Removal Request Verification UI

When an admin enters a username or email address into the send request field, they’ll receive an email with a confirmation link. Once clicked, the site will display an Action Confirmed notice and that the site administrator has been notified and will fulfill the request as soon as possible.

Here’s what a confirmed notice looks like in the backend.

Confirmed Data Export Request

One thing I noticed is that after a user confirms the request, the site administrator has no way of knowing that they confirmed unless they visit the Data Export or Removal page.

Perhaps a new notification bubble can be created, similar to pending comments and updates that takes admins to the appropriate place for confirmed requests.

When WordPress finishes creating the zip file, a link is sent to the user. For security purposes, the file will automatically be deleted after 72 hours.

My Personal Data Export

To test this feature, I exported my personal data from WP Tavern. My data export arrived in a zip file as one Index.html file. This file contains my comments, user meta data, links to attachments, and more. The data provides me with an opportunity to see what data the site has and what would be deleted if I requested full data removal.

Commenter Cookie Notification and Opt-in

Cookies save data so that visitors don’t have to fill in the Author, URL, and Email fields each time they want to leave a comment. In 4.9.6, visitors will be informed of this data storage and will need to check mark a box to opt-in.

Checkbox For Consenting to Data Storage

WordPress 4.9.6 isn’t your typical minor release. It introduces new UI, options, and a bunch of privacy related enhancements. The development team is aiming to officially release 4.9.6 before GDPR goes into effect later this month, but these features need battle tested now, especially on multi-site configurations.

I encourage you to check out 4.9.6 on a staging site and go through the process of requesting, confirming, and obtaining user data. Now is a good time to experience what users will be going through.

You can download WordPress 4.9.6 beta 1 here or obtain it by using the WordPress Beta Tester plugin. If you encounter any issues, please report them on the Alpha/Beta section of the support forums.

Read Full Article Here

Jetpack 6.1, Now With Even More Privacy Information

Jetpack 5.6.1 Increases Security of the Contact Form Module

Jetpack 6.1 is available and is considered a general maintenance release. This version adds two improvements to the WordAds module. Users can now use the [wordads] shortcode to place an inline ad on any post or page. Support for the ads.txt file has also been added.

A new filter is available that honors the Do Not Track feature. This filter only affects the Stats module and will not track visitors who have Do Not Track enabled. This filter may be exposed as a setting in the UI in a future update.

Sharing and Likes functionality has been removed from WooCommerce’s Cart, Checkout, and Account pages. Notices that appeared in log files related to language features on sites running PHP 7.2 have been fixed.

Continuing the progress made in Jetpack 6.0 towards GDPR compliance, 6.1 adds More Info buttons to every module that handles user data.

The More Info buttons contain links to specific sections of support documents that describe whether or not the module is activated by default, what data is used for site owners and visitors, and what data is synchronized with WordPress.com.

More Info Links in Jetpack
Detailed Privacy Information for The WordPress.com Toolbar Module

In the example above, the Privacy Information link for the WordPress.com Toolbar module points to the following support document. With all of this information now readily available, users can educate themselves on the privacy implications of each module and decide what’s best for their visitors.

A full changelog of Jetpack 6.1 is available on WordPress.org.

Read Full Article Here

Jetpack 6.0 Takes Steps Towards GDPR Compliance

Jetpack 5.6.1 Increases Security of the Contact Form Module

Jetpack 6.0 is available for upgrade. It comes with improvements to the social media icons widget, enhanced brute force protection, and better compatibility between WooCommerce and Jetpack.

Its headlining features though are privacy related as the General Data Protection Regulation (GDPR) is set to go into effect May 25th. In 6.0, Jetpack has a dedicated privacy settings page that links to privacy documents and includes a way to opt-out of activity tracking.

These settings can be accessed by clicking the Privacy link at the bottom of the Jetpack Dashboard page.

Jetpack 6.0 Privacy Settings

The 'What Data Does Jetpack Sync' page outlines what data is used, how it's used, the relationship it has with the WordPress mobile apps, and provides an inside look at how Jetpack works.

These are the first steps towards GDPR compliance with more updates planned before the regulation goes into effect next month.

Read Full Article Here

New Team Forms to Facilitate GDPR Compliance in WordPress Core

New Team Forms to Facilitate GDPR Compliance in WordPress Core

As May 25th, the enforcement date for the General Data Protection Regulation (GDPR) draws near, individuals and businesses are scrambling to make sure they’re compliant. I’ve read a number of blog posts throughout the WordPress community explaining the GDPR and what needs to be done for compliance and it’s a tough thing to grasp.

The EU GDPR was designed to harmonize data privacy laws across Europe, protect and empower European citizens data privacy, and reshape the way organizations across the region approach data privacy. In reading the regulation and various blog posts, the terminology makes it appear that the changes are geared towards large, international businesses that process personal data.

However, according to Heather Burns, a digital law specialist in Glasgow, Scotland, the GDPR affects sites large and small.

GDPR applies to all businesses, organizations, sectors, situations, and scenarios, regardless of a business’s size, head count, or financial turnover. A small app studio is every bit as beholden to these rules as a large corporation.

Determining if your site needs to be compliant and how to accomplish it can be overwhelming. If you do business in Europe or collect data from European users, you must protect that data in accordance with the GDPR as if you were in Europe. For example, if you operate a blog with a contact form that saves entries to the database from people who live in Europe, you must make your site GDPR compliant.

There are a lot of aspects to the GDPR and while an excerpt can not fully explain it at a glance, there are a few themes that stick out to me.

  • Be upfront and concise about what data is stored, sent, and used on the site or form.
  • Give the user a chance to consent without automatically opting them in.
  • Collect the least amount of data possible for legitimate business purposes.
  • Provide a way for users to download or access their data and remove it.

Many of these are common sense practices that are not implemented on many sites, WP Tavern included. How often do you visit a site’s contact form and see an explanation as to why those fields are required, where the data is stored, where it goes, and what is done with it? This is something I’ll be working on in the next few weeks.

Making WordPress Core GDPR Compliant

Earlier this month, a number of volunteers gathered to discuss GDPR compliance in WordPress core. The meeting took place in a newly created channel #gdpr-compliance that’s accessible to anyone with a SlackHQ account.

The team created a proposed roadmap to add privacy tools to core. The plan includes the following ideas:

  • Add notices for registered users and commenters on what data is collected in core by default and explain why.
  • Create guidelines for plugins on how to become GDPR compliant.
  • Create and add tools to facilitate compliance and privacy in general.
  • Add documentation and help for site owners to learn how to use these tools.

Earlier today, the team met and created a GitHub folder that houses the roadmap, knowledge base, trac ticket list, and other items associated with the project. There was also some discussion on whether the interface provided by the GDPR for WordPress project is a good foundation for core and plugins to report personal data. The GDPR Compliance Slack channel is also a good place to ask questions and discuss data privacy in general.

Popular form plugins such as GravityForms and NinjaForms have documentation available that explains GDPR compliance and how it applies to their products. For those who use the Contact Form module in Jetpack which saves entries to the database by default, you’ll need to wait for further updates. WooCommerce and Automattic have announced that they expect their products will be GDPR compliant by the time it goes into effect later this year.

GDPR Resources

If you’re like me, reading about the GDPR and its policies can make your head spin. It’s important to keep in mind that at the heart of the GDPR are common sense behaviors for handling personal data. If you’d like to learn more about the GDPR, check out the following resources.

Read Full Article Here