GDPR conforming video embedding
Please let me start a new thread on this subject. It seems now clear that the GDPR requires to give users the choice to see iframe-content or not. Which means that video embedding is currently not possible, especially for guests.
On a few other platforms, e.g. CMSimple_XH, there exist addons which display a thumbnail first, e.g, the custom thumbnail of the video and warn the user that they enter the range of the google privacy rules when they click the video. That thumbnail will always be loaded by the server, so the privacy is not touched.
What about the state or plans of ElkArte in this respect?
Is the creation of preview image be handled by the server, in a way that Youtube cannot see personal data from the user? In that case, ElkArte would be almost GDPR conforming - the only missing thing is a note that actually displaying the video will happen under the data protection policy of Google.
Re: GDPR conforming video embedding
Reply #3 –
Thanks, feline, i am aware of this. Unfortunately this refers only to registered users.
In order to be conforming or at least "non-attackable" it would be necessary to exclude guests from seeing embedded stuff. Not only videos.
Apparently it is not possible to exclude guests from seeing these.
One of the key problems in this respect is that the video embedding is done through Javascript, i.e. on the user's machine. A safe and conforming implementation should IMHO run on the server and thus hide the user data in requests to the video sites unless the user explicitly loads the video.
Re: GDPR conforming video embedding
Reply #4 –
On our Forum, Guest see ONLY a LINK to the video .. it's not embedded in this case !!
Re: GDPR conforming video embedding
Reply #5 –
Which might imply that one could port that part of Your code into ElkArte as well?
Re: GDPR conforming video embedding
Reply #7 –
Yes, indeed.
I would like to have 1.1.4 out soonish because there is also a fix for a little security issue reported a few days ago.
Re: GDPR conforming video embedding
Reply #8 –
Wise, indeed. I am fully with You in this respect.
BTW: how hard is it to port an Addon made for SMF 2.0.13 to Elk?
After a quick check of the sources, OharaYTEmbed might be a possible starting point: the License seems to allow porting and derivative work, and the relevant parts of the coding are done within PHP and hence on the server.
Re: GDPR conforming video embedding
Reply #10 –
Why port a youtube embedder?
Re: GDPR conforming video embedding
Reply #11 –
Right, there already is one standard with ElkArte. Better prepare the current embedder to be fit for the future.
Re: GDPR conforming video embedding
Reply #12 –
I had a look at Elk's embedder.
As i wrote, the embedding is entirely done by some Javascript code. That means that everything "happens" in the browser. This has the obvious advantage of reducing the load on the server. But it has the disadvantage that the user data cannot be initially from the video hoster before the user can agree to send his data to the hoster.
So technically the part displaying the preview image of the video must be done on the server. And that's a massive change of the forum. At least for someone who does not know the internals of Elk or SMF things might be easier if there was a reasonably well documented API. That's the background of my question.
Re: GDPR conforming video embedding
Reply #14 –
Thanks. I'll check it the next days.