Skip to main content
Topic: GDPR conforming video embedding (Read 3673 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

GDPR conforming video embedding

Please let me start a new thread on this subject. It seems now clear that the GDPR requires to give users the choice to see iframe-content or not. Which means that video embedding is currently not possible, especially for guests.

On a few other platforms, e.g. CMSimple_XH, there exist addons which display a thumbnail first, e.g, the custom thumbnail of the video and warn the user that they enter the range of the google privacy rules when they click the video. That thumbnail will always be loaded by the server, so the privacy is not touched.

What about the state or plans of ElkArte in this respect?
Is the creation of preview image be handled by the server, in a way that Youtube cannot see personal data from the user? In that case, ElkArte would be almost GDPR conforming - the only missing thing is a note that actually displaying the video will happen under the data protection policy of Google.


Re: GDPR conforming video embedding

Reply #1

Quote from: bea – In that case, ElkArte would be almost GDPR conforming
Not really, I don't think any software will be "GDPR compliant" out of the box (despite what others may think), but that's not the place to discuss this.

I guess it can be added to the list.
Bugs creator.
Features destroyer.
Template killer.

Re: GDPR conforming video embedding

Reply #2

For Youtube videos you have to inform along the gdpr that you use thirst party tools  then put in a link to youtubes Policy ..

First if you use thirt party tool:
QuoteWe use third-party content or service offerings within our online offering, based on legitimate user interests, to integrate their content and services. This always assumes that the third-party providers perceive the IP address of the users, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content.
 
Then for youtube
QuoteWe embed the videos on the YouTube platform of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.google.com/policies/privacy.
 
Hope this helps ...
Many are stubborn in relation to the path, a few in relation to the target.
Visit our new Forum Project on https://www.portamx.com

Re: GDPR conforming video embedding

Reply #3

Thanks, feline, i am aware of this. Unfortunately this refers only to registered users.
In order to be conforming or at least "non-attackable" it would be necessary to exclude guests from seeing embedded stuff. Not only videos.

Apparently it is not possible to exclude guests from seeing these.

One of the key problems in this respect is that the video embedding is done through Javascript, i.e. on the user's machine. A safe and conforming implementation should IMHO run on the server and thus hide the user data in requests to the video sites unless the user explicitly loads the video.

Re: GDPR conforming video embedding

Reply #4

On our Forum, Guest see ONLY a LINK to the video .. it's not embedded in this case !!
Many are stubborn in relation to the path, a few in relation to the target.
Visit our new Forum Project on https://www.portamx.com

Re: GDPR conforming video embedding

Reply #5

Which might imply that one could port that part of Your code into ElkArte as well?

Re: GDPR conforming video embedding

Reply #6

Quote from: emanuele – I guess it can be added to the list.

But hopefully for the time after 1.1.4.

Re: GDPR conforming video embedding

Reply #7

Yes, indeed.
I would like to have 1.1.4 out soonish because there is also a fix for a little security issue reported a few days ago.
Bugs creator.
Features destroyer.
Template killer.

Re: GDPR conforming video embedding

Reply #8

Wise, indeed. I am fully with You in this respect.

BTW: how hard is it to port an Addon made for SMF 2.0.13 to Elk?

After a quick check of the sources, OharaYTEmbed might be a possible starting point: the License seems to allow porting and derivative work, and the relevant parts of the coding are done within PHP and hence on the server.

Re: GDPR conforming video embedding

Reply #9

Quote from: bea – Wise, indeed. I am fully with You in this respect.

BTW: how hard is it to port an Addon made for SMF 2.0.13 to Elk?

After a quick check of the sources, OharaYTEmbed might be a possible starting point: the License seems to allow porting and derivative work, and the relevant parts of the coding are done within PHP and hence on the server.
It depends. I have ported a few of my smf addons to elkarte It really depends on what features are used.

Re: GDPR conforming video embedding

Reply #10

Why port a youtube embedder?
Bugs creator.
Features destroyer.
Template killer.

Re: GDPR conforming video embedding

Reply #11

Right, there already is one standard with ElkArte. Better prepare the current embedder to be fit for the future.

Re: GDPR conforming video embedding

Reply #12

I had a look at Elk's embedder.
As i wrote, the embedding is entirely done by some Javascript code. That means that everything "happens" in the browser. This has the obvious advantage of reducing the load on the server. But it has the disadvantage that the user data cannot be initially from the video hoster before the user can agree to send his data to the hoster.
So technically the part displaying the preview image of the video must be done on the server. And that's a massive change of the forum. At least for someone who does not know the internals of Elk or SMF things  might be easier if there was a reasonably well documented API. That's the background of my question.



Re: GDPR conforming video embedding

Reply #14

Thanks. I'll check it the next days.