leaks WP user’s infos, privacy

  • Update:

    since 2.8.31 point (1) seems addressed. (2) perhaps calls for some WP hooks to handle privacy & such settings across plugins – dunno if such thing already exists – till then admins need to tinker around a bit, likely not a GT issue.
    Fair enough, let’s leave 1 star for improvements (wonder if people consider the semantic attached to the stars …)

    thanx a lot

    =======

    Hi

    I’d rate 4 stars, except for few things:

    1) main one: it grabs current WP user infos to (connect to) an external service (chat hub):

            <?php $user_info = wp_get_current_user(); ?>
        <script>window.intercomSettings = {app_id: "r70azrgx", 'email': '<?php echo addslashes($user_info->user_email); ?>', 'name': '<?php echo addslashes($user_info->first_name . ' ' . $user_info->last_name); ?>',
...

    now, it’s good you provide in-widget-admin direct link to support – like for the teasers / pages on yt / soc-nets – but you’re not supposed to leak anything by exploting the priviledge access the plugin is granted by installation. So whatever service you suggest the user to connect to, do it clean & let user fill in the details (even an option to ‘use my WP-userinfos’)

    2) since the translation is handled client side, site visitor should be informed it’s via gtranslate (‘powered by …’), so at least it’s warned that its navigation is tracked by bigG regardless of other choices (e.g. cookies) for that site

    3) marginal issue (I know it should go to support ticket …), on AP-lite theme at least, the option to have the switcher on primary menu puts the control on top right outside the screen, no it’s not visible unless the window is larger enough than the max width of the page. Perhaps that’s a feature rather than a bug, to avoid overlap with theme’s menu … ?

    thx

    • This topic was modified 7 years, 4 months ago by b-smark. Reason: main issue was addressed
Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author edo888

    (@edo888)

    Hi,

    1. We provide integrated live chat support with Intercom on our plugin settings screen for free and it is good to know who is contacting us. We do not use that data for any other purposes.

    2. It is up to the website owner to let the website visitors know that it is using cookies or services like Google. I think a lot websites nowdays use Google CDN to load for example jQuery library and by doing that they might be tracked by Google. I’m not mentioning about using Google Analytics.

    3. I’ll need a real example to check the mentioned issue for you.

    Thanks!

    Thread Starter b-smark

    (@b-smark)

    1. ” it is good to know who is contacting us” trojans coders’ argument. You have to ask, user decide not you.
    2. of course site admin can do extra things as it see fit, if decides to install a plugin. Don’t know if there’s a standard way to hook to privacy/cookies plugins, having these installed and such other plugins which load regardless is kinda a conflict that calls for admin to patch here and there. I’m fine at the moment just adding ‘(via Google)’ after lang_name.
    3. will open bug issue & upload screenshot

    thanx

    Plugin Author edo888

    (@edo888)

    Hi,

    We have removed the email and name from Intercom chat settings in 2.8.31 version.

    If you want to add “via Google”, you can do that in the Widget Code section easily.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘leaks WP user’s infos, privacy’ is closed to new replies.