I totally like the QoL oneboxes bring to the Discourse users. However, i stumbled upon the following ‘issue’:
While Youtube for example is embedded via LazyYT and therefore doesn’t load the iframe and attached cookies until the users presses play, this functionally seems to be absent for every other player onebox.
Vimeo for example loads the entire iframe, player and cookies on page load
Therefore my question: Is it planned to replicate the LazyYT functionality on other oneboxes like Vimeo or how would be the best way to go about it on my own. I am aware that i am able to simply blacklist Vimeo and the like which only should be my last resort, though.
I know it is debatable if this is necessary to comply with GDPR, but nonetheless I think better control over embedded 3rd party content would be worthwhile as the LazyYT example shows to some extent.
As I see it every of those iframes transfers IP, and load third-party non-essential cookies for every user (also not registered ones) before they are able to agree with that.
Apart from that especially topics with multiple embeds could run into performance issues when for example 10 players are loading at the same time.
LazyYT does it pretty fine I think, and Preview in post creation. (Option for a 3rd party hint on top of the preview image could be helpful, too)
I’ve noticed a few European websites now let the user decide whether they want to see embedded content. This is especially useful for sites that are known to follow you around the web and build a profile even if you haven’t signed up with them. I’d like to give community members that kind of control over their privacy.
show content from Facebook
Something like this near every embed or in the user preferences might be too much for some, though. A more seamless alternative could be Embetty: https://github.com/heiseonline/embetty
Maybe a first simple step would be to implement a general option in the user settings to enable/disable 3rd party content, activating/deactivating the onebox feature on a per user base?
We are also craving for an option like this, but are not really able to implement it.
show content from Facebook
