Please take a look at my Screenshot.
You see on the top right, that the Facebook SDK is loading when I just visit this site.
On the Bottom Middle there are an checkbox with "I allow to create an account and send confirmation email."
I sorry, but that's not enough ๐
Users Privacy was already affected when they just visit an wpForo Site.
So you can fix it if you load the Facebook SDK only when user explicit Accepts the checkbox: "I allow to create an account and send confirmation email.".
The same for Google+ and Twitter Integration.
The Facebook login checkbox is designed to get acceptance of user to automatically create a forum user account to comply to GDPR Article 22 - Automated individual decision-making, including profiling. This checkbox is not designed for the issue you're mentioning. That issue is a genera issue and it's better to solve for whole website. You should have some pop-up or other solution and display it on first visit of a user to your website. There are dozens of 3rd party libs from Google, Facebook and other popular services which should be covered on first visit to the home page of website.
We added all information about wpForo data usage in wpForo built-in Privacy policy template in Forum > Tools > Privacy and Rules admin page. Here is some part of that:
2. Information We Share and Disclos
2.1 How we share information we collect
You should be aware that any information you provide on our community - including profile information associated with the account you use to post the information - may be read, collected, and used by any member of the public who accesses these websites. Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you input into these Services. To request removal of your information from publicly accessible websites operated by us, please contact us. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.
2.2 Sharing with third parties
2.2.1 Service Providers: We share information with third parties that help us operate, provide, improve, integrate, customize, support and market our services. We work with third-party service providers to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a service provider needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
Our administrators may choose to add new functionality or change the behavior of the community by installing third party apps within the community. Doing so may give third-party apps access to your account and information about you like your name and email address, and any content you choose to use in connection with those apps. Third-party app policies and procedures are not controlled by us, and this privacy policy does not cover how third-party apps use your information. We encourage you to review the privacy policies of third parties before connecting to or using their applications or services to learn more about their privacy and information handling practices. If you object to information about you being shared with these third parties, please uninstall the contact us and let us know as soon as possible. Below are the third party services we use on our community:
- Akismet (by Automattic Inc.) - Spam fighting service that protects millions of WordPress sites. Automattic Privacy Policy: https://automattic.com/privacy/
- reCAPTCHA (by Google) - Protects internet users from spam and abuse wherever they go. Google Privacy Policy: https://policies.google.com/privacy
2.2.2 Links to Third Party Sites: Our community may include links that direct you to other websites or services whose privacy practices may differ from ours. If you submit information to any of those third party sites, your information is governed by their privacy policies, not this one. We encourage you to carefully read the privacy policy of any website you visit.
2.2.3 Social Media Widgets: The Services may include links that direct you to other websites or services whose privacy practices may differ from ours. Your use of and any information you submit to any of those third-party sites is governed by their privacy policies, not this one.
2.2.4 Third-Party Widgets: Some of our Services contain widgets and social media features, such as the Facebook "share" or Twitter "tweet" buttons. These widgets and features collect your IP address, which page you are visiting on the Services, and may set a cookie to enable the feature to function properly. Widgets and social media features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy policy of the company providing it.
Thanks Robert!
This checkbox is not designed for the issue you're mentioning. That issue is a genera issue and it's better to solve for whole website.
You have right. But you can start to do it better than other Plugin Autors ๐
Just an new Option that loads the SDK only when user would Login over Facebook and so on.
It was just an Suggestion. Then I will solve it on my own Site for myself.