Problem/Motivation

When opening the "Help" tab, I see 54 requests to https://img.youtube.com/vi/{video id}/0.jpg in my browser dev tools' network tab.

I'm glad, my script/ad blocker was active on http://localhost, otherwise I would have downloaded a lot of useless images.

My main concern is privacy. I don't want to be tracked by surveillance capitalists. Because these are just my personal feelings, I have a better reason: If I would want to use the module in the EU, it would violate GDPR.

This is also a bandwidth and performance problem. Opening the help page in a location with bad internet connectivity or on a device with bandwidth quota would be a bad idea.

Steps to reproduce

open admin/structure/webform/help in a web browser

Proposed resolution

Don't embed YouTube thumbnails.

Alternative solution 1: Ask for consent before embedding images from third party.

Alternative solution 2: Disable or override webform.help route via contributed module.

Remaining tasks

User interface changes

API changes

Data model changes

Comments

raffaelj created an issue. See original summary.

raffaelj’s picture

raffaelj
he/him
Primary language German
commented

Workaround:

set "Video display" to "hidden" in "Advanced" sub tab under "Configuration" tab (admin/structure/webform/config/advanced). Now the lines "This screencast..." without the "Watch video" button below don't make any sense anymore, but at least the third party content is gone.

Setting "Video display" to "link" still loads all YT thumbnails and the "Watch video" button is a link now, that opens the YT video on the same page.

To make sure, that nobody enables it again in the future, a config override in settings.php helps:

$config['webform.settings'] = [
  'ui' => [
    // prevent loading YT thumbs on help tab
    // 'video_display' => 'hidden',

    // completely disable YT video list (not possible via UI)
    // to see the original list, visit:
    // https://www.drupal.org/docs/contributed-modules/webform/webform-videos
    // @see webform/src/WebformHelpManager.php::buildVideos()
    'video_display' => 'none',
  ],
];

edit: added config override to completely disable the video list. This solves the problem of the out-of-context "This screencast provides..." sentences.

jrockowitz’s picture

jrockowitz commented
Status: Active » Closed (works as designed)

Hiding the video display is the best approach for GDPR compliance.

raffaelj’s picture

raffaelj
he/him
Primary language German
commented

Privacy invasive settings should be opt-in instead of opt-out.

And as mentioned above, the help text makes no sense anymore.