Hey, WordPress theme developers.
There’s something I’d like to ask you not to do anymore. Don’t do this:
Here, too:
And why not?
You are making a promise to people who visit any blog that uses your theme, and it’s one that may or may not be respected and honored by the blog owner or author.
“Your email address will never be published or shared.”
This type of language or a variant thereof is in an awful lot of WordPress themes. (In the first example above, “never” is even in italics to stress how important this is. Needless to say, on the blog where this notice was found (using a commonly-available theme), comments that didn’t agree with the author had their email addresses published in retorts by the blog author.
Because WordPress provides blog moderators with the email address (and the IP) of users who comment on their posts, the very information that many themes say will not be shared is given to the one person (or people) who have the ability to publish it for other readers of the post to see.
So I say think twice before putting this language in your theme.
Blame the default WordPress comment form output. It’s right there in wp-includes/comment-template.php.
Then IMO WordPress either needs to stop providing admins with the information or remove this language from the template.
Is there a bug filed for this yet?
Not that I’m aware of. I will file one later if no one beats me no it.
Right on… I’ll look for it when I get done with work.
Everyone should learn to search on Trac. I made a ticket for this 3 months ago. Patches extremely welcome. :)
On the contrary, the whole intention of this practice is to assure the average reader and encourage them to comment. You are telling them that one of the *required* fields they are submitting with their comment won’t be published, which it won’t be by default.
I agree using “never” is a bit strong. We toned down our language about a year ago and now use “Your email will not be published.”
With that being said, “Your email may not be published” is too ambiguous and confusing for the average reader, whether or not it is a 100% guarantee. Anything you share on the internet might be published or disclosed at some point due to hacking, businesses changing hands, etc. So should we should go around saying things like “Your credit card details may be safe on this website”? I would say no. Even if it is the truth, it is misleading and confusing for the user.
In the end the responsibility falls on the blog owner to change this text if they plan on sharing or publishing commenter email addresses. I would argue the vast majority have no intention of doing so and it is a generally accepted practice not to do so. Changing it to use “may” just confuses the commenter and makes them uneasy about leaving their comment.
I would argue this is still a bit strong.
I’m not arguing for this; I’m arguing for not including any statement to this effect at all.
I’ll respectfully disagree with this as I believe that any statement saying that an email won’t be published is wishful thinking at best and misleading at worst—so long as this information is given to the blog moderators. And I don’t think that the miscreants and jerks who engage in sharing commenter information will bother to change it, which is why my argument is for not including it in themes or in the default comment template.
I think we’re just interpreting the language differently. I’m taking it as this will not be published right now with this comment. Hence why I agree with you regarding the use of never.
I think including no statement at all could discourage commenting from the uninitiated reader. You are requiring them to provide an email address in the same form and giving them no assurance that it won’t be published along with their comment. Yes, we all know it won’t be published with the comment, but I would argue the average reader and potential commenter does not.
I’m not entirely convinced of this but it is a good point. I doubt many people think twice about giving away their email anymore and most people who are likely have a throwaway or just use the very popular me@here.com or similar.
How about we go with, “Your email will not be published unless the blog owner or anyone with publishing rights on this site (authors, editors, admins) decides to be a total jackass and violate your privacy as well as the generally accepted ethics of blog commenting, in which your email is required to prevent spam and possibly allow follow-up contact, but is not meant to be published.”
Bummer that would take more room than the comment form. :) New string suggestions welcome at http://core.trac.wordpress.org/ticket/17739
It seems to me that Ryan has a really good point. The perfect world path would probably be to ask users to specify the text or at least agree to it when they install WP. Of course, this complicates the install process somewhat…
I agree. I take “Your email will not be published” as more of a technical notification – go ahead and use your non-spamproof email here, because it’s not going to show up next to your comment by default.
I’m not the average blog commenter from a technical knowledge standpoint, but I have to believe that commenters recognize that SOMEONE will see their email address, and that email’s privacy relies on that someone – a human, with human flaws – to keep it private. It’s not some sort of unbreakable contract.
I see on this comment form, however, there’s a simple (Not published) next to the email field. I think that suffices, and it IS important information to give the average user (even if you decide you hate me and want to publish my email later).
I’m planning to publish Ryan’s email address all over the place. Muhuhahahaha!
Ironically, your own comment form still says “will not be published” in the email field.
I wonder whether the bigger question is not around whether the commenter’s email need be a required field at all?
I created a core ticket and patch for this. http://core.trac.wordpress.org/ticket/18633
Awesome, Evan!
In WordPress never sometimes is not never at all ? Or am i wrong ?
It depends on the actions of the blog moderators, and my point is that sometimes those people can’t be trusted by default.