Emoji’s in WordPress 4.2
Published March 22nd, 2015 under Plugins
Note: Nowhere in this post do I say that Automattic or Google are tracking anyone, just that they have the capability to do so if they want. Those companies have better things to do with their time than violate user trust. Many organisations choose to trust no one, and in that situation will want to remove any functionality which allows their visitors to be tracked.
Tracking of your WordPress websites visitors by Automattic Inc. has been possible since Gravatars were added to WordPress version 2.5 in 2008. This isn’t a big problem as those who don’t wish to allow them to track their site visitor scan simply disable Gravatars by turning them off in their admin panel.
Google fonts were also added in some of the newer default themes and in the admin panel, which gives Google the ability to track users using those themes or the WordPress admin panel. There is an excellent plugin for disabling Google Fonts in the admin panel, and not using the default themes prevents them being used on the front-end.
For WordPress 4.2, another potential point of tracking is present, in the form of externally hosted Emoji’s. So those of you who need to block external services from tracking your site visitors will need to disable this in your sites.
I couldn’t find any existing plugins which can disable the ability for Automattic, Inc. to track users, so I created a simple plugin to totally disable the Emoji functionality. For my personal blog, I don’t intend to use emoji’s anyway, so it made sense to remove everything, including the CSS and JS which they dumped into my sites front-end. It should be possible to keep the emoji functionality whilst still maintaining privacy and I hope someone creates a plugin for this purpose, but in the mean time I hope that my little plugin will be useful to some of you.
Peter Cralen says:
Thanks for plugin.
I don\’t understand how can someone decide to add smiles to core WordPress, not sure if 80% or more users use this junk. For me its just extra unnecessary CSS and Javascript on front-end.
Some option in WP to turn it completely off would be nice. It even looks horrible in source code of site π
March 22, 2015 at 6:50 pm # //
Ryan says:
Yeah, the source code is pretty horrible. I was a little surprised when I saw it appear in my source. Thankfully it wasn’t too hard to get rid of.
March 22, 2015 at 7:03 pm # //
Andreas Nurbo says:
Automattic probably has some deal with some company to use the emojis. Thanks for the plugin.
I dont understand the need to bundle these CDN/request based based into core be it google fonts, emojis, gravatars or akismet.
You forgot to add that Gravatar makes it possible for unscrupelous individuals to find out commenters email and also track them across websites. Automattic aint the main concern there. Thing is allmost no end user know about it.
March 22, 2015 at 7:44 pm # //
Ryan says:
I understand why they’re using CDN’s for these, although I don’t agree with it. There are way too many downsides IMO, and they should be opt-in if they do have to be served from CDN.
They’d need to brute force the hash to get the email address, so although it’s technically possible, I don’t think it’s something they could do emasse. And anyone who signed up for a Gravatar would have already provided their email address to them willingly.
March 22, 2015 at 10:52 pm # //
Piet says:
Apart from the CSS and JS which are dumped into sites front-end that you already mentioned my main gripe with this whole emoji-\”feature\” is the CDN where the lot is pulled from.
For me it\’s not because of tracking reasons (didn\’t even know that); no, for me it is the fact that the CDN (s0.wp.com) is blocked where I live (China).
The Core team knows very well that their CDN is blocked in China (and a few more countries) and they blindly roll out a new feature, duping all people in those locations.
Probably not on purpose, but once again this shows the sheer ignorance of the Core team.
Anyways, I digress; thanks for taking swift action and releasing this as a plugin!
March 25, 2015 at 8:25 am # //
Chuy says:
How do I disable these emoji things?
I really don\’t like them. Could someone please help?
Thanks
April 23, 2015 at 8:07 pm # //
Ryan says:
I’m not sure if you are trolling, or just epically bad at reading. Either way, this post is about how to do exactly that :/
April 23, 2015 at 8:13 pm # //
Chuy says:
I found a plugin called \”Disable Emojis\” (https://wordpress.org/plugins/disable-emojis/) but is there a way to do this without a plugin? I dont like using too many plugins on WordPress sites…
Thanks
April 23, 2015 at 8:11 pm # //
Ryan says:
If this was possible without a plugin, then I would not have made the plugin.
April 23, 2015 at 8:14 pm # //
Luka Kaspar says:
Thanks. I implemented your remove function into my functions file and works a treat.
I count myself lucky for even noticing the added bloat… would fly by my radar if I wasn\’t doing a random pagespeed test.
April 23, 2015 at 11:32 pm # //
Ryan says:
I think most people aren’t going to notice this unfortunately. We don’t normally expect random junk to get added to our pages without asking first :/
April 26, 2015 at 12:08 pm # //
Julie @Niackery says:
Hi Ryan, I\’m wondering if this plugin disables the ability to use all the newly available characters (e.g.: Korean), or just the emojis? Thanks! I\’m installing the plugin regardless π
April 24, 2015 at 3:29 am # //
Ryan says:
I’m not aware of any changes to character sets sorry. I’m assuming this is an unrelated issue to emoji’s.
April 26, 2015 at 12:10 pm # //
Julie @Niackery says:
I thought emoji were the result of the utf8mb4 upgrade, the primary purpose of which is to natively support Han characters… Hope you don\’t mind checking it out: https://make.wordpress.org/core/2015/04/02/the-utf8mb4-upgrade/. Thanks!
April 28, 2015 at 12:56 am # //
Ryan says:
That was probably required to make emoji’s work. But that’s unrelated to what this plugin does. The plugin disables all of the extra JavaScript junk added to your site to make the emoji’s work in older browsers. I should update the documentation to explain this actually.
April 28, 2015 at 7:48 am # //
Julie @Niackery says:
Thanks for the info, Ryan!
April 28, 2015 at 12:52 pm # //
ivan says:
Thank you very much for taking the time to make the plugin. Worked like a charm.
April 24, 2015 at 5:27 am # //
Ryan says:
No problem. Glad to hear it worked like a charm π
April 26, 2015 at 12:10 pm # //
Frank says:
Hi Ryan,
thanks you very much for this plugin. I used it instantly, and, honestly, I was searching for it.
When you say:
\”Theyβd need to brute force the hash to get the email address, so although itβs technically possible, I donβt think itβs something they could do emasse. And anyone who signed up for a Gravatar would have already provided their email address to them willingly.\”
I would disagree because what\’s going on here is much more serious. Gravatar is without any doubt part of a world wide spying machine, even if it\’s not involved in spying. Because: if you have the political right to access server logs due to, let\’s say, papers like \”Patriot Act\”, you can hash a person\’s well-known mail address and you\’re able to pull a list of all comments of that person accross all WP blogs wordwide. And: this person even doesn\’t need to have an Gravatar account! EVERY persons mail-hash is sent to fetch a potentially existing picture. And all Gravatar servers reside in the U.S.
Cheers,
Frank
April 24, 2015 at 10:34 pm # //
Ryan says:
You have a good point about not requiring to have a Gravatar account. Even when no account is present, your email hash is still sent back. This is something we should all mention on our privacy page (assuming we have one).
April 26, 2015 at 12:29 pm # //
Frank says:
P.S.
\”Participate in this conversation via e-mail\”
You should consider that you invite people this way and by this checkbox beeing tracked, for good or for bad.
April 24, 2015 at 10:41 pm # //
Ryan says:
Yes, you would never want to use an email service like I’m using here if you require absolute privacy.
April 26, 2015 at 12:33 pm # //
Eric says:
Thank you so much for this plugin. I had some really strange issues with a plugin I am developing, to the point where it was causing iOS browsers to hang and crash. Disabling emojis fixed it right up, so much appreciated.
May 5, 2015 at 1:02 am # //
Ryan says:
Glad to hear you find the plugin useful π
May 5, 2015 at 7:20 am # //
omahorst says:
Thanks for making the plugin, Ryan. As others have said, it\’s a VERY questionable decision to put stupid shit like \”emojis\” into the core, and it doesn\’t bode well for future upgrades.
May 5, 2015 at 10:12 am # //
Ryan says:
WordPress has been adding stupid shit in core since the very beginning π
May 5, 2015 at 1:08 pm # //
Marcin says:
Really appreciate your work dude because it saved me a couple of headaches ;). I really don\’t understand why wordpress team is adding this kind of crap…
May 14, 2015 at 10:26 am # //
Ryan says:
They’re adding it because some people want it. The problem though, is that it has a negative impact on those who don’t want it :/
May 14, 2015 at 12:24 pm # //
Marie says:
Thanks for the plugin, much appreciated!
I, too, wonder why the WordPress team don\’t set up emojis as an option, that could be freely disabled from the dashboard. Let\’s hope they\’ll implement it someday π
May 18, 2015 at 4:52 pm # //
Ryan says:
Glad to hear you find it useful π
I’d rather not see a setting for it myself though. I’d rather it either on by default or not implemented at all.
May 18, 2015 at 6:03 pm # //
Ben Sibley says:
Ryan,
Thanks for the plugin, it works great.
If you haven\’t seen this already, it should shed some light on emojis and the real reason they were included: https://poststatus.com/the-trojan-emoji/
July 30, 2015 at 12:15 pm # //
Ryan says:
Thanks. That article is about the modifications to the database rather than the JavaScript which this plugin removes though.
July 30, 2015 at 2:07 pm # //
Chris says:
I found this plugin because I noticed today on one of my sites it was nearing its page visits threshold of the host.
When I checked their reports, I noticed zillions of hits on the emoji js file.
So I\’ve installed you plugin, and hopefully will see a bit of a drop in page visits that will buy me some more time.
August 12, 2015 at 4:25 am # //
Ryan says:
That’s fascinating to hear that you are finding the plugin useful for handling an increased traffic volume.
August 12, 2015 at 7:41 am # //