Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2018-04-07 18:08:52

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,753
Website

Txp cookies, visitor logging, and GDPR stuff in general

I never thought about this before, and it’s probably a Luddite Q, but does Txp hand out cookies to site visitors? If so, what’s the nature? I’m updating my “Rights and Freedoms” blurb at the biz site.

Edit: This thread expanded into discussion about IP addresses thus Visitor logging, and how it all concerns the new GDPR.

Offline

#2 2018-04-07 19:42:06

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,172
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

AFAIK no. Only if you decide to use them yourself.

A cookie is only set when logged in so you should only need to inform people if you allow them to do that or are using cookies yourself or through some other service.


TXP Builders – finely-crafted code, design and txp

Offline

#3 2018-04-07 20:30:02

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,371
Website GitHub Mastodon

Re: Txp cookies, visitor logging, and GDPR stuff in general

This what disconnect.me shows on textpattern.com.

Offline

#4 2018-04-07 21:25:21

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,753
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Thanks both.

Offline

#5 2018-04-07 21:36:41

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 3,627
GitHub

Re: Txp cookies, visitor logging, and GDPR stuff in general

Vague memory here…

Is/was there a cookie set for commenter’s details?

Edit: or is it localStorage?

Edit #2: unless something’s changed since 2011, cookies are not used in comments

Last edited by gaekwad (2018-04-07 21:43:17)

Offline

#6 2018-04-08 00:21:19

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 2,474
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

gaekwad wrote #310751:

Edit #2: unless something’s changed since 2011, cookies are not used in comments

Not really true. There is a checkbox to “Remember” commenter data (name/ email / site URL). That sets cookies, but (of course) only if the commenter leaves the checkbox as checked.


Where is that emoji for a solar powered submarine when you need it ?

Offline

#7 2018-04-08 07:10:49

philwareham
Core designer
From: Haslemere, Surrey, UK
Registered: 2009-06-11
Posts: 3,532
Website GitHub Twitter

Re: Txp cookies, visitor logging, and GDPR stuff in general

I guess that checkbox could be updated to localstorage- maybe open an issue to discuss. Although I don’t see that cookie as infringing European cookie law? You can of course omit that checkbox entirely in your comment forms too if you wish.

Offline

#8 2018-04-08 07:26:58

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 2,474
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

philwareham wrote #310756:

I guess that checkbox could be updated to localstorage- maybe open an issue to discuss. Although I don’t see that cookie as infringing European cookie law? You can of course omit that checkbox entirely in your comment forms too if you wish.

Localstorage or cookie make little difference in my book (in terms of privacy, I mean). But maybe changing the initial state of the checkbox – currently it is checked. Perhaps unchecked would be better for the various privacy legislations? That way the user has to take action (opt-in)?


Where is that emoji for a solar powered submarine when you need it ?

Offline

#9 2018-04-08 09:33:39

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,515
Website GitHub

Re: Txp cookies, visitor logging, and GDPR stuff in general

phiw13 wrote #310757:

Localstorage or cookie make little difference in my book (in terms of privacy, I mean). But maybe changing the initial state of the checkbox – currently it is checked. Perhaps unchecked would be better for the various privacy legislations? That way the user has to take action (opt-in)?

I agree. The tricky thing is that <txp:comment_remember> tag is coded as a toggle, and it’s rather terrible code:

  • If the cookie exists (i.e. someone has already set it in a previous comment) then the label is set as “forget” and the checkbox is checked.
  • If the cookie doesn’t exist (i.e. first visit, first comment, or if the person has chosen to tell Txp to forget their detail) then the label is set as “remember” and the checkbox is checked.

Not sure how to fix that. I’m tempted to leave it and completely overhaul the commenting system in a future Txp version by making it a module, deprecating the mess of comment tags we have now and starting again with new tags.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#10 2018-04-08 15:02:38

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,753
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Useful exchange, I think.

My aim is to be more expressly transparent about how I don’t track or collect data, as a kind of badge of honor, versus what I do and how it’s used for the sake of laws. I think the more people that take that open stance, the more pressure it puts on those who do track, scrape, collect, exploit, etc. The more awareness it makes in the wild in general.

In this particular site, I don’t use comments, so I guess that cookie thing is moot. I do use a contact form, but users will willingly and knowingly be giving their name and email in that case, should they even bother.

To my understanding that only leaves Txp visitor logging, and web host server logs. I don’t keep Txp logs more than 14 days, and I never look at server logs. But I want to acknowledge that functionality is there, though nothing to worry about (Txp), or even relevant (web server).

Wikipedia’s page on Server log gives me an idea about how to word things in relation to the latter:

“Information about the request, including client IP address, request date/time, page requested, HTTP code, bytes served, user agent, and referrer are typically added. This data can be combined into a single file, or separated into distinct logs, such as an access log, error log, or referrer log. However, server logs typically do not collect user-specific information.

I guess Txp pulls it’s visitor log data from the web server log?

I was looking at the disconnect.me (something I should use more) website. They say:

“Our privacy policy, in a sentence: We don’t collect your IP address or any other personal info, except the info you volunteer.”

Well, every web server records IP address, doesn’t it? They may not use it, but they’re web server is collecting it. I’m not sure what to think of that “policy” one-liner. But as the wikipedia page seems to suggest, in contrast, IP address is not “user-specific information”. Though I’m sure no internet lawyer wrote that.

I can’t think of anything else in my case. Nobody is signing into the site for any reason.

I don’t know if the registrar collects anything, or what. Likewise what ICANN may have access to, if anything. Those wouldn’t be within my control anyway.

Offline

#11 2018-04-08 18:58:11

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,172
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Destry wrote #310778:

My aim is to be more expressively transparent about how I don’t track or collect data, as a kind of badge of honor, versus what I do and how it’s used for the sake of laws. I think the more people that take that open stance, the more pressure it puts on those who do track, scrape, collect, exploit, etc. The more awareness it makes in the wild in general.

I applaud your transparency and yourt intention to do it with brevity. For a personal site, it’s perhaps easier to do that. For other sites, I really hope people find a way to be clear and to the point while still avoiding the fangs of predatory lawyers who seem to earn their living firing warning letters complete with fines to people who haven’t quite conformed to the new laws.

The week before last, I looked at one of those GDPR disclaimer generator site on behalf of a non-profit association client of mine: their site has no tracking, no user registration, no payments, no affiliations, no comment system. The only pertinent aspects are some member-supplied information (provided offline and person-to-person in direct agreement), a mailchimp signup and a link to a facebook page. In the whole multi-pane generator form, there are just three boxes ticked. The result is … I kid you not … 12 A4 pages (~5000 words) worth of policy infos. I shudder to think how long it will be on sites with anonymized webstats and perhaps an embedded twitter feed.
To me that has to be counter-productive. Aside from the fact that it needs considerable editing (it’s an association with members not a company with customers), I have suggested my client supplies a short info as a preamble to actually inform people and the privacy policy to ward off the lawyer-sharks.

(That said: that particular disclaimer does have a passage on server logs that you might find useful.)


TXP Builders – finely-crafted code, design and txp

Offline

#12 2018-04-08 19:38:08

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 10,515
Website GitHub

Re: Txp cookies, visitor logging, and GDPR stuff in general

jakob wrote #310784:

In the whole multi-pane generator form, there are just three boxes ticked. The result is … I kid you not … 12 A4 pages (~5000 words) worth of policy infos.

Yowzers. Gotta keep themselves employed, I guess. It’s jobs for the boys, just like in governments throughout the so-called democratic world!


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

Board footer

Powered by FluxBB