Txp cookies, visitor logging, and GDPR stuff in general

phiw13 · 2018-05-30 08:52:07

In reply to bici #312172:

ref Namecheap

Sadly, this only seems to apply when you register a new domain. Or maybe it will kick in when you renew the domain registration? (I don’t have any domains to renew right now to test that). Looking at my settings right now, I can only buy their whoisguard thingie – I hate that scam an never paid for it.

Hmm, they are a eNom reseller so eNoms updated WHOIS policy ought to apply (here).

jakob · 2018-05-30 09:28:10

phiw13 wrote #312182:

Sadly, this only seems to apply when you register a new domain. Or maybe it will kick in when you renew the domain registration?

According to their email, it will apply automatically for renewals:

You don’t need to do anything now. But, when it’s time to renew your WhoisGuard, you can look forward to doing so for FREE – forever – saving $2.88 a year!

However there is a proviso:

*Due to registry restrictions, WhoisGuard cannot be used with .asia, .ca, .cn, .uk, .co.uk, .de, .eu, .in, id, .me.uk, .nu, .li, .ch, .fr, .sg, .com.sg, .org.uk, .us, .es, .com.es, .nom.es, .org.es, .com.au, .net.au, .paris, .vote, .voto, .xn—3ds443g, .nyc or .org.au domains.

philwareham · 2018-05-30 09:35:52

GoDaddy are now redacting most of the WHOIS personal information on domain names registered through it’s European locations. They are taking their chances on their own – due to the massive failure of ICANN to comply with the GDPR law or to give any workable solution to domain registrars – to the ire of the US government.

That means you won’t have to pay extra for private WHOIS records on their platform now as a European (good).

philwareham · 2018-05-30 09:41:21

In reply to jakob #312183:

Due to registry restrictions, WhoisGuard cannot be used with…

Nominet (the controllers of .uk domains) have already obfuscated registrant information – so they are compliant with GDPR and wouldn’t need that WhoisGuard feature.

Destry · 2018-05-30 11:08:45

bici wrote #312174:

i am going to be looking for alternatives to Dotster my long time registrar, if they dont offer free privacy. It is total BS that this hasn’t been the default from the get go.

I’m on Ditster too, far too long. I’m moving off them regardless what they do as soon as my coverage paid at this point starts running low. I’m not crazy about Gandi, but that’s probably where I’ll go. Better than the Dits.

phiw13 · 2018-05-30 12:18:02

In reply to jakob #312183:

Ooh, indeed. I now clicked on the ‘buy’ button and Namecheap charged the grand total of 0.00 USD. Thank you for mentioning it.

michaelkpate · 2018-05-31 13:51:12

Google Emerges as Early Winner From Europe’s New Data Privacy Law

Most people now seem to associate GDPR was a whole bunch of annoying e-mails they mostly didn’t read.

philwareham · 2018-05-31 13:58:37

michaelkpate wrote #312214:

Google Emerges as Early Winner From Europe’s New Data Privacy Law

Not really

michaelkpate · 2018-05-31 14:32:36

I hate to call something “Fake News” but adding up the highest hypothetical fine and using that in a headline probably qualifies.

We have been assured that the regulators won’t go for the maximum penalties anyway
These are complaints by people with an axe to grind. Although, in the past, they often were just paid by companies like Microsoft and Oracle to pretend to be.
If they are found guilty, this will be fought in the courts for years.
While I am sure they don’t want to, there is always the Spain option or even the China option.

Basically, this is a wonderful time to be a Civil Attorney in the EU.

colak · 2018-06-02 08:51:44

I love the way the SF chronicle asks consent for cookies. Even if you reject all, and click continue, the page will load.

phiw13 · 2018-06-02 09:29:21

colak wrote #312252:

I love the way the SF chronicle asks consent for cookies. Even if you reject all, and click continue, the page will load.

Is that a EU thing? I don’t get anything that asks for cookie consent from here (even if I whitelist the site in 1Blocker)

Maybe I should be jealous?

colak · 2018-06-02 10:29:18

I have no idea if it is an EU thing but here is the screenshot. All privacy policies are linked to the corresponding sites.

> Edited to add: It is strange, as I did not consent to any cookies, clicked continue, read the article, and closed the browser. On revisiting the URL with the same browser, the choices were not there. I just landed on the article. I wonder if by not consenting to cookies, a cookie is saved to remember that decision.

Last edited by colak (2018-06-02 10:35:51)

jakob · 2018-06-02 10:51:42

colak wrote #312256:

I have no idea if it is an EU thing but here is the screenshot. All privacy policies are linked to the corresponding sites.

Wow. That is a monster. I suppose the language of the introductory sentences is lucid enough but the information on what those services are being used for is lacking, so one can’t make any half-way informed decision without reading the various privacy policies. Good luck to them with that – my guess is it’s their loss and people will simply not consent to what they don’t know … I’ve heard of Facebook and Twitter ;-) but none of the others.

Edited to add: It is strange, as I did not consent to any cookies, clicked continue, read the article, and closed the browser. On revisiting the URL with the same browser, the choices were not there. I just landed on the article. I wonder if by not consenting to cookies, a cookie is saved to remember that decision.

You can probably check that, but I assume “continue” is effectively committing your decision with regard to what they preset. Saving your preferences in a cookie is, I believe, okay. There’s no personal data being collected there, it’s just your own site preferences.

I love the way the SF chronicle asks consent for cookies. Even if you reject all, and click continue, the page will load.

That the page loads isn’t a problem (especially if leaner). If all those services are included (with their cookies) despite having been declined, then they’re blatant ignoring the user’s settings.

I’m sure you saw that post somewhere about The Verge being much leaner and still surfable and readable if you don’t click “OK” (they don’t offer a decline and make their notice take up a third of the screen). If you have a “User CSS” plugin in your browser, you can simply display:none !important; the notice and surf quite happily with about half the page volume.

jakob · 2018-06-02 11:41:04

Back to a practical question: Can I ask how you lot have been dealing with embedded content from such services if cookies are declined?

I have a few sites where there are occasional embedded videos, or a few interactive maps are shown or publication previews are embedded with issuu. I have another site with a twitter feed. If you’re going to follow the rules, you need to deactivate those or provide an alternative if cookies have been declined.

Up to now, I’ve used oui_cookie (thanks Nicolas!) as a wrapper to skip that content if my cookie-consent cookie is not accepted or provide a more basic alternative. That’s been easy enough on more recent sites where I was using rah_beacon to embed content, so only need to add the wrapper to my custom tag’s form (like you can now do with txp 4.70). It’s pretty tiresome, though, on the older sites where old articles have to be revisited and any embedded content wrapped in <oui_if cookie name="cookie-consent" value="accepted"> … </oui_if_cookie>.

In the case of the maps, I can put a static image in its place because there are only a few. That’s not feasible, for sites with lots of maps, though. <br> Note: if you do provide a graphic, go to the extra effort to download a static image from that service with their logo and copyright on it. If not, you may run into copyright problems like I explained in another thread (even if you state copyright separately on your page). Mapbox has a service for that. Google Maps I believe too. Others probably do too.
In place of issuu, you can simply link straight to a download of the document. Depending on your site, you could provide a preview image of the document, but again that’s not feasible for large sites with lots of past material.
Videos are more complicated: you can provide just the link to the video. If you want to show a preview image, you either have to make one for each video yourself, or you need to retrieve them from the service and cache them somehow (would that be possible?) before your visitor arrives. Then you show your visitors the preview and link along with a “when you click this you contact youtube” notice. No YouTube or vimeo code is then run until your user actually clicks on the video.
For twitter I’ve found tweetledee. You can retrieve your twitter timeline separately and turn it into a feed that get’s cached. They you embed that feed in your homepage. That prevents having to embed twitter code in your site.

There has been some admiration expressed for how Medium handle Do Not Track by showing an overlay that has to be clicked on before embedded content is shown: https://medium.com/policy/how-we-handle-do-not-track-requests-on-medium-f2b4b4fb7c5e.

I was wondering whether there’s a case to be made for some agreed site-wide flag or attribute name that plugin users could reference in their plugins, e.g. that consent-obtaining scripts could set and embedded content plugins could check against before displaying their content.

For example: I realised after a while (too late, unfortunately), that it would probably have been more robust to set a variable to denote consent or no-consent (or different kinds of consent). Then I can use oui_cookie, or some other method, to set that variable on page load. All other embeds only need check if that variable exists before presenting content. If plugins like oui_player, arc_youtube, arc_video etc. etc. checked against some typical default variable name/value, and perhaps also offered an attribute to allow you use a custom consent variable if you prefer (for more granular control, for example), then one could dispense with all the wrappers altogether.

That still doesn’t solve the problem of getting and caching the preview images first, though. I don’t know if there’s a way to do that on saving the article. Or perhaps we need a plugin where you first link up the video (like the links or files tab) and the preview image is retrieved then.

phiw13 · 2018-06-02 12:01:10

colak wrote #312256:

I have no idea if it is an EU thing but here is the screenshot. All privacy policies are linked to the corresponding sites.

Wow impressive thing that. But as Jacob notes, there is not much of an explanation for each service. And no matter how I try, I don’t get that. Must be EU specific. And I’m definitively jealous :-)

> Edited to add: It is strange, as I did not consent to any cookies, clicked continue, read the article, and closed the browser. On revisiting the URL with the same browser, the choices were not there. I just landed on the article. I wonder if by not consenting to cookies, a cookie is saved to remember that decision.

Probably a cookie yes. I checked the page with Firefox and afterwards found 14 cookies, + some subdomain with cookies and local storage things. That is with Ghostery enabled.

Textpattern CMS support forum

#361 2018-05-30 08:52:07

Re: Txp cookies, visitor logging, and GDPR stuff in general

In reply to bici #312172:

#362 2018-05-30 09:28:10

Re: Txp cookies, visitor logging, and GDPR stuff in general

phiw13 wrote #312182:

#363 2018-05-30 09:35:52

Re: Txp cookies, visitor logging, and GDPR stuff in general

#364 2018-05-30 09:41:21

Re: Txp cookies, visitor logging, and GDPR stuff in general

In reply to jakob #312183:

#365 2018-05-30 11:08:45

Re: Txp cookies, visitor logging, and GDPR stuff in general

bici wrote #312174:

#366 2018-05-30 12:18:02

Re: Txp cookies, visitor logging, and GDPR stuff in general

In reply to jakob #312183:

#367 2018-05-31 13:51:12

Re: Txp cookies, visitor logging, and GDPR stuff in general

#368 2018-05-31 13:58:37

Re: Txp cookies, visitor logging, and GDPR stuff in general

michaelkpate wrote #312214:

#369 2018-05-31 14:32:36

Re: Txp cookies, visitor logging, and GDPR stuff in general

#370 2018-06-02 08:51:44

Re: Txp cookies, visitor logging, and GDPR stuff in general

#371 2018-06-02 09:29:21

Re: Txp cookies, visitor logging, and GDPR stuff in general

colak wrote #312252:

#372 2018-06-02 10:29:18

Re: Txp cookies, visitor logging, and GDPR stuff in general

#373 2018-06-02 10:51:42

Re: Txp cookies, visitor logging, and GDPR stuff in general

colak wrote #312256:

#374 2018-06-02 11:41:04

Re: Txp cookies, visitor logging, and GDPR stuff in general

#375 2018-06-02 12:01:10

Re: Txp cookies, visitor logging, and GDPR stuff in general

colak wrote #312256:

Board footer