Textpattern CMS support forum

You are not logged in. Register | Login | Help

#31 2018-04-09 13:05:48

gaekwad
Admin
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,633

Re: Txp cookies, visitor logging, and GDPR stuff in general

Destry wrote #310811:

Could the Visitor logs be extended to only log non-human visits? (Spam tech, bots, etc) so that it’s at least providing some value? I’ve never used it for that reason but maybe somebody has and would like to keep doing so.

How would you differentiate? Query the user agent? Measure rate of moving around on the site? Compare origin with a spam blocklist in real time?

If not, let me ask the elephant in the room question: Should Txp drop supporting the Visitor logs functionality and leave it to site Controllers to decide for themselves whether or not to install/use third-party tracking technology? Or maybe this is a rare instance where core functionality is removed to become a plugin. Not a bad idea, actually.

-1 from me. Intranets, geographically-fenced extranets and some territories where GDPR (or similar) just doesn’t apply are all perfectly valid environments for Textpattern.

It kind of makes sense to me… Takes the hazy middle ground out of the equation. I, or anyone, could then say matter-of-factly: “We do not have software installed than can track you. Period.”

Turn logging off inside Textpattern, done. If it’s off, there’s no logging, and within the confines of the site CMS, something the Operator (I do like this choice of term, btw) can confirm is done and no longer be liable.

…but just because internal logging is off, that just moves it up the tree – the web host will typically store data about who accesses what, either for auditing, compliance, poops-and-giggles, and then any proclamation – while virtuous – is sorta worthless at the same time.

Textpattern logging is disabled out of the box, which is fine. It can be turned on, and if there’s sufficient proof that setting Logging to None doesn’t actually store anything identifiable, and the code is readily audit-able, that’s Job Done. Anything beyond this is overreaching, in my humble.

Offline

#32 2018-04-09 13:59:44

etc
Developer
Registered: 2010-11-11
Posts: 3,427
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Bloke wrote #310804:

What I still find kinda funny about all this is that in order to opt out of any cookies being stored on a site, a cookie needs to be stored.

That’s nearly illegal indeed and not true anymore, hope nothing is broken.

Offline

#33 2018-04-09 15:32:31

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,214
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

This whole thing reminds me a lot of COPPA, the Children’s Online Privacy Protection Act passed here in the US in 1998.

For those of you who don’t know, COPPA required parental permission for anyone under 13 to sign up for online services. That is why to this day most sites just blanket ban children below that age from signing up. And the net result has been that children often lie, sometimes with their parent’s encouragement..

It will be interesting to see if any sites ban EU users.

Offline

#34 2018-04-09 15:35:29

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,214
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Destry wrote #310800:

But, Michael, I don’t know if your free advertising for YouTube and Denise is warranted. ;)

All I did was link to the video. FluxBB has a feature that turns any standard link into an embed.

"This Week in Law 418: FOMO Re EU":https://www.youtube.com/watch?v=WGUSXb7FeiA

Offline

#35 2018-04-09 22:48:34

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,761
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

etc wrote #310814:

That’s nearly illegal indeed and not true anymore, hope nothing is broken.

Excellent – now the “Remember me” setting is opt-in. Thank you.

Offline

#36 2018-04-10 07:04:28

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,296
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

gaekwad wrote #310813:

How would you differentiate? Query the user agent? Measure rate of moving around on the site? Compare origin with a spam blocklist in real time?

That’s why I asked could it be done, Pete. So I guess what you mean to say is, ‘no, it can’t be done because it’s impossible to differentiate the referrals.’

So now the context of discussion switches to full functionality as a plugin.

-1 from me. Intranets, geographically-fenced extranets and some territories where GDPR (or similar) just doesn’t apply are all perfectly valid environments for Textpattern.

Intranets/extranets sound like low uses cases considering Txp’s relatively low uptake in the wild. You might find a lot of SharePoint, on the other hand. ;) Likewise with popularity in odd regions of the world. But regardless whether there are 1 or 1 million Txp intranets, that doesn’t obviate adding the functionality as a plugin.

Turn logging off inside Textpattern, done. If it’s off, there’s no logging, and within the confines of the site CMS, something the Operator (I do like this choice of term, btw) can confirm is done and no longer be liable.

Yes. This is the obvious status, under the circumstances, for any controller (the term, btw, if you mean site owner) who wants to do the most they can for piece of mind.

But if it’s left off forever, I guess one could ask, what’s the point of it being there at all like a boneless thumb?

…but just because internal logging is off, that just moves it up the tree – the web host will typically store data about who accesses what, either for auditing, compliance, poops-and-giggles…

Fine. “It’s not in my tree anymore,” as the thinking would go. At that point one can switch from saying…

I don’t have logging on in the CMS, which provides the functionality OOB, and you’ll just have to trust that I’m not using it.

To…

I definitively do not have any technology installed that can track you, even if I wanted to flip it on for a few yours at rush hour.”

Yes, I’m exaggerating these lines to make the distinction clear.

Btw, here’s another honest question: If a Txp site has logging on, can a site visitor tell that by any measure or tool?

If not, then you see how trust really comes into the equation. And trust is running low on the web these days. How would that be policed? Hell if I know. I’m only speaking to eliminate any worry about it.

…and then any proclamation – while virtuous – is sorta worthless at the same time.

Is it worthless, though? Which one of those statements above would you prefer to see as a gun-shy web user these days?

Textpattern logging is disabled out of the box, which is fine. It can be turned on, and if there’s sufficient proof that setting Logging to None doesn’t actually store anything identifiable, and the code is readily audit-able, that’s Job Done. Anything beyond this is overreaching, in my humble.

Your confidence suggests your grasp of the GDPR nuances are better than mine. If it’s really “job done” to satisfy them by simply turning logging off, then good. There’s a least peace in the jungle. ;)

But I’m not sure logging as a plugin option for a Controller would be “overreaching”. More work, certainly, but not totally pointless.


Wordworkin’ for you.

Offline

#37 2018-04-10 07:23:36

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,296
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

michaelkpate wrote #310819:

All I did was link to the video.

That was the whole point of my rib. The embed isn’t giving YT the juice. The visits are. (And considering this whole can of beans centers around surveillance capitalism and data privacy… well, the link just seemed like a big, plump pimple on the tip of a nose. A Facebook link couldn’t have been more ironic. ;)

But I’m just ribbing you, not attacking. Carry on.


Wordworkin’ for you.

Offline

#38 2018-04-10 07:30:54

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,296
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

michaelkpate wrote #310818:

It will be interesting to see if any sites ban EU users.

I’m certain it will happen. I can hear all the red-faced [American stereotype here]s complaining about it now. But that will only hurt them, not achieve anything. In fact, you’ll probably see blacklists emerge for sites that don’t respect EU citizens. The pissing wars will be interesting indeed. I suspect a few high profile business losses or heavy fines dealt will straighten things out in the end, though.

And I wonder how the CLOUD act will influence that too, which gives EU governments (and any other world gov) the right to access American data stores for “criminal” investigation.


Wordworkin’ for you.

Offline

#39 2018-04-10 07:58:43

philwareham
Core designer
From: Farnham, Surrey, UK
Registered: 2009-06-11
Posts: 3,216
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Interesting thread – thanks all.

I’ve realised that I need to update the Privacy Policy on Textpattern.com to reflect this and the work we did a couple of months back to remove all user tracking and suchlike from the site(s). Some of the sections there are just plain incorrect now (e.g. “We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Websites.”).

Offline

#40 2018-04-10 08:10:01

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,761
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Destry wrote #310833:

And I wonder how the CLOUD act will influence that too, which gives EU governments (and any other world gov) the right to access American data stores for “criminal” investigation.

Am I confused here? I thought the CLOUD act was a US government intervention / land grab ? (Wikipedia seems to agree – wiki link as it was the 1st link in DDG).

Offline

Board footer

Powered by FluxBB