Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#385 2018-06-08 11:24:03

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,578
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Destry wrote #312459:

gdprhallofshame.com

I knew somebody would do it.

Except that the examples there are really quite good! That tumblr consent page has to be a joke! Makes our SF Chronicle “monster” look like an ant.


TXP Builders – finely-crafted code, design and txp

Offline

#386 2018-06-08 12:15:14

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: Txp cookies, visitor logging, and GDPR stuff in general

Hi all,

I have a question which I hope that it might generate some discussion.

There is a proper way to deal with GDPR which is to load no cookies without the visitors consent but does the law allow for cookies to be loaded regardless, once a disclaimer (cookie warning) is included in the site?

RE. gdprhallofshame.com

It loads 10-15 cookies when visited and the cookie warning is there just to tell us about it. In fact, the cookie warning is wrong as it only mentions analytics but cookies are also loaded from many other places. Interestingly, viewing it with ff and chrome the privacy badger revealed different results:

FF Chrome
ajax.cloudflare.com ajax.cloudflare.com
www.google-analytics.com www.google-analytics.com
ssl.gstatic.com
fonts.googleapis.com fonts.googleapis.com
www.gstatic.com www.gstatic.com
abs.twimg.com abs.twimg.com
pbs.twimg.com pbs.twimg.com
cdn.syndication.twimg.com cdn.syndication.twimg.com
lh3.googleusercontent.com
platform.twitter.com platform.twitter.com
syndication.twitter.com syndication.twitter.com
unpkg.com unpkg.com
www.google.com
media1.giphy.com
fonts.gstatic.com

Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#387 2018-06-08 13:43:06

planeth
Plugin Author
From: Nantes, France
Registered: 2009-03-19
Posts: 215
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Hi Colak,
my understanding is that you absolutely need consent before dropping cookie, pixel tracking, fingerprinting, whatever.
The CNIL is very clear about that.
And consent means opt-in, not opt-out. Your visitor must have a positive action before you do anything.
The only thing which is not very clear —I need to investigate some more— is for mandatory cookies as session cookies.

ANd don’t forget: E-Privacy directive is just around the corner.

Offline

#388 2018-06-08 13:53:02

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,379
Website GitHub Mastodon

Re: Txp cookies, visitor logging, and GDPR stuff in general

colak wrote #312461:

There is a proper way to deal with GDPR which is to load no cookies without the visitors consent but does the law allow for cookies to be loaded regardless, once a disclaimer (cookie warning) is included in the site?

I have noticed that a lot as well. I was on a site the other day and essentially their disclaimer was “Click here to read our GDPR-compliant Cookie Policy. Note: By browsing to another page on this site, you are indicating your agreement with our Privacy Policy.”

The code I wrote specifically doesn’t do anything with cookies until you accept.

Offline

#389 2018-06-08 15:26:18

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: Txp cookies, visitor logging, and GDPR stuff in general

So, as I understand it gdprhallofshame.com should include their own site in the list?

Re E-Privacy directive I was looking at that too and I was thinking of collating some info to start another thread.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#390 2018-06-08 22:37:05

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 2,071
Website Mastodon

Re: Txp cookies, visitor logging, and GDPR stuff in general

i can see a day when the internet will be like the transistor radio


…. texted postive

Offline

#391 2018-06-09 00:53:48

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

colak wrote #312470:

So, as I understand it gdprhallofshame.com should include their own site in the list?

Depends. Is the site a business or concerned with commerce at all? If not, it doesn’t have to comply.

I don’t understand the weird statement about Raygun in the About info, though. If he’s getting sponsor money through the site, then he might need to comply, yes.

I find the about page a little pretentious, in fact.

Offline

#392 2018-06-11 04:54:52

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: Txp cookies, visitor logging, and GDPR stuff in general

michaelkpate wrote #311894:

This article admits that no one knows anything.

I actually looked into geolocation technology a few weeks ago in order to see if I could come up with a way to block anyone from an EU country as a proof of concept.

I came across this script which might be good if it was developed into a txp plugin so as to load the cookie warnings only in the EU. Something like

<txp:xxx_if_eu>
<txp:oui_cookie name="accept" values="yes" />
<txp:oui_if_cookie name="accept">
track
<txp:else />
warning
</txp:oui_if_cookie>
<txp:else />
track
</txp:xxx_if_eu>

Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#393 2018-06-11 12:26:38

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,379
Website GitHub Mastodon

Re: Txp cookies, visitor logging, and GDPR stuff in general

colak wrote #312500:

I came across this script which might be good if it was developed into a txp plugin so as to load the cookie warnings only in the EU.

Unfortunately, that doesn’t actually comply with the law.

And it won’t work (Like any kind of blocking), because GDPR doesn’t affect connections from Europe but connections from users having European citizenship, so even someone living in USA but having EU citizenship will be affected by GDPR. – Twitter

I can’t wait for the EU to fine a company for sending cookies to someone like Peter Bright. Peter is a naturalized US citizen, which required him to renounce his UK citizenship to get, but he mentioned once that it wasn’t actually recognized by the UK so he is still covered by GDPR.

Offline

#394 2018-06-12 13:44:29

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: Txp cookies, visitor logging, and GDPR stuff in general

A very provocative example of how EU laws are made just to create jobs for lawyers. The page of the European Council, one of the main legislating institutions of the EU, serves 20 cookies without the visitors’ consent! Even if we consider GDPR as a new thing, the cookie law, has been around for some time. I guess some animals are more equal than others.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#395 2018-06-12 14:35:46

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,379
Website GitHub Mastodon

Re: Txp cookies, visitor logging, and GDPR stuff in general

colak wrote #312532:

serves 20 cookies without the visitors’ consent!

I am getting different results in Firefox.

Go to the site. Check: 4 cookies. Decline and get taken to the Cookie page. Still 4.

Reload. Hit Accept. 5 cookies now. Go back to the home page. Reload. Still 5.

I wonder if they do things different depending on whether you are in the EU?

Offline

#396 2018-06-12 15:44:46

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: Txp cookies, visitor logging, and GDPR stuff in general

michaelkpate wrote #312533:

I am getting different results in Firefox.

Go to the site. Check: 4 cookies. Decline and get taken to the Cookie page. Still 4.

Reload. Hit Accept. 5 cookies now. Go back to the home page. Reload. Still 5.

I wonder if they do things different depending on whether you are in the EU?

They might be serving different cookies depending on location. I just checked the page with Opera VPN (Americas) and got served 17 cookies.

  1. cdnjs.cloudflare.com
  2. analytics.council-tvnewsroom.eu
  3. static.council-tvnewsroom.eu
  4. ssl.google-analytics.com
  5. www.google-analytics.com
  6. ajax.googleapis.com
  7. www.googletagmanager.com
  8. 443d27e11a58a8213c23-cce49c1ac3bc3a94bf10f1cd2f71c573.ssl.cf3.rackcdn.com
  9. 9473ad3ea11b29681679-f016b9572ff77a84c11597148be206c7.ssl.cf3.rackcdn.com
  10. c71e283419c99084e2f1-84bb3e6572a8478bcb83f2e5fe3f9c9e.ssl.cf3.rackcdn.com
  11. dadfc20f9dc98898440c-a75424f262e53e74f9539145894f4378.ssl.cf3.rackcdn.com
  12. ssl.siteimprove.com
  13. abs.twimg.com
  14. pbs.twimg.com
  15. cdn.syndication.twimg.com
  16. platform.twitter.com
  17. syndication.twitter.com

Regardless of the number, they should not be serving any without our consent!


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

Board footer

Powered by FluxBB