Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2018-04-07 18:08:52

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,020
Website

Txp cookies, visitor logging, and GDPR stuff in general

I never thought about this before, and it’s probably a Luddite Q, but does Txp hand out cookies to site visitors? If so, what’s the nature? I’m updating my “Rights and Freedoms” blurb at the biz site.

Edit: This thread expanded into discussion about IP addresses thus Visitor logging, and how it all concerns the new GDPR.


The text persuades, the *notes prove。

Offline

#2 2018-04-07 19:42:06

jakob
Moderator
From: Germany
Registered: 2005-01-20
Posts: 3,159
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

AFAIK no. Only if you decide to use them yourself.

A cookie is only set when logged in so you should only need to inform people if you allow them to do that or are using cookies yourself or through some other service.


TXP Builders – finely-crafted code, design and txp

Offline

#3 2018-04-07 20:30:02

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,118
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

This what disconnect.me shows on textpattern.com.

Offline

#4 2018-04-07 21:25:21

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,020
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Thanks both.


The text persuades, the *notes prove。

Offline

#5 2018-04-07 21:36:41

gaekwad
Member
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 2,379

Re: Txp cookies, visitor logging, and GDPR stuff in general

Vague memory here…

Is/was there a cookie set for commenter’s details?

Edit: or is it localStorage?

Edit #2: unless something’s changed since 2011, cookies are not used in comments

Last edited by gaekwad (2018-04-07 21:43:17)

Offline

#6 2018-04-08 00:21:19

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,546
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

gaekwad wrote #310751:

Edit #2: unless something’s changed since 2011, cookies are not used in comments

Not really true. There is a checkbox to “Remember” commenter data (name/ email / site URL). That sets cookies, but (of course) only if the commenter leaves the checkbox as checked.

Offline

#7 2018-04-08 07:10:49

philwareham
Core designer
From: Farnham, Surrey, UK
Registered: 2009-06-11
Posts: 3,093
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

I guess that checkbox could be updated to localstorage- maybe open an issue to discuss. Although I don’t see that cookie as infringing European cookie law? You can of course omit that checkbox entirely in your comment forms too if you wish.

Offline

#8 2018-04-08 07:26:58

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,546
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

philwareham wrote #310756:

I guess that checkbox could be updated to localstorage- maybe open an issue to discuss. Although I don’t see that cookie as infringing European cookie law? You can of course omit that checkbox entirely in your comment forms too if you wish.

Localstorage or cookie make little difference in my book (in terms of privacy, I mean). But maybe changing the initial state of the checkbox – currently it is checked. Perhaps unchecked would be better for the various privacy legislations? That way the user has to take action (opt-in)?

Offline

#9 2018-04-08 09:33:39

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 8,458
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

phiw13 wrote #310757:

Localstorage or cookie make little difference in my book (in terms of privacy, I mean). But maybe changing the initial state of the checkbox – currently it is checked. Perhaps unchecked would be better for the various privacy legislations? That way the user has to take action (opt-in)?

I agree. The tricky thing is that <txp:comment_remember> tag is coded as a toggle, and it’s rather terrible code:

  • If the cookie exists (i.e. someone has already set it in a previous comment) then the label is set as “forget” and the checkbox is checked.
  • If the cookie doesn’t exist (i.e. first visit, first comment, or if the person has chosen to tell Txp to forget their detail) then the label is set as “remember” and the checkbox is checked.

Not sure how to fix that. I’m tempted to leave it and completely overhaul the commenting system in a future Txp version by making it a module, deprecating the mess of comment tags we have now and starting again with new tags.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#10 2018-04-08 15:02:38

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,020
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Useful exchange, I think.

My aim is to be more expressly transparent about how I don’t track or collect data, as a kind of badge of honor, versus what I do and how it’s used for the sake of laws. I think the more people that take that open stance, the more pressure it puts on those who do track, scrape, collect, exploit, etc. The more awareness it makes in the wild in general.

In this particular site, I don’t use comments, so I guess that cookie thing is moot. I do use a contact form, but users will willingly and knowingly be giving their name and email in that case, should they even bother.

To my understanding that only leaves Txp visitor logging, and web host server logs. I don’t keep Txp logs more than 14 days, and I never look at server logs. But I want to acknowledge that functionality is there, though nothing to worry about (Txp), or even relevant (web server).

Wikipedia’s page on Server log gives me an idea about how to word things in relation to the latter:

“Information about the request, including client IP address, request date/time, page requested, HTTP code, bytes served, user agent, and referrer are typically added. This data can be combined into a single file, or separated into distinct logs, such as an access log, error log, or referrer log. However, server logs typically do not collect user-specific information.

I guess Txp pulls it’s visitor log data from the web server log?

I was looking at the disconnect.me (something I should use more) website. They say:

“Our privacy policy, in a sentence: We don’t collect your IP address or any other personal info, except the info you volunteer.”

Well, every web server records IP address, doesn’t it? They may not use it, but they’re web server is collecting it. I’m not sure what to think of that “policy” one-liner. But as the wikipedia page seems to suggest, in contrast, IP address is not “user-specific information”. Though I’m sure no internet lawyer wrote that.

I can’t think of anything else in my case. Nobody is signing into the site for any reason.

I don’t know if the registrar collects anything, or what. Likewise what ICANN may have access to, if anything. Those wouldn’t be within my control anyway.


The text persuades, the *notes prove。

Offline

Board footer

Powered by FluxBB