Textpattern CMS support forum

You are not logged in. Register | Login | Help

#381 2018-06-03 06:30:30

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,595
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

colak wrote #312261:

You may be able to get it via the new Opera VPN.

That was a nice idea. Setting Opera to use the build-in VPN did indeed show your monster dialog. Clicking “continue” without touching anything then sets a bunch of cookies + local storage: cookies for the domain itself + GA and Chartbeat. You’ll notice that, in your screenshot, the checkboxes for “analytics” are checked by default. Given the size of my browser window, I didn’t even see that; and with overlay scrollbars, there was nothing telling me there was more to scroll to. OK, I could/should have scrolled… On a second visit to the same page, I was greeted with an overlay for offer this, then a second one for offer that, and redirected to a page with the only option to subscribe.

By the way, it appears that Opera’s build-in ad/tracker blocker does not block the G.Analytics scripts. 1Blocker (with Safari) and Ghostery (Firefox) do block it.

Offline

#382 2018-06-03 06:35:05

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 1,595
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

jakob wrote #312262:

Yes, it’s the same idea but for Safari: User CSS (it’s what they call an extension). It’s good for those really obnoxious “we’ll freeze your view until you sign up with us” sites.

Just FWIW – Safari you can link to a stylesheet directly (Preferences > Advanced). But everything you set in that stylesheet is global. The advantage of the UserCSS extension is that it can target an individual site. The 1Blocker content blocker extension also offers a way for those “we’ll freeze your view ” sites.

Offline

#383 2018-06-04 04:37:13

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,078
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

jakob wrote #312258:

Back to a practical question: Can I ask how you lot have been dealing with embedded content from such services if cookies are declined?

  • Videos are more complicated: you can provide just the link to the video. If you want to show a preview image, you either have to make one for each video yourself, or you need to retrieve them from the service and cache them somehow (would that be possible?) before your visitor arrives. Then you show your visitors the preview and link along with a “when you click this you contact youtube” notice. No YouTube or vimeo code is then run until your user actually clicks on the video.

I have created two little macros for the videos from vimeo. <txp:euvid video="###" presenting="something here" id="vid" /> (for videos which are embedded as a single video) and <txp:euvids cat="link_category_name" presenting="something here" id="vids" /> (for groups of videos using a jquery script). As such, no content is loaded without the visitors consent and I easily include descriptions of the videos and links to their urls on vimeo.


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | NeMe @ github

Offline

#384 2018-06-08 10:59:19

Destry
Moderator
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,103
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

gdprhallofshame.com

I knew somebody would do it.


The text persuades, the *notes prove。

Offline

#385 2018-06-08 11:24:03

jakob
Moderator
From: Germany
Registered: 2005-01-20
Posts: 3,298
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Destry wrote #312459:

gdprhallofshame.com

I knew somebody would do it.

Except that the examples there are really quite good! That tumblr consent page has to be a joke! Makes our SF Chronicle “monster” look like an ant.


TXP Builders – finely-crafted code, design and txp

Offline

#386 2018-06-08 12:15:14

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,078
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Hi all,

I have a question which I hope that it might generate some discussion.

There is a proper way to deal with GDPR which is to load no cookies without the visitors consent but does the law allow for cookies to be loaded regardless, once a disclaimer (cookie warning) is included in the site?

RE. gdprhallofshame.com

It loads 10-15 cookies when visited and the cookie warning is there just to tell us about it. In fact, the cookie warning is wrong as it only mentions analytics but cookies are also loaded from many other places. Interestingly, viewing it with ff and chrome the privacy badger revealed different results:

FF Chrome
ajax.cloudflare.com ajax.cloudflare.com
www.google-analytics.com www.google-analytics.com
ssl.gstatic.com
fonts.googleapis.com fonts.googleapis.com
www.gstatic.com www.gstatic.com
abs.twimg.com abs.twimg.com
pbs.twimg.com pbs.twimg.com
cdn.syndication.twimg.com cdn.syndication.twimg.com
lh3.googleusercontent.com
platform.twitter.com platform.twitter.com
syndication.twitter.com syndication.twitter.com
unpkg.com unpkg.com
www.google.com
media1.giphy.com
fonts.gstatic.com

Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | NeMe @ github

Offline

#387 2018-06-08 13:43:06

planeth
Plugin Author
From: Nantes, France
Registered: 2009-03-19
Posts: 191
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

Hi Colak,
my understanding is that you absolutely need consent before dropping cookie, pixel tracking, fingerprinting, whatever.
The CNIL is very clear about that.
And consent means opt-in, not opt-out. Your visitor must have a positive action before you do anything.
The only thing which is not very clear —I need to investigate some more— is for mandatory cookies as session cookies.

ANd don’t forget: E-Privacy directive is just around the corner.

Offline

#388 2018-06-08 13:53:02

michaelkpate
Moderator
From: Avon Park, FL
Registered: 2004-02-24
Posts: 1,131
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

colak wrote #312461:

There is a proper way to deal with GDPR which is to load no cookies without the visitors consent but does the law allow for cookies to be loaded regardless, once a disclaimer (cookie warning) is included in the site?

I have noticed that a lot as well. I was on a site the other day and essentially their disclaimer was “Click here to read our GDPR-compliant Cookie Policy. Note: By browsing to another page on this site, you are indicating your agreement with our Privacy Policy.”

The code I wrote specifically doesn’t do anything with cookies until you accept.

Offline

#389 2018-06-08 15:26:18

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 7,078
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

So, as I understand it gdprhallofshame.com should include their own site in the list?

Re E-Privacy directive I was looking at that too and I was thinking of collating some info to start another thread.


Yiannis
——————————
neme.org | hblack.net | LABS | State Machines | NeMe @ github

Offline

#390 2018-06-08 22:37:05

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 1,404
Website

Re: Txp cookies, visitor logging, and GDPR stuff in general

i can see a day when the internet will be like the transistor radio


…. texted postive

Offline

Board footer

Powered by FluxBB