amphtml icon indicating copy to clipboard operation
amphtml copied to clipboard

Published 20 hours ago verified publisher icon ampproject

Doublick extension creates cookie despite no consent

Open nouchy opened this issue 1 year ago • 6 comments

https://github.com/ampproject/amphtml/blob/11948477e786ca04b70f35290b4fcecebd19b803/extensions/amp-ad-network-doubleclick-impl/0.1/amp-ad-network-doubleclick-impl.js#L974

When no consent is given in Europe, despite the presence of TCF V2.2 and TC String in the ad call, the extension accesses/creates the _ga cookie, which it should not, because of the getOrCreateAdCid function.

image

nouchy avatar Jan 19 '24 17:01 nouchy

@nouchy thanks for the report. we'll prioritize this

erwinmombay avatar Jan 23 '24 21:01 erwinmombay

I am assuming the consent here is the one you implement using amp-consent. Did you try blocking amp-analytics using https://amp.dev/documentation/components/amp-consent#basic-blocking-behaviors?

ychsieh avatar Jan 25 '24 22:01 ychsieh

I am assuming the consent here is the one you implement using amp-consent. Did you try blocking amp-analytics using https://amp.dev/documentation/components/amp-consent#basic-blocking-behaviors?

Obviously yes, for the GA4 module :) That's why it's such a shame to have this "_ga" cookie created by the Doubleclick module, which is blocked manually :

image

nouchy avatar Jan 28 '24 17:01 nouchy

@nouchy thank you so much for this report.

Found the culprit of the bug in the TCF2.2 implementation. https://github.com/ampproject/amphtml/commit/93c1e3123e8e896118acea75ddc71854b4bbd8e0

Working on a fix right now.

erwinmombay avatar Jan 31 '24 04:01 erwinmombay

following up. so I was incorrect that the TCF 2.2 implementation was the bug. I'm consulting with some internal teams to make the change safely

erwinmombay avatar Feb 22 '24 18:02 erwinmombay

update on this, we have an implementation that is in review

erwinmombay avatar Mar 17 '24 22:03 erwinmombay