blowfish icon indicating copy to clipboard operation
blowfish copied to clipboard

Published 20 hours ago verified publisher icon nunocoracao

✨ Alternate Save Options / Cookie Note Shortcode

Open ModdyLP opened this issue 2 years ago • 11 comments

Is your feature request related to a problem? Please describe. I noticed that the Firebase integration tracks some users without notice and that is not eligible to European DSGVO. So a cookie note and alternate save Options would be very helpful.

Describe the solution you'd like Separate Possibility to override the Firebase part with own implementation or provide directly more than this. For example, a Redis database would satisfy these needs. For the cookie note, a simple dismissable note would be great that disables any tracking for example or restrict to technical needed ones.

Additional context I tried on my own, but i have not that time at the moment. I will provide a pull request if I find some time to implement this.

ModdyLP avatar Jan 18 '23 18:01 ModdyLP

Will not have time for this soon, but I would be happy to review a PR for it.

A comment, this should be two different tickets: one for the cookie shortcode, and another for the likes/view generic integration.

A note, what do you mean by tracking users? it just saves whether or not a user liked/viewed something through an anonymous login. No user info is tracked/stored.

nunocoracao avatar Jan 18 '23 21:01 nunocoracao

You are right, that should be seperated in two feature requests.

The Firebase integration does not track directly that is right, but if you provide a analytics key and enable the hugo analytics option, the partial will load in head. But Hugo doesnt provide a confirmation for the user to disable this tracking. I mean as developer i love tracking others, but i dont like to get tracked and actually the partial not allow me to disable that.

ModdyLP avatar Jan 19 '23 18:01 ModdyLP

Isn't it a bit "improper" to say that it is tracking users? It is simply tracking how many times a page has been accessed, not by whom. At least afaik, it does not store any information which could identify the user that accessed the page.

Regarding the other topic, I agree with the option to override the firebase implementation and bring in your own as I would like to use Supabase in my project since I am more familiar with that product.

mircea-pavel-anton avatar Jan 20 '23 12:01 mircea-pavel-anton

@ModdyLP @mirceanton shall we try to clarify what this feature could be before making the final decision?

My proposal:

  • New config in params.toml that will trigger a cookie message and will let the users opt-out of whatever integrations we have in blowfish
  • if user accepts nothing will change
  • if user denies ALL integrations that could potentially be considered as "tracking" will be disabled

details of what would be turned off:

  • Analytics frameworks will not loaded (phantom and ga)
  • firebase integrations for writing will be turned off, reading will be kept on - not sure if this one is possible, I think I have reading the firebase DBs as a public - also high complexity

Any thing else?

nunocoracao avatar Feb 08 '23 12:02 nunocoracao

I think extracting the firebase integration into a partial or something would be a nice addition to this, as it would allow us to overwrite it if we want to.

This would also simplify toggling it on/off

mircea-pavel-anton avatar Feb 08 '23 13:02 mircea-pavel-anton

@nunocoracao The idea is good, but I would change a bit in adaption the European rights.

The law defines that if the user does nothing, all tracking cookies must be disabled as default. Firebase is in my sight a technical requirement. Bu sadly, Firebase does collecting personalized data from the user also if you are only using read and write. So both operations are not possible with the dsgvo.

So i would recommend adding a param to activate the cookie opt out and default it to disabling the tracking and saving and only activating if the user accept. A notice for restricted site access would be necessary.

@mirceanton Yeah that is an additional idea I've mentioned before. I also would like to use something like redis.

ModdyLP avatar Feb 17 '23 16:02 ModdyLP

@nunocoracao I have now a solution, maybe without editing the current. That is for me a quick solution, maybe not the best. I have figured out that I can overwrite in my layout and asset folder all parts of the firebase and analytics integration and replaced with this way the Google variant. I am still testing if this is a good way. With this way, you can completely customize this and use a DSGVO compliant variant of analytics and saving.

The files are:

  • layout/partials/analytics.html
  • layout/partials/head.html
  • assets/js/process.js

Any files I missed? An idea for better overwriting, to exclude the firebase init part from the head and make a separate partial from this. What do you think?

ModdyLP avatar Feb 22 '23 08:02 ModdyLP

@ModdyLP fine with the default. Regarding the solution I would need to understand what was changed and how does that impact existing users. Mantra around here is not to introduce breaking changes unless we really need to. This should be something that users that need it will turn on. Not sure if @mirceanton would be able to help I have limited time for the next few months.

nunocoracao avatar Feb 25 '23 17:02 nunocoracao

@nunocoracao unfortunately I am currently tangled up in some other projects. Don't think I can carve up the time for now to implement all of this.

Maybe we can circle back to it at a later date or if more users start to show an interest.

mircea-pavel-anton avatar Feb 25 '23 17:02 mircea-pavel-anton

@ModdyLP @mirceanton just checking if one of you could help with this one

nunocoracao avatar Jul 10 '23 21:07 nunocoracao

I extracted the analytics parts and firebase parts in a private repo, but was not completly happy. Need more time to investigate a better solution.

ModdyLP avatar Jul 11 '23 13:07 ModdyLP