Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When a user opts-out, do not send any tracking requests to the Tracking API #12767

Closed
mattab opened this issue Apr 24, 2018 · 5 comments
Closed
Labels
c: Privacy For issues that impact or improve the privacy.
Milestone

Comments

@mattab
Copy link
Member

mattab commented Apr 24, 2018

Currently, when a user opts-out of tracking, the requests will be ignored by the Tracking API, but the requests are still sent anyway. For better privacy, we should try not to send the requests at all, after a user has opted out.

This was discussed in #12598 (comment):

Unfortunately because the opt-out cookie is third party, it is not really possible to read it in JS and therefore not send the tracking requests... I'm not sure how we could handle this problem.

There could be couple of things but didn't think too much about it...

  • If the site that embeds the opt out iframe also embeds the JS tracker, then they could potentially communicate with each other eg using messages or by listening to URL changes on the iframe. This would not be supported in older browsers though and might depend on the security policy set for the website... https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
  • We could also offer eventually users an upgrade to the opt-out iframe and rather give them some HTML to copy/paste to not having to use an iframe and it would let Matomo users allow the advantage that they wouldn't be opt out on all websites that Matomo hosts but only an individual website
  • Also directly in piwik.php we should directly check for an opt out cookie and if present stop the request as early as possible to make sure this is respected to avoid problems like there were with QueuedTracking etc and to make sure no data is being processed.

There are also tools like https://github.com/contently/xdomain-cookies but they insert eg an iframe into the page to read cookies cross domain in which a request would be sent again which defeats the purpose...

Note:

it would let Matomo users allow the advantage that they wouldn't be opt out on all websites that Matomo hosts but only an individual website

it is also a big strength that we do opt-out across all websites on the Matomo instance at once, so would be great to keep this functionality.

refs #12600

@mattab
Copy link
Member Author

mattab commented Jun 28, 2018

Fixing this issue would also solve a problematic behavior currently in Matomo:

  • if replaying tracking requests using standard web servers logs, these don't include third party cookies by default. Therefore any opted-out requests, would lose its 3rd party cookie in the log, and the lines would be replayed as if they were not opted-out. See this FAQ for when this could be an issue: https://piwik.org/faq/log-analytics-tool/faq_19221/

@mattab mattab modified the milestones: 3.6.0, 3.7.0 Jun 28, 2018
@tsteur
Copy link
Member

tsteur commented Sep 24, 2018

The only way I can imagine is to use postMessage but it will only work if the page that embed the opt out iframe also includes the JS tracker. The JS tracker would then set a 1st party cookie when this event is triggered and no longer send any request.

It may get problematic if eg first the JS tracker is embedded on the opt out page and the cookie is set, and later this is no longer the case. If a user ever opted in again (I doubt this happens very often), and the JS tracker is no longer on the page that embeds the opt out, then the opt-out 1st party cookie would persist.

Similar if there is an ad blocker where the JS tracker is blocked but the iframe is shown. Then it would also not work.

In many cases it should work fine though and it would be potentially simple to implement I reckon.

@mattab mattab added the RFC Indicates the issue is a request for comments where the author is looking for feedback. label Oct 8, 2018
@mattab
Copy link
Member Author

mattab commented Oct 8, 2018

it sounds like a really good solution @tsteur When people have heaps of domains and URLs, the solution will be simple as they just need to install the opt-out iframe on each domain. we get the benefits from both worlds. Sounds great!

@tsteur
Copy link
Member

tsteur commented Jul 3, 2020

@mattab I think this might be done?

What we're doing now is using postMessage. This works when eg

  • eg the privacy page includes the opt out page
  • and the privacy page also includes the tracking code
  • and both the tracking code and the opt out point to the same Matomo installation

This was done in https://github.com/matomo-org/matomo/pull/15184/files
We then no longer send a request as we set the consent not given cookie.

It won't work though when there are eg two trackers on the privacy page pointing to different Matomo installations. It's the same though for the regular opt out screen the user would then as usual embed two opt out screens anyway (or implement a custom opt out).

@tsteur
Copy link
Member

tsteur commented Sep 3, 2020

@mattab see previous comment this should be done and work when the certain conditions are given as in previous comment.

@tsteur tsteur closed this as completed Sep 3, 2020
@mattab mattab removed the RFC Indicates the issue is a request for comments where the author is looking for feedback. label Sep 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c: Privacy For issues that impact or improve the privacy.
Projects
None yet
Development

No branches or pull requests

2 participants