@mattab opened this Issue on April 24th 2018 Member

Currently, when a user opts-out of tracking, the requests will be ignored by the Tracking API, but the requests are still sent anyway. For better privacy, we should try not to send the requests at all, after a user has opted out.

This was discussed in https://github.com/matomo-org/matomo/issues/12598#issuecomment-376413660:

Unfortunately because the opt-out cookie is third party, it is not really possible to read it in JS and therefore not send the tracking requests... I'm not sure how we could handle this problem.

There could be couple of things but didn't think too much about it...

  • If the site that embeds the opt out iframe also embeds the JS tracker, then they could potentially communicate with each other eg using messages or by listening to URL changes on the iframe. This would not be supported in older browsers though and might depend on the security policy set for the website... https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage
  • We could also offer eventually users an upgrade to the opt-out iframe and rather give them some HTML to copy/paste to not having to use an iframe and it would let Matomo users allow the advantage that they wouldn't be opt out on all websites that Matomo hosts but only an individual website
  • Also directly in piwik.php we should directly check for an opt out cookie and if present stop the request as early as possible to make sure this is respected to avoid problems like there were with QueuedTracking etc and to make sure no data is being processed.

There are also tools like https://github.com/contently/xdomain-cookies but they insert eg an iframe into the page to read cookies cross domain in which a request would be sent again which defeats the purpose...

Note:

it would let Matomo users allow the advantage that they wouldn't be opt out on all websites that Matomo hosts but only an individual website

it is also a big strength that we do opt-out across all websites on the Matomo instance at once, so would be great to keep this functionality.

refs #12600

@mattab commented on June 28th 2018 Member

Fixing this issue would also solve a problematic behavior currently in Matomo:

  • if replaying tracking requests using standard web servers logs, these don't include third party cookies by default. Therefore any opted-out requests, would lose its 3rd party cookie in the log, and the lines would be replayed as if they were not opted-out. See this FAQ for when this could be an issue: https://piwik.org/faq/log-analytics-tool/faq_19221/
@tsteur commented on September 24th 2018 Member

The only way I can imagine is to use postMessage but it will only work if the page that embed the opt out iframe also includes the JS tracker. The JS tracker would then set a 1st party cookie when this event is triggered and no longer send any request.

It may get problematic if eg first the JS tracker is embedded on the opt out page and the cookie is set, and later this is no longer the case. If a user ever opted in again (I doubt this happens very often), and the JS tracker is no longer on the page that embeds the opt out, then the opt-out 1st party cookie would persist.

Similar if there is an ad blocker where the JS tracker is blocked but the iframe is shown. Then it would also not work.

In many cases it should work fine though and it would be potentially simple to implement I reckon.

@mattab commented on October 8th 2018 Member

it sounds like a really good solution @tsteur When people have heaps of domains and URLs, the solution will be simple as they just need to install the opt-out iframe on each domain. we get the benefits from both worlds. Sounds great!

Powered by GitHub Issue Mirror