@diosmosis opened this Pull Request on May 6th 2018 Member

Added three new methods to the tracker:

  • isUserOptedOut(): checks for piwik_ignore cookie on site being tracked (so not matomo domain).
  • optUserOut(): sets cookie on site.
  • forgetUserOptOut(): deletes the cookie on the site.

If the user is opted out, sendXmlHttpRequest() never sends anything to the server.

These new methods can be used to implement a custom opt out form on a site, which would not otherwise be easily doable since you'd have to set a cookie on the matomo domain.

Note: I tried to work this into the consent feature, since it's pretty similar (opt-out vs. opt-in), but the feature of consents that remembers requests to send is not applicable to opt-out (while a user is opted-out we don't want to remember anything the user did, otherwise we would be tracking them in some way).

I am not sure how well this works w/ other JS tracker features since it's been a while since I've coded there. @tsteur / @mattab can you guys take a look and see if this change will work? Putting in the 3.5.0 milestone, but feel free to move it.

@diosmosis commented on May 6th 2018 Member

If it's good to go, will add to changelog (+ write a faq for creating a custom opt out form?).

@tsteur commented on May 6th 2018 Member

Actually wondering if we cannot let users instead use somehow the consent feature I wonder?

@tsteur commented on May 6th 2018 Member

Actually, using consent feature might not make sense as we might keep a record of this in the future etc. which wouldn't be needed for opt out etc I reckon

@mattab commented on May 7th 2018 Member

Moving to 3.6.0 as it requires more thought. (see also: #12834)

@diosmosis commented on May 7th 2018 Member

Tested on a local site & was able to create a custom opt out form:

<div>
Here you can opt out:
<br/>
Current status: <span id="opted-out-status"></span>
<br/>
<a href="" id="opt-out">Opt out!</a>
<br/>
<a href="" id="opt-in">Opt in!</a>
</div>

<script>
jQuery(function ($) {
    _paq.push([function (tracker) {
        $('#opted-out-status').text(this.isUserOptedOut() ? 'opted out' : 'opted in');
    }]);

    $('#opt-out').click(function (e) {
        e.preventDefault();
        _paq.push(['optUserOut']);
        window.location.reload();
    });

    $('#opt-in').click(function (e) {
        e.preventDefault();
        _paq.push(['forgetUserOptOut']);
        window.location.reload();
    });
});
</script>

Verified when opted out it did not send a tracking request.

@diosmosis commented on May 8th 2018 Member

@tsteur updated the pr

@Findus23 commented on May 12th 2018 Member

@tsteur, @diosmosis

Do we already have a documentation for those functions?

Because I think it is really important for GDPR that people don't think they are compliant because they have an opt-out iFrame, but it is doing nothing as they are on another domain (which if I am not misunderstanding something is the case most of the time on InnoCraft cloud.)

@mattab commented on May 14th 2018 Member

@Findus23 good point: created #12905 Document "How do I create a custom opt-out form?"

This Pull Request was closed on May 8th 2018
Powered by GitHub Issue Mirror