Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds possibility to force cookie less tracking #16592

Merged
merged 29 commits into from Oct 27, 2020
Merged

Adds possibility to force cookie less tracking #16592

merged 29 commits into from Oct 27, 2020

Conversation

sgiehl
Copy link
Member

@sgiehl sgiehl commented Oct 19, 2020

globally and/or per site

fixes #16258

@sgiehl sgiehl added this to the 4.0.0-RC milestone Oct 19, 2020
@sgiehl sgiehl force-pushed the forcecookielesstracking branch 3 times, most recently from 65701e2 to 9eafae7 Compare October 19, 2020 15:47
@sgiehl sgiehl marked this pull request as ready for review October 20, 2020 10:07
@sgiehl
Copy link
Member Author

sgiehl commented Oct 20, 2020

Should be ready for a first review. @tsteur maybe you could have a quick look if it does what you expected.
Also not sure how to write some useful tests for it 🤔

@sgiehl sgiehl added the Needs Review PRs that need a code review label Oct 20, 2020
tsteur
tsteur reviewed Oct 21, 2020
View reviewed changes
plugins/PrivacyManager/tracker.js
}

if ('object' === typeof window.Matomo) {
init();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: This feature will only work correctly if the matomo.js / piwik.js is writable. It won't 100% work when it is loaded separately and I reckon people would probably also not load it as a separate file and we would then rather rely on recommending people to call disableCookies and ignoring any cookie server side.

To be safe we could iterate over all existing Matomo.getAsyncTrackers() and call the setup method as well for each tracker. However, it would not work for any tracker created using getTracker() plus at this point it might be too late for any async tracker as they might have created cookies already. That be not a big issue though, we'll make users aware of this in the setting maybe.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. That also won't work when cookie less tracking is "forced" for a single site only. So we need to advice people to call disableCookies nevertheless.
Actually I was thinking about having a separate piwik_no_cookies.js that maybe even does not contain any of the code that uses cookies at all. That would make it easy to ensure no cookies would be set... But would be of course cause more work to maintain both files

tsteur
tsteur reviewed Oct 21, 2020
View reviewed changes
core/Tracker/Request.php Outdated Show resolved Hide resolved
@tsteur
Copy link
Member

tsteur commented Oct 21, 2020

@sgiehl left few comments. Goes in the right direction 👍

@tsteur
Copy link
Member

tsteur commented Oct 23, 2020

@sgiehl still reviewing but one thing I noticed is that we basically would need to move this feature from General settings page to the "Privacy -> Anonymise data" settings page. Simply to have these privacy related settings in one place. Should have noticed this earlier before we made heaps of work sorry about this.

Also generally noticing the tracker.js is actually problematic as it's currently based on a per site basis but we have only one tracker file for all sites. Meaning we can only add the tracker JS code if the feature is disabled for all sites globally.

see https://github.com/matomo-org/matomo/pull/16592/files#diff-9b9b9954067544c5b06d2d3bf22a15d59cc911577001e57d7fa06e7218339250R751

If we decide to still offer the feature to disable cookies on a per site basis then we'd need to rename the measurable setting for this feature to something like "ignore cookies" because it would still set cookies in the client but only ignore them on the server side. I'm not sure there's actually much of a benefit though as users and website visitors wouldn't know this and to users it would still look like cookies are being used and they could get in trouble. It's adding more confusion then it does good.

Technically, we need the possibility to disable this on a per site basis eg for #16363 .

@sgiehl for now we should remove this feature from measurable settings and only have the global setting under Privacy -> Anonymise Data page. Sorry for wasting time here.

As part of #16363 we will then think of a way to either let users configure on a per site basis that "they disabled cookies (and we disable it additionally server side)".

tsteur
tsteur requested changes Oct 25, 2020
View reviewed changes
Copy link
Member

@tsteur tsteur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 worked. just left some minor comments.

There's one issue left that when calling requireConsent after the tracker has been set up, then cookies may be enabled if tracking consent has been given. That's pretty edge case though maybe. If we could prevent that, it would be great though.

plugins/PrivacyManager/Config.php Outdated Show resolved Hide resolved
plugins/PrivacyManager/lang/en.json Outdated Show resolved Hide resolved
plugins/PrivacyManager/Controller.php Outdated Show resolved Hide resolved
plugins/PrivacyManager/lang/en.json Show resolved Hide resolved
plugins/PrivacyManager/Controller.php Show resolved Hide resolved
@sgiehl
Copy link
Member Author

sgiehl commented Oct 26, 2020

There's one issue left that when calling requireConsent after the tracker has been set up, then cookies may be enabled if tracking consent has been given. That's pretty edge case though maybe. If we could prevent that, it would be great though.

is it enough to simply overwrite requireConsent with an empty function?

Applied the other changes.

@tsteur
Copy link
Member

tsteur commented Oct 26, 2020

is it enough to simply overwrite requireConsent with an empty function?

Actually I just realise it only disables the cookies so it's no problem as it won't enable them. Meaning we need to remove tracker.requireConsent=function(){}; again.

tsteur
tsteur reviewed Oct 26, 2020
View reviewed changes
core/Tracker/Request.php Outdated Show resolved Hide resolved
@tsteur
Copy link
Member

tsteur commented Oct 26, 2020

Feel free to merge once the change is made. Could you maybe then create a quick new FAQ for this like How do I enforce cookieless tracking (not sure we use cookieless tracking much could also say "disable cookies" or something). We'd need to explain that this affects all sites etc. We could link to this new FAQ from https://matomo.org/faq/general/faq_157/
and https://matomo.org/docs/privacy/ . Feel free to directly make the changes. We can also link to it from other places in the future

@sgiehl
Copy link
Member Author

sgiehl commented Oct 27, 2020

@tsteur created https://matomo.org/faq/how-do-i-enforce-tracking-without-cookies/
Feel free to adjust it if something needs to be improved. Also haven't yet added any links to that page.

@sgiehl sgiehl merged commit eb15430 into 4.x-dev Oct 27, 2020
@sgiehl sgiehl deleted the forcecookielesstracking branch October 27, 2020 15:19
@mattab mattab added the not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org. label Nov 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tsteur tsteur tsteur requested changes

Assignees
No one assigned
Labels
Needs Review PRs that need a code review not-in-changelog For issues or pull requests that should not be included in our release changelog on matomo.org.
Projects
None yet
Milestone
4.0.0-RC
Development

Successfully merging this pull request may close these issues.

Allow force disable cookies
3 participants
@sgiehl @tsteur @mattab