@halfdan opened this Issue on December 29th 2010 Member

German law wants website owners to place an opt-out control for tracking somewhere on the website. As discussed with matt an iFrame is the only CSRF-safe way of implementing such a feature.

I implemented a small plugin that enables a website owner to place a small iframe with a checkbox on their website. Users can then uncheck that checkbox which sets the piwik_ignore cookie (and vice versa of course) to exclude their visits.

The plugin can be used by placing sth like the following on your website:

<iframe src="</iframe">http://<piwik-instance>.tld/?module=OptOut"></iframe>

I'd be happy to add an extra wiki page for this plugin once it gets integrated into core.

I put this plugin live with my piwik install on geekmonkey.org (right sidebar, bottom box).

@halfdan commented on December 29th 2010 Member

Attachment: Patch to add OptOut plugin + translation strings for the plugin (+1 translation for TranslationAdmin which is missing currently)
OptOut.patch

@anonymous-piwik-user commented on December 29th 2010

thank you very much. Is this patch going to be included in v1.1?

@robocoder commented on December 29th 2010 Contributor

From #1903:
The current implementation simply checks for the presence of the cookie. To counter abuse, the signed cookie should have some content that can be verified by the tracker.

@halfdan commented on December 29th 2010 Member

Setting the cookie is only done if a pre-generated nonce verifies on second request (using Piwik_Nonce). I don't see any way to abuse the cookie as it is bound to the domain that piwik is installed under.

@robocoder commented on December 29th 2010 Contributor

Sorry, I was referring to the tracker when I copy/pasted that.

@robocoder commented on December 29th 2010 Contributor

Patch looks ok, but I would like to refactor the common cookie code (i.e., UsersManager/Controller.php and to a lesser degree, Tracker/Visit.php) into either Common.php or a new file, e.g., core/Tracker/Cookie.php.

@robocoder commented on December 29th 2010 Contributor

(In [3544]) refs #1919

@halfdan commented on December 29th 2010 Member

Good idea, reduces unnecessary code duplication! I saw you already started refactoring the code. Let me know if you need any help.

@robocoder commented on December 29th 2010 Contributor

(In [3545]) refs #1919

@robocoder commented on December 29th 2010 Contributor

(In [3546]) fixes #1919 - thanks halfdan for the patch; we'll look at the missing translations separately

@mattab commented on January 2nd 2011 Member

(In [3556]) Refs #1919

  • adding feature in the CoreAdminHome plugin
  • the General settings UI will now display an help inviting piwik super users to provide this option
  • now displaying the 'General Settings' tab with only the opt out section for all users having at least some admin access on one piwik website
  • adding more text in the iframe itself to explain the opt-out concept
@mattab commented on January 2nd 2011 Member

Sorry guys I messed up and didn't include the last commit. I'll try and do it now

For more info, see User Privacy

@mattab commented on January 2nd 2011 Member

Thinking more about it, I'm not confident about setting the CSS via GET parameter. See http://stackoverflow.com/questions/476276/using-javascript-in-css#answer-482088 for reference. It feels like it could be pretty dangerous.

Leaving as is for now.

@mattab commented on January 2nd 2011 Member

(In [3557]) Refs #1919 partial port of r3555

@mattab commented on January 2nd 2011 Member

checkbox doesn't work on IE, reopening

@robocoder commented on January 2nd 2011 Contributor

yeah, the fact that urls don't need to be quoted means it's an easy target for xss.

maybe throw an exception if $css contains expression() or url()?

@robocoder commented on January 2nd 2011 Contributor

Vote to make OptOut a separate plugin or provide option to block access to it by anonymous users.

@halfdan commented on January 2nd 2011 Member

+1 for OptOut as a seperate plugin. This is meant as an extension. Most users won't use this plugin as it almost only affects german law. Could be a candidate for making it available through a plugin repository.

Current implementation in trunk adds a huge text to the checkbox. I implemented the template so that it could be added anywhere in the page (e.g. in a header or footer). Users will complain that they can't edit the text.

@robocoder commented on January 2nd 2011 Contributor

Also add @import to the blacklist.

@mattab commented on January 2nd 2011 Member

Text is not huge, it's 2 sentences explaining what the checkbox is about. Remember it will be used by website visitors, potentially non technical, who don't potentially know anything about analytics and cookies. I got inspiration from few other opt out mechanisms and others were even more verbose.

Of course, we could add a parameter to remove the text if websites want to keep it really simple (and explain it themselves).

Separate plugin VS core - my main thought is that the plugin was just 20 lines or so. It's better not to have small plugins (when they are bundled in core) when there is so little code.

I think the feature will be useful to many users outside germany, as privacy policy become more important.

@mattab commented on January 4th 2011 Member

(In [3598]) Fixes #1919 now working in IE

@anonymous-piwik-user commented on January 11th 2011

I noticed that the iframe is using a template with translations. Could you please tell me how to get the text in German? Thanks.

@halfdan commented on January 11th 2011 Member

You will have to wait until a proper translation made it into core. For the time being you can add the text yourself by editing lang/de.php. You need to add the translations there (have a look at lang/en.php - search for OptOut). Once this is done you can force the iframe to use the german translation by appending a &lang=de to the URL.

@robocoder commented on January 28th 2011 Contributor

(In [3816]) refs #1919, refs #1929, refs #1982 - delete tracking cookie when opting out (i.e., ignore cookie is set)

This Issue was closed on January 28th 2011
Powered by GitHub Issue Mirror