Chris's blog

on GDPR and analytics tracking.

Dec 18, 2020

NOTE: you may consider the following commentary helpful to read prior to consuming this content (warning: slightly NSFW language): https://drewdevault.com/2020/12/04/Analytics-and-informed-consent.html

once in a while, I'll think about the GDPR (or the similar CCPA) in relation to privacy on the Internet. and I'm really not impressed by how companies like OneTrust seem to respond to those concerns.

"strictly necessary" cookies don't seem very necessary to me, honestly.

I'm not saying that there aren't legitimate reasons for storing cookies, like signing in (or in cases where third parties like OneTrust are utilized, to store your preferences). I'm confused as to why there isn't a shift to choose to create programs and websites that focus on opt-in metrics rather than opt-out. it's also confusing that the Do Not Track signal implemented in most major browsers is very often ignored (or even if it's respected, users can still be tracked by other means).

I also was hung up at first on the use of phrasing specific to cookies, which would almost seem to present the argument that using LocalStorage would be a sneaky way to bypass the cookie consent (as discussed in a Reddit thread). given this information, true privacy seems to be an illusion.[1]

I'm thinking that I'd have a discreet slider or setting accessible in any area of my website to allow folks to opt into having cookies (or other data, stored via LocalStorage or a similar method) stored on their machines. I wouldn't explicitly prompt for this upfront (at least, on websites I develop that don't require this information), and I wouldn't use cookies or any form of storage to remember their decisions to reject any storage of data (which seems a bit counterintuitive).

however, IP tracking is still a problem I'd need to address (whether by a CDN, like Cloudflare, or onboard the server using nginx or a similar utility to serve the content you're seeing now), as I feel that some protections would be needed to know if traffic coming from certain regions is suspicious.

I welcome all respectful comments/suggestions on this subject. 🙂

  1. unless you use adblockers like uBlock Origin, content blockers in browsers like Firefox and Safari, and/or other extensions like EFF's Privacy Badger; this shouldn't have to be the case, however. ↩ī¸Ž

Chris

hi there. I'm the webadmin for this website and the applications hosted on it.