Privacy_XH

Third Party Plugins to CMSimple - how to install, use and create plugins

Moderator: Tata

cmb
Posts: 13273
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Privacy_XH

Post by cmb » Sat Sep 29, 2012 6:27 pm

Hello Community,

I've just released Privacy_XH 1beta1.

Privacy_XH helps to make a website conforming to the EU cookie law and other regulations regarding the privacy of visitors. It does so by emitting a form on every page with relevant information giving the visitor the possibility to explicitely opt in. After the visitor opted in, a respective cookie is set, and the message won't be shown again. In addition Privacy_XH facilitates to guard the execution of other code that sets cookies which might violate the privacy of users.

Any feedback is welcome!

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 13273
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Privacy_XH

Post by cmb » Sun Sep 30, 2012 3:55 pm

Hello Community,

a demo is now available on http://3-magi.net/demo/test/. This shows the working of Privacy_XH in combination with a simulated analytics tracker. It's dummy cookie will only be set, after you have agreed to accept cookies from the site.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

johnjdoe
Posts: 566
Joined: Tue May 20, 2008 6:32 am

Re: Privacy_XH

Post by johnjdoe » Fri Oct 12, 2012 7:11 am


cmb
Posts: 13273
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Privacy_XH

Post by cmb » Fri Oct 12, 2012 10:50 am

Hi Gerd,

does this solution require JS to be enabled in the visitors browser?

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

Hugorm
Posts: 112
Joined: Thu May 22, 2008 6:45 pm
Location: Denmark

Re: Privacy_XH

Post by Hugorm » Tue Jan 22, 2013 11:24 am

Hi

Does anyone work on a solution which comply to the Danish cookie rules?
i.e. 'informed acceptance' - meaning - supplier should tell anything about cookies, which data is used, how to get rid of etc. even from third party.

Sample:
Cookies (describtion of all used) are used for .............
We are not able to give informations about third party cookies.

Do you accept our use of cookies press [OK]
Do you not accept our cookies press [cancel] (and the site is showing a goodbye page).

Please note:
Any use of the internet leaves unavoidable traces.
Any security can be breached.

Kind regards
Hugo

cmb
Posts: 13273
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Privacy_XH

Post by cmb » Tue Jan 22, 2013 12:19 pm

Hi Hugo,

AFAIK according to the EU cookie law there are two possibilities (depending on what the cookies are used for): explicit opt-in to accept cookies and explicit opt-out to accept cookies. Privacy_XH only allows the explicit opt-in, which is the stronger option anyway. But even if the visitor doesn't explicitely agree to accept the cookies, it's often not necessary to show him a goodbye page, at least IMO it's not the best idea. I think it's better to let the visitor surf the site, but to disable all functionality that requires cookies. Therefore Privacy_XH has a function to guard such functionality, see http://3-magi.net/plugins/privacy/help/help.htm#usage.

About the text that is displayed by Privacy_XH: this can and should be adapted anyway. The core of CMSimple_XH 1.5.x doesn't set any cookies for visitors (only when one enters admin mode some cookies will be set). So which cookies will be used depends on the used plugins; I've set up a list on http://cmsimplewiki.com/doku.php/faqs/privacy a while ago. Unfortunately the list is far from being complete---only my plugins are listed, and even some of them are missing or maybe not up to date.

Some automatic handling of all this would require (a) to be done from the core and (b) the plugins to provide detailed information in machine readable form and probably more. So that is unlikely that this will be implemented in the near future. So for now one has to stick with Privacy_XH and do the tweaking manually.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

Hugorm
Posts: 112
Joined: Thu May 22, 2008 6:45 pm
Location: Denmark

Re: Privacy_XH

Post by Hugorm » Tue Jan 22, 2013 12:58 pm

Hi Christoph,

First I can't make your 3-magi.net/demo/test work - just get your startpage.

Second I'm not sure I agree with you.
The Danish law require an informed acceptance. It is not enough to accept cookies. You must explain to the visitor all about cookies incl. how to remove them from any browser!
You allso have to explain about any third party cookies from links or ekstra software (jquery, tiny_mce, etc.).
You even have to explain about cookies if you don't use them.

The easy part would be to link to the information, but third party cookies?

You are right about (depending on what the cookies are used for) and if they stay on the users computer. I have not been able to figure it out yet.

I have seen some of your work with Privacy_XH and played a bit with a page, but not convinced yet. I feel that when I say: 'No thank you' I have allready recieved the first cookie containing my answer (does it stay?)

Kind regards
Hugo

cmb
Posts: 13273
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Privacy_XH

Post by cmb » Tue Jan 22, 2013 1:20 pm

Hi Hugo,
Hugorm wrote:First I can't make your 3-magi.net/demo/test work - just get your startpage.
I've just deleted it today, to get some space back for another test environment (the upcomming 1.5.6), and have not installed the Privacy_XH plugin again. I'll install it back ASAP.
Hugorm wrote:I feel that when I say: 'No thank you' I have allready recieved the first cookie containing my answer (does it stay?)
Yes, that's true. This cookie will be stored. You can configure how long this cookie will stay in the plugin configuration (duration). Leave the field empty, and the cookie will be deleted when the user closes his browser. But IMO (IANAL) this cookie doesn't fall under the cookie laws, at it is not used for tracking any personal information of the user. And actually Privacy_XH implements the same solution as used on http://www.ico.gov.uk/for_organisations ... okies.aspx.
Hugorm wrote:but third party cookies?
Each respective vendor should explicitely document that. For XH we should do a careful review; the plugins should be reviewed by their authors. Finally the webmaster has to assemble this information.

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

Hugorm
Posts: 112
Joined: Thu May 22, 2008 6:45 pm
Location: Denmark

Re: Privacy_XH

Post by Hugorm » Tue Jan 22, 2013 1:38 pm

Hi Christoph

I understand you want to use the eu version - that is ok. It is not the Danish (which even the lawyers do not understand)!

I get afraid when I see what a smal tracingprogram called Collusion is telling me - and I am not even told!.

Kind regards
Hugo

cmb
Posts: 13273
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: Privacy_XH

Post by cmb » Tue Jan 22, 2013 6:54 pm

Hi Hugo,
cmb wrote:
Hugorm wrote:I feel that when I say: 'No thank you' I have allready recieved the first cookie containing my answer (does it stay?)
Yes, that's true. This cookie will be stored.
What I wrote here was nonsense. :oops: There is no option to say "no". A cookie will only be stored, if the visitor explicitly agrees to accept cookies. Otherwise the message will be displayed on every page (it's placed in the template). One can even style it to fill the complete browser window.

Please have a look at the demo (it's back online again). Before you agree, no cookie will be stored. As soon as you agree, 2 cookies are stored. "privacy_agreed" just tells the plugin that the message shouldn't be shown again. "tracker" is a harmless demo cookie, that is set in the template guarded by a check, if the "privacy_agreed" cookie is set.

Wouldn't that satisfy the Danish cookie law, if the Privacy Notice were conforming (it's just a normal CMSimple page)?
Hugorm wrote:I get afraid when I see what a smal tracingprogram called Collusion is telling me - and I am not even told!.
Yes, that's evil. But I'm afraid the cookie law will not really make the world better. At least sites in the US are not bound to adhere to it (e.g. facebook.com).

Christoph
Christoph M. Becker – Plugins for CMSimple_XH

Post Reply