bigbluebutton / greenlight

A really simple end-user interface for your BigBlueButton server.
GNU Lesser General Public License v3.0
796 stars 3.79k forks source link

Option to disable cookie banner #1628

Closed synnack closed 4 years ago

synnack commented 4 years ago

The cookie banner is misleading, because permission is only required for tracking cookies. We do not use tracking cookies, only functional cookies.

Therefore, there should be no mention of cookies to the user.

I would like the option to disable this thing.

farhatahmad commented 4 years ago

You'll need to customize the code to remove the cookie banner. I don't think we'll make the option configurable

synnack commented 4 years ago

Why not though? It's really not needed and implies that there is user tracking going on.

farhatahmad commented 4 years ago

This depends on what region you're in. The majority of people seem to need it, which is why it was added in.

As I mentioned, customizing the code is pretty simple, so I can point you to which lines you need to remove to remove the banner

synnack commented 4 years ago

In the EU/GDPR region it's not necessary for functional cookies (and even misleading to have it).. unless you add google analytics.

farhatahmad commented 4 years ago

As I mentioned above, you're welcome to make customized changes to your own deployment. For the time being, we won't be implementing this

synnack commented 4 years ago

Never mind, found a workaround: For everybody that does not want to mislead their users into thinking they're being tracked or do not want to devalue the cookie message for tracking, add this to /etc/bigbluebutton/nginx/greenlight.nginx at location /b:

proxy_set_header Cookie "$http_cookie; cookie_consented=true";

Cookie messages should never be displayed for non-tracking cookies.

matiasilva commented 4 years ago

Hello @farhatahmad, could you point me to which lines of code I need to remove? Sorry for reviving this. Thanks!

synnack commented 4 years ago

@matiasilva you can use proxy_set_header in nginx, like described above to disable the banner. It fools greenlight into thinking the user has already consented to being tracked. (Even though there is no tracking).

alvar-freude commented 3 years ago

@farhatahmad: I am not aware that anywhere in the world there is a regulation that such a notice is mandatory for the use of cookies that are necessary for a function requested by the user. It is a common misunderstanding that cookie banners are necessary in the EU. Under both the European Union Privacy and Electronic Communications Directive and the General Data Protection Regulation (GDPR), user consent may only be required if, for example, a cookie (or other techniques) is used without being necessary for functionality.

See https://en.wikipedia.org/wiki/Privacy_and_Electronic_Communications_Directive_2002#Cookies

If consent is necessary, it must be informed, prior setting or reading cookies or processing personal data, freely given, actively obtained, separate from other statements, and also revocable at any time. The cookie banner does not comply with these requirements (nor do most other cookie banners). But as I said: it is not even necessary!

That is: this "cookie banner" is completely wrong (as many other cookie banners are): if it were necessary, it would not be sufficient, but it is not necessary at all in this case.

More Details about getting consent you can find in the Guidelines 05/2020 on consent under Regulation 2016/679 by the The European Data Protection Board: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf

I work for a German data protection supervisory authority and we deal with these issues every day.

cyfrax commented 3 years ago

I've added the following line to my /etc/bigbluebutton/bbb-conf/apply-config.sh:

sed -i '/cookie_warning/d' /home/git/greenlight/app/views/shared/_footer.html.erb

this removes the cooking warning from the greenlight code - as an alternative to setting the cookie.

you'll have to recompile greenlight after that

blastrider commented 3 years ago

Sorry for reopening that, i just wonder why nobody simply asked you what file to modifu last year ... Well, i do so : Please can you tell me what file to modify the text of the cookie warning/text in the button ? Thank you