search

cotes2020 / jekyll-theme-chirpy

A minimal, responsive, and feature-rich Jekyll theme for technical writing.
https://chirpy.cotes.page
MIT License
7.09k stars 5.63k forks source link

[FR] GDPR - cookie consent - opt-in #265

Closed hidegh closed 3 years ago

hidegh commented 3 years ago

Checklist

Is your feature request related to a problem? Please describe

Sites that are also targeting EU citizens should implement GDPR - and thus Cookie consent is a mandatory thing, must be an opt-in. Any plans in this direction?

Describe the solution you'd like

Any free cookie consent tool.

Describe alternatives you've considered

Custom JS script. Currently researching the possibility to have at least Google Analytics in an anonymous mode (as the GDPR requires opt-in) and also some way for Disqus to make it clear that consent is required for it to work.

Additional context

cotes2020 commented 3 years ago

Yeah, that's a good idea, and I'll consider implementing it in a future release.

hidegh commented 3 years ago

@cotes2020 working on it, on my custom branch, will let you know what I got, as GDPR is quiet messy. So far what I got:

  1. generated user id, IP address is considered as private data
  2. you might use Google Analytics with anonymized IP and without user-id (device id is then used) - so this way you don't store any personal data, geo-location is a bit less precise and you can't "identify" recurring users (even long session ID can be considered as private) - but this is a good way to start. Unfortunately seems that GA allows to alter just the IP anonymization on the script side (need to check if same can be done with user/session ID)...
  3. even if you don't store personal data, you probably still need to notify the users of cookie usage
  4. and reg. disqus, you surely need to notify the users that via your site they are sending personal data to that site directly
hidegh commented 3 years ago

With fairly minimum changes: image

I managed to add a cookie consent to the solution (probably only extra it needs is a turn on/off switch inside _config).

It uses V3 https://github.com/osano/cookieconsent - V4 is not production ready yet but the main branch already contains those extra changes (and be warned: the build/coocieconsent.min.js is not the latest build version of the branch).

The V3 is avail to download from: https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js

The solution required:

  1. to minimally adjust the google analytics html
  2. small changes to the discuss html
  3. and it requires a reload when consent is revoked

Related commits (on my branch): https://github.com/hidegh/hidegh.github.io/commit/6f939c6e79c67380c77c98d3d56c482cd0531c15 https://github.com/hidegh/hidegh.github.io/commit/e0e38a8baa2808616900c7f4bf1ca6393363b108 https://github.com/hidegh/hidegh.github.io/commit/67d6f498f2e0622e9356cc8d15f8277c13b57b20 https://github.com/hidegh/hidegh.github.io/commit/72c71b647bb18af34cd8132dab90cd0f184a640b

If the team finds this solution acceptable, I can implement it inside a PR.

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.