Never-Consent: Automatic consent management

[chrmod]

Since version 8.6.0 Ghostery blocks different kind of annoyances like cookie banners and GDPR popups. We've noticed that blocking so called "GDPR dialogs" have a high probability of website breakage. At the same time it is often the case the blocking those dialogs outside of EU has a negative sideeffect of publishers defaulting to tracking instead of non-tracking. From privacy standpoint it is not much of an issue as Ghostery block all tracking covered covered by community block lists as Easy Privacy, and those new or obscure trackers thanks to our Anti-Tracking feature. That said, at Ghostery we believe publishers should be aware that Ghostery users are not fine with being tracked online. That is why we plan to introduce new feature which for now we call Automatic consent management. It's implementation will proceed in following steps:

1. New tracker category called consent management will be identified by whotracks.me
2. Ghostery will stop blocking GDPR dialogs (but will continue to block cookie popups which are not causing much breakage)
3. Ghostery will start to automatically "click-through" GDPR popups to opt-out of all tracking - this will require no user interaction and should dramatically minimize the breakage and send the right message to publishers at the same time

Our plan to rollout this new feature is around beginning of June.

Source code of this feature is available at https://github.com/ghostery/autoconsent

[florian1984]

this feature breaks also https://www.lidl.ch and other sites ....

[cedricgannet]

I'm finding a lot of sites which break for this reason. What often happens is that the site appears greyed out and won't respond to scrolling or anything else. It's effectively frozen. There's nothing to identify Ghostery as the cause of the glitch. The big problem is that this creates the impression that there are a lot of sites that don't work on Firefox or whatever browser is being used. I'm using Firefox 105.0.1 (64-bit) for Linux Mint 20.3 and Ghostery for Firefox version 8.7.6. I keep my system up to date using the Mint / Ubuntu repositories. I'm presuming Firefox keeps Ghostery up to date.

[philipp-classen]

We keep a list of broken pages here: https://github.com/ghostery/broken-page-reports

@cedricgannet If you see pages that we need to check, feel free to open individual tickets there as well or vote on existing ones. We'll try our best to fix them all over time, but feedback helps us to prioritize in the meantime.

[chrmod]

We've started the rollout of this feature with release 8.9.x - Closing the issue

[Eolia]

Hello, I am the developer of a GDPR management module for Prestashop e-commerce, which has been functional since 2018, and your extension blocks the display of consents, which prevents navigation and puts us out of the law. Please fix this bug ASAP

[doekia]

You SHOUD NEVER tamper with GDPR content. NEVER. This is a legal requirement for anyone to adhere/be informed of your GDPR rights. Whether you live in Europe or any where else, this constraint relates to EU based website.

Before implementing similar feature you better fetch advise of a legal department.

I'm reporting your illegal behaviour the European Council.

[philipp-classen]

@Eolia @doekia Hi, probably the rule that hides elements with the gdpr-content class comes from community lists that we are using. If you have an example page where it happens, please report it on https://github.com/ghostery/broken-page-reports/ That helps us to test the changes (when excluding things like blocking a GDPR dialog as in your example).

Note that Never-Consent works the other way around: we do not block GDPR consent dialogs; only the interaction with it is automated. Never-Consent clicks through the dialog on behalf the users who chose to use the feature.

[Eolia]

Example of GDPR code on Prestashop e-commerces:

{*

---

• EOLIA SHOP *

• https://eoliashop.com *

• 2011 - 2018 *

  ---

• @gdprcompliancy module for Prestashop

• @Help to make your shop GDPR compliant

• @Category frontoffice

• @Author Eolia - @.***

• @Version 2018-05-20

• @Prestashop modules

• @Copyright © 2011-2018, Devcustom.net

• @Commercial license

• All rights reserved - Copying, duplication strictly prohibited

• Compatibility: PS version: 1.5 & 1.6

• **}

{$title}

      {$html.agree}

      {$html.age}

{$html.policy}

{l s='Continue' mod='gdprcompliancy'} {l s='I refuse' mod='gdprcompliancy'}

{if $policy}

{l s='Privacy GDPR Policy of' mod='gdprcompliancy'} {$shop_name}

{$policy}

{l s='I have read and I accept this' mod='gdprcompliancy'} {l s='I refuse' mod='gdprcompliancy'}

{/if}

{strip} {addJsDef gdprcompliancy_url=$gdprcompliancy_url|escape:'quotes':'UTF-8'} {addJsDef gdprcompliancy_id_customer=$gdprcompliancy_id_customer|escape:'quotes':'UTF-8'} {addJsDef gdprcompliancy_id_module=$gdprcompliancy_id_module|escape:'quotes':'UTF-8'} {addJsDefL name=greetMessage}{l s='Thank you and enjoy your visit' js=1}{/addJsDefL} {addJsDefL name=notAgreeMessage}{l s='Please accept the terms before proceeding' js=1}{/addJsDefL} {addJsDefL name=notAgeMessage}{l s='Please validate your age before proceeding' js=1}{/addJsDefL} {/strip} {literal}

{/literal}

Eolia

From: Philipp Claßen Sent: Wednesday, October 26, 2022 5:23 PM To: ghostery/ghostery-extension Cc: Eolia ; Mention Subject: Re: [ghostery/ghostery-extension] Never-Consent: Automatic consent management (Issue #783)

@Eolia @doekia Hi, probably the rule that hides elements with the gdpr-content class comes from community lists that we are using. If you have an example page where it happens, please report it on https://github.com/ghostery/broken-page-reports/ That helps us to test the changes (when excluding things like blocking a GDPR dialog as in your example).

Note that Never-Consent works the other way around: we do not block GDPR consent dialogs; only the interaction with it is automated. Never-Consent clicks through the dialog on behalf the users you chose to use the feature.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

[philipp-classen]

@Eolia I have a hard time finding a page where we hide an element with .gdpr-content. Should it be on https://eoliashop.com/? If so, I don't see it being present in the HTML on that page; adding an exclusion rule for it blindly would not make a difference on that specific page.

If you have an example where Ghostery installed breaks functionality, please share here or even better open a ticket on https://github.com/ghostery/broken-page-reports/. From our side, it helps to have an URL and some text or screenshot that explains how the page should look like.

[Eolia]

Ok, on this sites for example:

https://silhouette-by-s.com/nous-contacter https://www.biopur-habitat.com/fr/connexion https://www.evedeco.com/fr/nous-contacter

From: Philipp Claßen Sent: Wednesday, October 26, 2022 7:08 PM To: ghostery/ghostery-extension Cc: Eolia ; Mention Subject: Re: [ghostery/ghostery-extension] Never-Consent: Automatic consent management (Issue #783)

@Eolia I have a hard time finding a page where we hide an element with .gdpr-content. Should it be on https://eoliashop.com/? If so, I don't see it being present in the HTML on that page; adding an exclusion rule for it blindly would not make a difference on that specific page.

If you have an example where Ghostery installed breaks functionality, please share here or even better open a ticket on https://github.com/ghostery/broken-page-reports/. From our side, it helps to have an URL and some text or screenshot that explains how the page should look like.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

[Eolia]

From: Philipp Claßen Sent: Wednesday, October 26, 2022 7:08 PM To: ghostery/ghostery-extension Cc: Eolia ; Mention Subject: Re: [ghostery/ghostery-extension] Never-Consent: Automatic consent management (Issue #783)

@Eolia I have a hard time finding a page where we hide an element with .gdpr-content. Should it be on https://eoliashop.com/? If so, I don't see it being present in the HTML on that page; adding an exclusion rule for it blindly would not make a difference on that specific page.

If you have an example where Ghostery installed breaks functionality, please share here or even better open a ticket on https://github.com/ghostery/broken-page-reports/. From our side, it helps to have an URL and some text or screenshot that explains how the page should look like.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>

[chrmod]

For reference, .gdpr-content is blocked as it is covered by EasyList Cookie list https://github.com/easylist/easylist/blob/e63323cfeff4818e2ad5486e1d91c168138e4d63/easylist_cookie/easylist_cookie_general_hide.txt#L13061

Ghostery by default hides all cookie popups, but in case we know how to use them to opt-out of tracking, then our new feature Never-Consent will do it, instead of simply hiding the consent dialog. In both cases, all ads and trackers will be blocked by Ghostery, so there is no difference in privacy protection for our users.

[philipp-classen]

@Eolia Thank you, with these pages, I can reproduce (actually, the site are unusable for me with Ghostery installed). We will fix that.

I opened a ticket here: https://github.com/ghostery/broken-page-reports/issues/125

Feel free to comment on that new ticket if there are other pages that are affected. Normally, we try to create individual tickets for each page, but since here all related, I think it makes sense to look at all together; most likely a fix will cover them all.