Open ayush-oberoi opened 3 years ago
Thanks @ayush-oberoi for the report. We will have to review
Hey @ayush-oberoi - Thanks for posting this. Do you have interest in resolving these for us? We can create a bounty and pay you for your work if so. Thanks!
Yes, I could possibly provide the steps to remediate the issue. Do let me know if I can continue writing the steps below?
Yes, @ayush-oberoi - We would love the support in detailing how to remediate for someone to work on.
Below I provide certain recommendation and steps which could possibly solve the issue.
Remediation - Update the cookie policy with details of each and every cookie (Both first and third party) not about the provider only.
Remediation - Please refer this article that demonstrates the issue which I am trying to convey and provides remediate step by step solution.
anonymized
cookies.Remediation - Please refer the steps in this article for enabling it.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This issue now has a funding of 0.4 ETH (405.36 USD @ $1013.39/ETH) attached to it.
Hi @Kweiss, How can I claim the bounty? I have again provided my previous comment through gitcoin "express interest"
Hi @ayush-oberoi - Are you interested in fixing these things for us in our code base? If so, I am happy to assign you the bounty if you can resolve all these items for us.
Hi @Kweiss ,
The issue and the remediation steps that I have addressed is something that requires changes by gitcoin core privacy team on their cookie policy, changes in the Google tag manager account which is of course not publicly accessible, google analytics settings also. My job was to concern the gitcoin about the issue, I have also provided the remediation steps and that requires access to gitcoin's Google tag manager, google analytics account which can only be done by the engineering team at gitcoin.
Thanks @ayush-oberoi - I did not understand this. What is your Eth address and I can tip you for reporting and detailing the information (It wont be as large as the bounty as we still have to do the work).
Hi @Kweiss ,
Here is my ETH address
0x4CAB12e55277E164ADb59d74F2C036837960b0E5
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
The funding of 0.4 ETH (489.37 USD @ $1223.42/ETH) attached to this issue has been cancelled by the bounty submitter
⚡️ A tip worth 0.10000 ETH (122.34 USD @ $1223.42/ETH) has been granted to @ayush-oberoi for this issue from @Kweiss. ⚡️
Nice work @ayush-oberoi! Your tip has automatically been deposited in the ETH address we have on file.
Hello Gitcoin Please read each and every point carefully.
Title : No active Cookie consent , No Ip anonymization and storage of non essential cookies without user's explicit consent leads to Privacy concern and possibility of financial loss through fines due to non compliance.
Description : I have noticed that Gitcoin does have cookie banner as soon as an eu visitor visits the website. There are certain non compliance issues which are described below. These are being put forward after reading the cookie and privacy policy of gitcoin.
Ref : https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/#consent
ref : https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/#consent
https://support.google.com/analytics/answer/2763052?hl=en
https://www.datadrivenu.com/gdpr-ip-addresses-google-analytics/
Non compliant
To rule out any possibility of false positive, I have also made a compliance check for ico.org.uk and find itcompliant
. I attach the screenshot. I also have a detailed cookie report regarding this. This clearly contradicts the fact gitcoin put forward through cookie banner about being compliant to GDPR.