search

lbryio / lbry-desktop

A browser and wallet for LBRY, the decentralized, user-controlled content marketplace.
https://lbry.tech
MIT License
3.56k stars 413 forks source link

Making lbry.tv GDPR compliant #4713

Closed finer9 closed 2 years ago

finer9 commented 4 years ago

Our advertising partner requires that we become gdpr compliant on lbry.tv by Sept 30.

While there are several facets of compliance, a main and obvious one is the 'cookie warning banner' you see on many sites today.

https://www.cookieyes.com/gdpr-cookie-consent-banner-examples/

An 'informational' type is a good start for us. It should run along the bottom of the screen and disappear when agreed-to.

kauffj commented 4 years ago

lbry.tv uses cookies and the GDPR is dumb [Agreed]

neb-b commented 4 years ago

Do we just need to change the text on the banner that is already being used? Or are larger changes required?

Screen Shot 2020-08-27 at 2 54 57 PM
finer9 commented 4 years ago

I think this banner is a perfect place. We just need to use the version of the text that says they are agreeing to the cookies, not the option of rejecting them.

On Thu, Aug 27, 2020 at 2:56 PM Sean Yesmunt notifications@github.com wrote:

Do we just need to change the text on the banner that is already being used? Or are larger changes required?

[image: Screen Shot 2020-08-27 at 2 54 57 PM] https://user-images.githubusercontent.com/16882830/91483204-50a48b80-e875-11ea-8dbf-9fd000cb66d3.png

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/lbryio/lbry-desktop/issues/4713#issuecomment-682132062, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD5BQDAO2KX4DFLDNI4X6KDSC2T5DANCNFSM4QNC4R6A .

kauffj commented 3 years ago

Does this still need to be done? What is this holding back, if anything?

9mido commented 3 years ago

I suggest creating something like https://www.youtube-nocookie.com/embed/ but for embedded odysee videos. As a business owner who would much rather use odysee, I wouldn't embed odysee videos unless there is a way to embed them without cookies.

It seems like auth_token is the name of the cookie for the embedded odysee video and I also see that quite a few things are in localstorage.

As for the cookie banner at the bottom of the page you can buy something like OneTrust CookiePro or Cookiebot. It is not enough to just display a banner and click something to dismiss the banner. When someone visits odysee.com, you cannot automatically store any cookies on their browser unless the visitor consents to it. You need to be able to have your users control which cookies they are willing to accept/decline. Parts of the website will not work unless cookies are accepted. Users like to have control over what cookies they want the website to use and so does the law.

See this as an example of what you should create for users to control their cookies:

https://stripe.com/cookie-settings

Something needs to be done about cookies otherwise you will have some big legal fines to pay. And you are putting all other websites at legal risk who embed odysee videos on their websites if those websites do not have some type of cookie accept/decline mechanism.