matomo-org / tag-manager

Free Open Source Matomo Tag Manager - A simple way to manage and maintain all of your (third-party) tags on your website.
https://matomo.org
GNU General Public License v3.0
176 stars 58 forks source link

favour privacy-friendly third-party-tags #46

Open Findus23 opened 6 years ago

Findus23 commented 6 years ago

While researching new tags, I noticed that a huge selection of third-party-tags in TagManager has one disadvantage: It makes it easy for Matomo-Users to infringe the website users privacy with a few clicks and without thinking about the implications by adding Facebook, Twitter and Google Analytics to the website.

To counteract, we could highlight tags that only depend on privacy-focused, open-source and/or self-hosted services. (Obviously Matomo, but also Sentry.io)

An alternative would be doing the opposite and adding F-Droid-like anti-feature warnings to all other, but I'm afraid that they will probably be the majority.

danielmcclure commented 6 years ago

People are going to use what they are going to use, so instead of focusing on getting the "right" tags (whilst a great thing to do), it's probably more impactful to implement a simple and easy to understand consent mechanism. So when people add a centralised third party advertising tag, they can easily indicate that it will potentially collect PII, include privacy policy links and then activate relevant consent mechanism / notices.

I attempted to create a simple flow for users to add Cookie Consent by InSites with GTM earlier in the year in preparation for GDPR but even so it includes many steps. If there were an optional plug and play system in Matomo for consent (potentially linked with your existing tag category schema) for ease of implementation then it would be a clear advantage without being too prescriptive or imposing.

tsteur commented 6 years ago

People are going to use what they are going to use, so instead of focusing on getting the "right" tags

Thinking the same and not seeing too much benefit of it actually. Tags could explain though in their help text that they may need to add a privacy notice or something. Also I think there won't be too many self-hosted or privacy-focused tags. With Tag Manager you mainly embed 3rd party sources which naturally send some data away.

Consent manager will likely developed in Matomo at some point but not directly part of tag manager (it may enrich the consent manager though).

Findus23 commented 6 years ago

Hm, I'm not a huge fan of a consent manager as I am afraid it will end up list the one by piwik pro: Annoying, because you have to click through a menu before you even know what use the website behind it provides and a huge dark pattern, because either no one will agree or you make it confusing by making the primary button not save the settings, but enable all tracking. (BTW: They changed it recently and the new one is even more deceptive, because it depends on the user to know what opt-in means)

I think we should focus more on the privacy aspects as this is the major selling point against not simply using Google Tag Manager instead.