search

microsoft / clarity

A behavioral analytics library that uses dom mutations and user interactions to generate aggregated insights.
https://clarity.microsoft.com
MIT License
2.09k stars 209 forks source link

Undocumented opt-out flow #570

Open macco3k opened 6 months ago

macco3k commented 6 months ago

Microsoft has some documentation about cookie consent here: https://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-consent. However, it is not clear what these cookies are for. For example, collect calls are still being sent after revoking consent. It's also completely undocumented how to completely stop tracking. We now assume calling window.clarity("start") and window.clarity("stop") is enough, but this is just an assumption based on other issues here in the repo.

It'd be nice if one could inject the script as off by default, and only start it when the user opts in.

mmonteiroc commented 6 months ago

Users tracking will remain with or without cookies. The only problem is that the cookies wont be used, so you wont identify 1 user as itself, but as multiple users ( one per session )

To stop the cookies usage ( which is the important part for GDPR ) you can use window.clarity('consent', false). Regarding this, I opened yesterday another issue which in fact does not clear the cookies correctly

567

macco3k commented 6 months ago

If a user does not give consent to be tracked, I assume they don't want their activity to be recorded at all. It'd be nice to have a way to simply disable the whole script.

Daniele Maccari

-------- Oorspronkelijk bericht -------- Op 04-04-2024 09:34, schreef Miguel Monteiro Claveri :

Users tracking will remain with or without cookies. The only problem is that the cookies wont be used, so you wont identify 1 user as itself, but as multiple users ( one per session )

To stop the cookies usage ( which is the important part for GDPR ) you can use window.clarity('consent', false). Regarding this, I opened yesterday another issue which in fact does not clear the cookies correctly #567

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

itpropro commented 2 days ago

Microsoft has some documentation about cookie consent here: https://learn.microsoft.com/en-us/clarity/setup-and-installation/cookie-consent. However, it is not clear what these cookies are for. For example, collect calls are still being sent after revoking consent. It's also completely undocumented how to completely stop tracking. We now assume calling window.clarity("start") and window.clarity("stop") is enough, but this is just an assumption based on other issues here in the repo.

It'd be nice if one could inject the script as off by default, and only start it when the user opts in.

You would normally do this in either your consent management or your JS framework. It should have the ability to conditionally load/inject scripts based on triggers/hooks/parameters that are then derived from for example a user interaction. If the user didn't agree, the script should not be loaded at all in the beginning, this is for some tracking scripts even required from a compliance perspective.