(Sims) prevent cookie save before consent

oliver-phet commented 1 year ago

Since the latest patch in https://github.com/phetsims/phetcommon/issues/60, cookies are now being set on all tagged pages (including sims). This was inadvertent and we want disable setting cookies in sims by default.

oliver-phet commented 1 year ago

Testing link for latest patch here: https://bayes.colorado.edu/dev/olsonjb/cookietest1.html

jonathanolson commented 1 year ago

Patch:

```diff Subject: [PATCH] Removing cookies? --- Index: js/analytics/google-analytics.js IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== diff --git a/js/analytics/google-analytics.js b/js/analytics/google-analytics.js --- a/js/analytics/google-analytics.js (revision ca3844837dac4ee86a18d43ea27b2cfb7bd3fcf5) +++ b/js/analytics/google-analytics.js (date 1674850208789) @@ -145,6 +145,10 @@ function gtag() { ga4DataLayer.push( arguments ); } // eslint-disable-line no-inner-declarations,no-undef,prefer-rest-params gtag( 'js', new Date() ); + gtag( 'consent', 'default', { + ad_storage: 'denied', + analytics_storage: 'denied' + } ); gtag( 'config', phet.chipper.queryParameters.ga4 ); // Dynamically load the script @@ -160,6 +164,13 @@ // For some reason, having dataLayer declaration here might have fixed the ability to use gtag.js and gtm.js at the // same time. Don't move without testing. window.dataLayer = window.dataLayer || []; + function gtmTag() { + window.dataLayer.push( arguments ); // eslint-disable-line prefer-rest-params + } + gtmTag( 'consent', 'default', { + ad_storage: 'denied', + analytics_storage: 'denied' + } ); window.dataLayer.push( { simBrand: phet.chipper.brand, simName: phet.chipper.project, ```

oliver-phet commented 1 year ago

@jonathanolson this is looking good in my testing (various combinations of external test query parameters). Should we also do a 3rd party test (host on http://jonathanolson.net)?

jonathanolson commented 1 year ago

@oliver-phet can you test https://jonathanolson.net/phet/cookietest1.html?

oliver-phet commented 1 year ago

@jonathanolson I tested various configurations, with and without query parameters. Cookies aren't being saved and all the collect calls are firing as expected!

I think this version is good to go.

oliver-phet commented 1 year ago

@jonathanolson maybe hold off on publication - I'm doing some double checking and while I see collect calls in the console, I'm NOT seeing hits in analytics!

oliver-phet commented 1 year ago

@jonathanolson I'm still Googling, but it seems setting 'analytics_storage': 'denied', prevents hits from showing in analytics reports (GA4)! https://stackoverflow.com/questions/64951848/google-analytics-consent-mode-beta-sends-data-but-is-not-reflected-on-dashbo https://stackoverflow.com/questions/69393998/google-consent-mode-works-with-ua-but-not-ga4

oliver-phet commented 1 year ago

It seems clear that none of our data is personal data under GDPR. From: https://www.termsfeed.com/blog/gdpr-google-analytics-ga4/ In practice, it's possible that none of your GA4 data (or Device IDs) will be considered personal data under the GDPR if you do the following:

[x] Use GA4 only in its default anonymized form PhET uses the default form and doesn't transmit any PII in any other dimensions (against Google To)
[x] Don't share GA4 data with Google Signals and other Google tracking platforms No data is shared. Google Signals/Google Ads is disabled for all PhET GA4 and UA properties
[x] Disable the advertising personalization feature in GA4 Ad personalization is completely disabled for all PhET GA4 and UA properties
[x] Use the anonymized data collected through GA4 for aggregate statistical reporting purposes only That's what we do.

However, there still seem to be countries within the EU where explicit consent to analytics cookies is required before placing our GA cookies.

Simply put, some EU countries require websites to obtain explicit consent from users through cookie notice banners before placing analytics cookies on their devices, while others are more lenient with this requirement.

To put things in context, take the cookie consent requirement of Germany and the United Kingdom for example.

The German conference supervisory authorities published a guide that addresses cookie consent requirements for analytics tracking.

In short, the body decided that websites do not need to obtain consent through cookie notice banners before placing analytics cookies on devices unless the data gathered through these cookies will be transferred to a third party.

The United Kingdom, on the other hand, takes a different perspective on cookie consent.

According to the cookie guide released by the UK Information Commissioner's Office (ICO), websites must obtain consent from users through cookie notice banners before placing analytics cookies on a user's device.

That said, the ICO states that it is unlikely that formal action will be taken against violators for implementing low-risk cookies (e.g., first-party cookies) without obtaining consent.

However, we recommend that you play it safe and always seek user consent through cookie banners before implementing analytics cookies for UK residents.

To sum it up, your obligations with regard to providing a cookie notice banner when using GA4 will depend on the cookie laws in the countries where your users reside.

jonathanolson commented 1 year ago

Production releases queued up, might finish tomorrow. Full list to check here (since I'm not getting build emails):

acid-base-solutions 1.2 ()

[ ] acid-base-solutions 1.2.31

area-builder 1.1 ()

[ ] area-builder 1.1.26

area-model-algebra 1.2 ()

[ ] area-model-algebra 1.2.8

area-model-decimals 1.2 ()

[ ] area-model-decimals 1.2.8

area-model-introduction 1.2 ()

[ ] area-model-introduction 1.2.8

area-model-multiplication 1.2 ()

[ ] area-model-multiplication 1.2.8

arithmetic 1.0 ()

[ ] arithmetic 1.0.31

atomic-interactions 1.2 ()

[ ] atomic-interactions 1.2.9

balancing-act 1.1 ()

[ ] balancing-act 1.1.31

balancing-chemical-equations 1.2 ()

[ ] balancing-chemical-equations 1.2.17

balloons-and-static-electricity 1.3-phetio ()

balloons-and-static-electricity 1.5 ()

[ ] balloons-and-static-electricity 1.5.7

beers-law-lab 1.4 ()

[ ] beers-law-lab 1.4.24

beers-law-lab 1.6-phetio ()

bending-light 1.1 ()

[ ] bending-light 1.1.26

blackbody-spectrum 1.0 ()

[ ] blackbody-spectrum 1.0.14

build-a-fraction 1.0 ()

[ ] build-a-fraction 1.0.19

build-a-molecule 1.0 ()

[ ] build-a-molecule 1.0.11

build-a-nucleus 1.0 ()

[ ] build-a-nucleus 1.0.10

build-an-atom 1.5-phetio ()

build-an-atom 1.6 ()

[ ] build-an-atom 1.6.22

capacitor-lab-basics 1.6 ()

center-and-variability 1.0 ()

charges-and-fields 1.0 ()

[ ] charges-and-fields 1.0.55

charges-and-fields 1.0-phetio ()

circuit-construction-kit-ac 1.0 ()

[ ] circuit-construction-kit-ac 1.0.8

circuit-construction-kit-ac-virtual-lab 1.0 ()

[ ] circuit-construction-kit-ac-virtual-lab 1.0.7

circuit-construction-kit-black-box-study 1.1-phetio ()

circuit-construction-kit-dc 1.2 ()

[ ] circuit-construction-kit-dc 1.2.13

circuit-construction-kit-dc-virtual-lab 1.2 ()

[ ] circuit-construction-kit-dc-virtual-lab 1.2.13

collision-lab 1.1 ()

[ ] collision-lab 1.1.11

color-vision 1.1 ()

[ ] color-vision 1.1.32

color-vision 1.2-phetio ()

concentration 1.3 ()

[ ] concentration 1.3.27

concentration 1.5-phetio ()

coulombs-law 1.0 ()

[ ] coulombs-law 1.0.18

curve-fitting 1.0 ()

[ ] curve-fitting 1.0.8

density 1.0 ()

diffusion 1.0 ()

[ ] diffusion 1.0.12

energy-forms-and-changes 1.4 ()

energy-skate-park 1.2 ()

[ ] energy-skate-park 1.2.1

energy-skate-park-basics 1.1 ()

[ ] energy-skate-park-basics 1.1.26

energy-skate-park-basics 1.3-phetio ()

equality-explorer 1.1 ()

[ ] equality-explorer 1.1.7

equality-explorer-basics 1.0 ()

[ ] equality-explorer-basics 1.0.20

equality-explorer-two-variables 1.0 ()

[ ] equality-explorer-two-variables 1.0.20

expression-exchange 1.1 ()

[ ] expression-exchange 1.1.21

faradays-law 1.3-phetio ()

faradays-law 1.4 ()

[ ] faradays-law 1.4.12

forces-and-motion-basics 2.1-phetio ()

forces-and-motion-basics 2.3 ()

[ ] forces-and-motion-basics 2.3.26

fourier-making-waves 1.0 ()

[ ] fourier-making-waves 1.0.10

fraction-matcher 1.2 ()

[ ] fraction-matcher 1.2.9

fractions-equality 1.1 ()

[ ] fractions-equality 1.1.9

fractions-intro 1.0 ()

[ ] fractions-intro 1.0.20

fractions-mixed-numbers 1.0 ()

[ ] fractions-mixed-numbers 1.0.20

friction 1.5 ()

[ ] friction 1.5.19

function-builder 1.2 ()

[ ] function-builder 1.2.6

function-builder-basics 1.2 ()

[ ] function-builder-basics 1.2.6

gas-properties 1.0 ()

[ ] gas-properties 1.0.12

gases-intro 1.0 ()

[ ] gases-intro 1.0.13

gene-expression-essentials 1.0 ()

[ ] gene-expression-essentials 1.0.24

geometric-optics 1.1 ()

[ ] geometric-optics 1.1.7

geometric-optics-basics 1.2 ()

[ ] geometric-optics-basics 1.2.5

graphing-lines 1.3 ()

[ ] graphing-lines 1.3.18

graphing-quadratics 1.1 ()

graphing-quadratics 1.2 ()

graphing-slope-intercept 1.1 ()

[ ] graphing-slope-intercept 1.1.17

gravity-and-orbits 1.4 ()

gravity-and-orbits 1.5 ()

gravity-and-orbits 1.6 ()

gravity-force-lab 2.2 ()

gravity-force-lab-basics 1.1 ()

[ ] gravity-force-lab-basics 1.1.8

greenhouse-effect 1.0 ()

hookes-law 1.0 ()

[ ] hookes-law 1.0.30

isotopes-and-atomic-mass 1.1 ()

[ ] isotopes-and-atomic-mass 1.1.16

john-travoltage 1.4-phetio ()

john-travoltage 1.6 ()

[ ] john-travoltage 1.6.9

least-squares-regression 1.1 ()

[ ] least-squares-regression 1.1.26

make-a-ten 1.0 ()

[ ] make-a-ten 1.0.22

masses-and-springs 1.0 ()

[ ] masses-and-springs 1.0.17

masses-and-springs-basics 1.0 ()

[ ] masses-and-springs-basics 1.0.16

mean-share-and-balance 1.0 ()

[ ] mean-share-and-balance 1.0.5

molarity 1.4 ()

[ ] molarity 1.4.21 phet-io
[ ] molarity 1.4.21 phet-io Studio

molarity 1.5 ()

[ ] molarity 1.5.11

molecule-polarity 1.2 ()

molecule-shapes 1.2 ()

[ ] molecule-shapes 1.2.15

molecule-shapes-basics 1.2 ()

[ ] molecule-shapes-basics 1.2.15

molecules-and-light 1.3-phetio ()

molecules-and-light 1.5 ()

[ ] molecules-and-light 1.5.18

my-solar-system 1.0 ()

[ ] my-solar-system 1.0.7

natural-selection 1.2 ()

natural-selection 1.3 ()

natural-selection 1.4 ()

neuron 1.1 ()

[ ] neuron 1.1.24

normal-modes 1.0 ()

[ ] normal-modes 1.0.5

number-line-distance 1.0 ()

[ ] number-line-distance 1.0.7

number-line-integers 1.1 ()

[ ] number-line-integers 1.1.9

number-line-operations 1.0 ()

[ ] number-line-operations 1.0.10

number-play 1.0 ()

[ ] number-play 1.0.9

ohms-law 1.4 ()

[ ] ohms-law 1.4.17

pendulum-lab 1.0 ()

[ ] pendulum-lab 1.0.22

ph-scale 1.5 ()

ph-scale-basics 1.5 ()

[ ] ph-scale-basics 1.5.9
[ ] ph-scale-basics 1.5.9 phet-io
[ ] ph-scale-basics 1.5.9 phet-io Studio

plinko-probability 1.1 ()

[ ] plinko-probability 1.1.24

projectile-motion 1.0 ()

[ ] projectile-motion 1.0.22

proportion-playground 1.0 ()

[ ] proportion-playground 1.0.21

ratio-and-proportion 1.2 ()

[ ] ratio-and-proportion 1.2.2

reactants-products-and-leftovers 1.2 ()

[ ] reactants-products-and-leftovers 1.2.18

resistance-in-a-wire 1.3-phetio ()

resistance-in-a-wire 1.6 ()

[ ] resistance-in-a-wire 1.6.18

rutherford-scattering 1.1 ()

[ ] rutherford-scattering 1.1.16

states-of-matter 1.2 ()

states-of-matter-basics 1.2 ()

trig-tour 1.0 ()

[ ] trig-tour 1.0.29

under-pressure 1.1 ()

[ ] under-pressure 1.1.24

unit-rates 1.0 ()

[ ] unit-rates 1.0.23

vector-addition 1.0 ()

[ ] vector-addition 1.0.8

vector-addition-equations 1.0 ()

[ ] vector-addition-equations 1.0.8

wave-interference 2.0 ()

[ ] wave-interference 2.0.10

wave-on-a-string 1.1 ()

[ ] wave-on-a-string 1.1.28

waves-intro 1.1 ()

[ ] waves-intro 1.1.11

jonathanolson commented 1 year ago

Production deploys completed.

oliver-phet commented 1 year ago

Closing, tracking saving cookies/consent in https://github.com/phetsims/website/issues/1190

phetsims / phetcommon

(Sims) prevent cookie save before consent #61