GDPR - Extension needed

luceos

[deleted] Again, this is also very comforting. I fully understand the priorities, but on the flip side, Blomstra would need to be compliant in order to offer it's services

The communities we host might need to be compliant. But yes we are well aware of the weight of having such an extension to the validity of our services.

[deleted] I'd like to think I fit this requirement - happy to contribute

You do, I think I meant having a +1 would be helpful too just for having another set of eyes on the subject.

[deleted] I need to reinforce that my view here isn't just "well, there's no GDPR extension, so I'm off..." - it's about the interests of Flarum as a wider project, and it's uptake in the EU, which we cannot ignore - both for project longevity and legal reasons.

I feel your personal pain. I apologize for not sharing it yet. I guess that's part of having so many responsibilities. Having a GDPR extension is in no way a responsibility of the core team as they should provide a kick-ass framework for extensions to work with. It's also not a responsibility of FoF as their goal is to guarantee existing open source extensions are maintained. It is a wishlist item for Blomstra, but we need to get things going in order to be able to invest time into this.

That is why I believe this is a responsibility of the community. The drawback is that development capacity right now is limited.

I don't want to say this isn't going to happen, I do think that someone needs to be swayed into continuing the previous efforts for something to happen within weeks. Maybe @IanM @clarkwinkelmann @askvortsov wants to give it a shot?

Reference to extension: https://github.com/Bokt/flarum-gdpr

askvortsov

luceos Sure, I'd be happy to take a look!

katos

I am happy to assist in crowd-funding this extension, and also willing to provide my legal background assistance, as well as my background in IT.

Wadera

katos I am happy to assist in crowd-funding this extension

+1 from me 😉

luceos

askvortsov let me know if you do, @IanM also had some time the coming days otherwise.

Changed the repo to https://github.com/blomstra/flarum-ext-gdpr

[deleted]

I really am flattered that this is gathering such pace so quickly. Thanks everyone !

luceos

[deleted] most developers capable of picking this up are taxed with other responsibilities right now, especially with the next release imminent. That's why there isn't that much momentum, including with calls for paid work.

Justoverclock

i'm planning to work on a GDPR extension (if no one is involved now), but i'm not sure about how this extension need to be developed.

These are my questions:

can i use localstorage instead of classic cookies?
Must be present a link to extended privacy policy and extended cookie policy? (link to a post on flarum i suppose)

what else?

[deleted]

Justoverclock You should check with with @askvortsov and @IanM as they have begun work in coordination with myself and @katos

Justoverclock

[deleted] oh ok if u guys are working on this i will stay behind the scene 🙂

Justoverclock

actually (because i've not seen any extension) i'm working on that:

for now i have mandatory cookies and google analytics cookies. If Google Analytics is not checked, google analytics code will be stopped)

google analytics code managed through admin panel.

[deleted]

Justoverclock looks great, but more cookie consent centric than actual GDPR.

Darkle

Justoverclock It looks really good, I would recommend you to include a reject button (which automatically blocks all unneeded cookies), this button is being one of the main reasons for the massive NOYB (European Center for Digital Rights) complaints that started this year.

The NOYB said that their complaints are directed at both companies like Google and Twitter as well as local sites "that have a relevant number of visitors" what? we are really putting Google on the same level as a local site? insane.

All this seems ridiculous to me, I mean cookies should be managed 100% by the browsers they should be in charge of the user's consent with the cookies of each site etc...

Hari

Justoverclock looks great, could you include a small mode too. maybe a bottom bar or small-sized card view.

not only EU but google AdWords made it mandatory to advertise in search or display network

1Dot

Justoverclock I think you can make something like that you did in Keywords extension Like at place of word take input as name for example Ramesh Script and in definition input you can take script or html used and now use the input Justoverclock here at the place of Google analytics and if the user unselect ramesh script then stop loading Ramesh Script and I have something great to share that only load script or css when user select anything you can use if condition here see the demo code below:

  if (r == true) {
          // Get HTML head element
        var head = document.getElementsByTagName('HEAD')[0]; 
        var script = document.createElement('script');
        script.src = 'RameshDadaPremiumScriptUrlForFREE'; 
        head.appendChild(script); 
}

Justoverclock

Now if u do not check google analytics, this will be not loaded (I’ve included the google analytics code)

So I do not understand the reject button….u can’t reject all cookies (mandatory cookies are blocked on “checked”), Flarum will not work properly without it.

[deleted]

Justoverclock the reject button is for anything that isn't required for Flarum to function basically. You'd need to clearly set out in your limit those committed which are mandatory and are required for the platform to run.

Justoverclock

[deleted] yes but i don't know how can i exclude some cookies, for example i can't exclude adsense or ads if someone have an ads extension enabled....is a little bit tricky, but i definitely work on this

Walys

Justoverclock
The GDPR terms in EU is a big "kick ass" for any web developer.
I think is a bad idea as indicated by the laws that must be implemented by each web page .

In my case, have implemented a "Fake GDPR" in any website I working. For me a simple GDPR (not 100% legal) is ok!

[deleted]

Walys In my case, have implemented a "Fake GDPR" in any website I working. For me a simple GDPR (not 100% legal) is ok!

Forgive me for being so direct here, but this is a really bad decision in my view. As a security and privacy expert, if you claim to have a framework in place, yet actually have nothing, then you are asking for trouble.

Even if you think it's a bad idea, it's the law.

Walys

[deleted] Hi phenomlab!
No problem for so direct. It´s your opinion. Everything's fine.
More than 90% websites in EU not comply with the GDPR Cookies law at 100% point by point.

I think it is very poorly implemented. It would be much easier if as a user you could manage everything from the browser and not going page by page accepting or refuse all cookies.

[deleted]

Walys It would be much easier if as a user you could manage everything from the browser and not going page by page accepting or refuse all cookies.

Fully agree. I know there is a GDPR extension in the works that (possibly) factors this functionality in.

ornanovitch

Walys I think it is very poorly implemented. It would be much easier if as a user you could manage everything from the browser and not going page by page accepting or refuse all cookies.

Some folks are working hard on it