New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove ethyca from easyprivacy_trackingservers.txt #16881
Conversation
Also requested via email as well as the forums in https://forums.lanik.us/viewtopic.php?p=166322-ethyca-com#p166322
Added here: d7780a4 Due to https://cdn.ethyca.com/org/qtZ0SOEWBbViwiEWVzpukkADzQqDKH6i4M5of6Izg%3D/cookie.js (Cleaned up https://pastebin.com/ct2qADB5) For privacy, I see no reason to remove this. Fingerprinting, cookie (set/get), referrer, useragent checks. Only way to remove this, fix the scripts. then come back. Otherwise it'll stay. |
Discussion went dead, apparently. I'm closing here. |
Hi @Khrin ! Apologies for the delay in responding, just coordinating with our team on next steps. Ok to reopen? |
Sure,, once trackers/analytics/logging are removed. Or seperate the trackers to specific sub-domain only. |
@ryanbr just to check here - the law requires companies to log when consent is collected, what notice was displayed to the user, and a pseudonymous identifier for the user/device (to prove consent) and a timestamp/date. I'd love your feedback on how you'd solve that problem here - the law requires these functionalities and they are used specifically for this purpose. For reference, here's a link to the Information Commissioner in the UK's specific guidance on requirements for the legal obligation of a data processor to record consent. This block is directly preventing businesses from complying with legal obligations under Article 7 of the GDPR - I don't think that's the intention here but that is the result. |
Hi @ryanbr, also from Ethyca here. I also want to explain what the script is doing in the source code because those browser features (cookies, user agent, etc.) are all done to block trackers and provide support for multiple browsers. I'll reference the pastebin you shared and some line numbers, etc. but I'll also link to the OSS libraries we use that you're flagging issues with.
We do use set a cookie called
That cookie is used to store the user's consent preferences so that if they opt-out of analytics / marketing / etc. that choice is respected on future vists.
I believe you're referring to lines like this in the pastebin (line 3253):
This is the minified version of the
Axios is used here to provide support for legacy browsers when making XHR requests. You can check out all the source for axios here: https://github.com/axios/axios
Lastly, we don't do any fingerprinting in this script itself but we do generate a fully pseudonymous ID when storing the user's consent record. This is done to prevent the ability to track the user themselves while still remaining compliant with GDPR / etc. You can see on line 4429 of the pastebin that we use the
Hopefully that explains what's going on there better, and sorry for not clarifying this earlier 👍 |
Also requested via email as well as the forums in https://forums.lanik.us/viewtopic.php?p=166322-ethyca-com#p166322
Copying the text from those here as well
Hello,
The following is found on the EasyPrivacy list
||ethyca.com^$third-party
Ethyca is the steward of the first (maybe only?) open-source data privacy platform, Fides and some of our users recently brought this to our attention. I would like to have it removed as it is impacting users being able to effectively allow their users to control their data privacy choices.
Please let me know if I can answer any questions to help sort this out - thank you!