-
-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New OneTrust cookies? #94
Comments
Great find, @katehausladen! My basic understanding (which could be wrong since I had not heard of these two cookies before) is that OneTrust is aiming to achieve opt out consistency between their opt out system and the IAB's system. For example,
seems to say that when a user has opted out and the GPP String is set accordingly, then that opt out is also reflected in the OTGPPConsent cookie for that user. If you have some examples of that cookie value and the GPP String that the IAB set, it may be possible to find whether that is actually how that works. By the way, when they talk about a cookie being "dropped" they mean a cookie being "stored" on the user's computer. |
I think it would be a nice add-on if it is relatively easy to do. |
We're going to add OTGPPConsent and OneTrustWPCCPAGoogleOptOut cookie collection |
@franciscawijaya will implement this with the help of @katehausladen. |
@franciscawijaya you'll have to add the new cookie names to regex.js. Then, you'll have to add new columns for the cookies in the rest-api (namely, in the app.post in index.js starting line 59). Analysis data for each domain is stored in analysis_userend[domain]. Add the cookie data to this object in logData under the if (command === "COOKIES") {... section. Just follow how the other cookie data is stored. |
Added 2 new Cookies (issue #94)
I merged the pull request and updated the readme + wiki accordingly. Here's the newest architecture diagram powerpoint. |
Excellent! Thank you, @katehausladen! |
I was reading about the OptanonConsent cookie here and noticed that they listed 2 other cookies that have to do with the CCPA and GPP:
![Screenshot 2024-02-21 at 3 39 40 PM](https://cdn.statically.io/img/private-user-images.githubusercontent.com/40359590/306768228-b1b630a3-28dd-4007-b5f4-9ffd111c88c7.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA2NTM1MjIsIm5iZiI6MTcyMDY1MzIyMiwicGF0aCI6Ii80MDM1OTU5MC8zMDY3NjgyMjgtYjFiNjMwYTMtMjhkZC00MDA3LWI1ZjQtOWZmZDExMWM4OGM3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzEwVDIzMTM0MlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTY4MDZhMzFjZjY1ZDllZDRlYWIxNjBjNDg1YmZkNTM1YTdlYzJiZDEzNTQ1NWUwNzcyNTg4N2ZlNTBmMDBiMDMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.634ZAjQLF4lXw3m9ooIp2mIzvqCYikA-ZF2oNBpEGF8)
I saw the OneTrustWPCCPAGoogleOptOut cookie "in the wild" a few times when doing the validation/test set back in November and December, but to me, it's not completely clear what it's doing (I'm not sure what "cookie category associated with IAB CCPA" is). In particular, it looked like this cookie was on all PMC sites listed here.
I don't remember seeing the OTGPPConsent cookie in November/December. However, now it looks like the PMC sites, runnersworld.com, and a few news sites (huffpost, cbs, usnews, and probably more that I haven't checked) all have it. Here's what it looks like:
![Screenshot 2024-02-21 at 3 48 16 PM](https://cdn.statically.io/img/private-user-images.githubusercontent.com/40359590/306770293-a1e39408-1abc-4dcd-80cd-f925ef143c2a.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA2NTM1MjIsIm5iZiI6MTcyMDY1MzIyMiwicGF0aCI6Ii80MDM1OTU5MC8zMDY3NzAyOTMtYTFlMzk0MDgtMWFiYy00ZGNkLTgwY2QtZjkyNWVmMTQzYzJhLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzEwVDIzMTM0MlomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTcwMGE1NTg5YTRhODM4Y2Y0ZjcyNGM0OGQ1MmIwNmVkN2UwNTRhN2QxZDU2MWRkNTIxZWQzOWMwZjNjMDk4NmUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.Iw-Yw8-Af3m5a5zctkE9GGRsZ5evPHH64LajLS9eoJs)
Should we add the OTGPPConsent cookie (and/or the OneTrustWPCCPAGoogleOptOut one) to the cookies we look for with the crawler? Manually looking at a few sites, it's only on a few sites that have the OptanonConsent cookie. They are first party cookies, so they're not going away. I'm not sure if this cookie can be added without implementing GPP via the API, as currently all the sites that I have seen that have this cookie also have GPP implemented via the API.
The text was updated successfully, but these errors were encountered: