Privacy Badger and QuantCast Choice GDPR Compliance Popup

So last year, the European Union enacted a new privacy law called the General Data Protection Regulations (GDPR) that give users more control about their privacy settings (handling of cookies etc..), and that come with the threat of heavy fines for non-compliance starting at up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher. Small blogs like CNX Software will never make that kind of money over the course of their life time, but we must still comply. After discussing with other bloggers, I activated Quantcast Choice plugin for European users last year in order to be in compliance to the best of my knowledge.

QuantCast GDPR ComplianceThat means the first time a European user visits the website he/she should be presented with the following window to either accept the default use of cookies, or click on “Show Purposes” to either decline all cookies and or select which vendors are allowed to store cookies. For most users that’s just a one time thing, and as I understand they have to re-confirm every few months (6 months?). But some users add a plugin – such as the EFF Privacy Badger – to disable tracking in their web browser, which is all fine and good, except the QuantCast Choice plugin stores your privacy settings  in a cookie and Privacy Badger prevents the cookie from being stored, which results in the QuantCast GPDR popup to be disable for each and every page, and makes browsing on the website a pain.

I had one or two persons report this type of issue when I enabled it last year, and reported the bug to the plugin developers, which promised to look into it. But there’s no solution so far, and in the last week, I received an angry tweet, a polite email, and an informative Google+ conversation about Quantcast GDPR Popup. So I decided to look into it, enable BrowserSec VPN to browse CNX Software from a European Location, and install Privacy Badger. I could reproduce the issue easily after deleting the cookies.

Privacy Badger QuantCast GDPR ComplianceI found a workaround, which may or may not be acceptable to everyone, but I found that after enabling Cookies for the four consensu.org domain above solve the issue. Users still get to have most tracking disabled, and are able to browse CNX Software without having the GDPR popup show up for every single page loads. Let me know if you have a better solution.

Support CNX Software - Donate via PayPal or become a Patron on Patreon

21
Leave a Reply

avatar
7 Comment threads
14 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
14 Comment authors
Eversors. hippyNone NeededSingmanFrank Septic Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
eFfeM
Guest
eFfeM

What I was hoping for, but what did not work for me, is that after enabling the cookies and accepting I could disable those cookies again in privacy badger, but as said that did not work for me…
I suspect PB also blocks read access to the cookies.

agum onkey
Guest

Hi,

I realized after contacting, that it was indeed privacy badger that caused the troubles.

I delayed sending another mail because I was ashamed..

You’re amazing

Fitter
Guest
Fitter

Theres also another way to stop receiving GDPR popup on every time you open this (and many other) webpages.
You can block the consensu scripts with uMatrix plugin. It even blocks that scripts by default.

Such a fine grained control of every webpage you visit can be a little bit annoying tho…

willy
Guest
willy

Or move away from Europe and its shitty bureaucracy which instead of protecting users against abuses annoys everyone and forces everyone to leave cookies everywhere just to say they don’t want cookies. And yes I’m in Europe and thanks to GDPR now I probably leave twice as many cookies as before.

blu
Guest
blu

GDPR is indeed a textbook example of self-voiding measure.

Frank Septic
Guest
Frank Septic

Bureaucrats rarely consider the unintended consequences of their regulations.

The motivation may well be intended to benefit people, but sometimes the result makes things worse.

As to “sites” moving away from Europe, there are quite a number of significant sites in the USofA (including some major newspapers) which now refuse to show any content to European browsers because they have no intention (so far) of implementing the necessary GDPR software.

So thanks to the GDPR, European readers have had content effectively “censored” — a far cry from the original intent of a free and open exchange of information over the internet.

Singman
Guest
Singman

It’s really amazing to read that ! In France, we have since 1978 the CNIL that protect people against abuse of their personnal informations. GDPR is an extent of rules from the CNIL, with even more strict use.
If some web sites refuse to show their content to EU browser, it’s a really good thing because that mean they are using your personnal informations in a way that violate every rules in your country. That mean collecting data, seliing them to everyone, keeping them forever, using them to track your full navigation, etc… And blame yourself when you see the Cambridge Analytica data scandal, that should alert you about what a compagny could do with large set of informations. Feel free to think it’s not a bad thing and just accept all cookies, but leave the choice to other to refuse that. I’m very happy with the GDPR, it’s a minor pain for webmaster and a great move forward to defend users.

None Needed
Guest
None Needed

That’s a logical fallacy.

If a site refuses to deliver content to a EU geoiped browser, that means that the owners of the website decided that benefits from EU visitors do not outweigh the costs of implementing and maintaining compliance or possible fines.

While it covers a lot of sleazy, but legal in their jurisdiction adtech enterprises, truly malicious actors rarely care much about fines.

Anyway, as Aliexpress, Joybuy, Banggood and most other China-based sites with not that overpriced ICs are not GDPR-compliant and probably won’t be in the foreseeable future, this topic is a bit moot.

a reader
Guest
a reader

Hello, I’d like to point out that under GDPR users are infact not supposed to be asked to opt out. Further expectation of privacy and opting out is the default and users should not be forced to give consent to anything and access to a service cannot depend on the consent – which is what these pop ups have wrong. You might like to have a look at https://noyb.eu/4complaints/ which also includes legal analysis.
This is by no means meant to criticize, just to provide this info in good faith. Thanks for writing such good informative blog.

willy
Guest
willy

These rules are written by people who have never seen a computer in their life, let alone a piece of code running on it. They have no idea what a cookie is, how tracking works, when it’s a technical requirement (server affinity) or used for privacy abuses, but what they can do is write laws which affect our experience of the net. The next expected outcome of these stupidities will be that large sites like google will give up, blocking access from europe, replacing the search page with an explanation of the stupidity of GDPR and the list of the people who created it, and then everyone will be encouraged to contact their local politicians to get rid of these dinosaurs and regain access to the net. I wouldn’t be surprised if VPN operators sell more *since* GDPR!

Singman
Guest
Singman

You are totally wrong. And the Quantcast choice plugin is badly configured in many (if not all) website like in Cnx-software. The popup should show on the main page 2 options, “refuse everything” and “accept everything”. GDPR rules are very clear about this.

willy
Guest
willy

I’m sorry but I don’t want my web experience to be summarized to what it currently is : having to click popups everywhere to read the most basic information on anything. It’s fun to see that the people who defend this need for popups are often the same who used to fight popup ads in the past for the same reason : they make the web unbearable. People are biased it seems.

Diego
Guest
Diego

I thought you are outside of EU, have no business in eu and are not especially targeting European users, so I think you could just ignore gpdr? After all its a European Union law and not a world police law?

Sander
Guest
Sander

see https://www.gdpreu.org/the-regulation/who-must-comply/

“Two primary groups of entities must therefore comply with the GDPR.

Firms located in the EU
Firms not located in the EU, if they offer free or paid goods or services to EU residents or monitor the behavior of EU residents”

Diego
Guest
Diego

And if you as an eu resident use services not meant for you? LOL EU follows the US in their vision of world domination 😉

s. hippy
Guest
s. hippy

A bit off topic but privacy related…

1. Is BrowserSec comparable to the well known Express VPN or NordVPN?

2. Given VPNs are speed killers, how about smartDNS for geo-unlocking?
Any DIY tutorials for setting up smartDNS?
I heard that smartDNS servers don’t handle data traffic so can save big on egress data bills for VPS, but don’t know how it all works.

Eversor
Guest
Eversor

I was getting the popup every day, now it seems fixed.

I use stock Firefox but block 3rd party cookies and have tracking protection on. I also block some tracking through local DNS.

Almost all sites that use this popup still give me trouble.