Comments (2)
Thanks for the detailed reply.
from disconnect-tracking-protection.
Hello,
Thanks for filing this issue.
As an initial matter, our understanding is that Mozilla blocks Content domains in Strict mode so moving consent.cookiebot.com into the Content category may not resolve this issue. In addition, we are technically not able to block a TLD (cookiebot.com) but unblock a subdomain (consent.cookiebot.com).
Our technical and policy review determined that the cookiebot.com domain meets our definition of Tracking (See https://disconnect.me/trackerprotection) and that this domain is properly classified.
Our technical review revealed Request URLs from Cookiebot subdomains are present on thousands of 3P sites. These requests are firing as soon as a user visits the site i.e., appear to collect user data before the user interacts with the consent dialogue. As just a few of many examples, we are seeing what appear to be tracking requests that contain originating 3P domains, identifiers (“cbid”), and pixels (“dgi”), including but not limited to the following:
- Example: https://issuu.com/ Request URL https://consent.cookiebot.com/94fb9e27-f09e-4da3-961c-27a7778ee938/cc.js?renew=false&referer=issuu.com&dnt=false&init=false&framework=TCFv2.2&georegions=%5B%7B%22r%22%3A%22DK%22%2C%22i%22%3A%223686c81b-ca29-4dcb-b14d-a81780c353fc%22%7D%2C%7B%22r%22%3A%22AT%2CBE%2CBG%2CCY%2CCZ%2CDE%2CEE%2CES%2CFI%2CFR%2CGB%2CGR%2CHR%2CHU%2CIE%2CIS%2CIT%2CLI%2CLT%2CLU%2CLV%2CMT%2CNL%2CNO%2CPL%2CPT%2CRO%2CSE%2CSI%2CSK%22%2C%22i%22%3A%227ca1313c-aa45-493b-8a88-86f8a9bfdd6c%22%7D%2C%7B%22r%22%3A%22US-06%22%2C%22i%22%3A%22661b2534-d670-4bab-9901-8d2c30b62a30%22%7D%5D
- Example: https://themeforest.net/ Request URL https://consent.cookiebot.com/58b7468f-7dba-4036-baad-925e721641e5/cc.js?renew=false&referer=themeforest.net&dnt=false&init=false
- Example: https://www.attentive.com/?utm_source=attn.tv Request URL https://consent.cookiebot.com/uc.js?cbid=829b182a-4d9d-41aa-88aa-5af22f78efee&implementation=gtm&consentmode-dataredaction=dynamic
- Example: https://www.envato.com/ Request URL https://imgsct.cookiebot.com/1.gif?dgi=58b7468f-7dba-4036-baad-925e721641e5
In addition, several portions of the Usercentrics/Cookiebot policy and website marketing seem to support the current classification, including but not limited to the following:
Website marketing: - “Unlock marketing opportunities with consented data. Implement Usercentrics CMP to keep Google ads personalization, remarketing and analytics active in the EU/EEA.“ https://usercentrics.com/
- “Achieve privacy compliance with GDPR, ePrivacy Directive and Google’s EU user consent policy. Automatic and effortless, while protecting your advertising revenue and marketing data.” https://usercentrics.com/cookiebot-consent-management-platform/
- “See what works and what doesn’t throughout your CMP layer. Iterate regularly to maximize data capture. Fully understand user behavior, gain rapid insights, make better data-driven decisions and beat your KPIs.” https://usercentrics.com/analytic-insights/
- “Monitor user interaction to make informed decisions to optimize opt-in rates and boost conversions.” https://usercentrics.com/website-consent-management/
- “Integrate seamlessly with Google Tag Manager and a wide range of CMS platforms, including Shopify, Magento, Drupal, and many more (https://support.cookiebot.com/hc/en-us/sections/360000838214-Other-installation-guides)“ https://www.cookiebot.com/en/cookiebot-cmp-features/
- “Enable Consent Mode with Cookiebot cookie compliance solution to benefit from conversion and analytics modeling, and avoid losing marketing data due to rejected consent banners.” https://www.cookiebot.com/en/cookie-consent-solution/
- “Cross-domain Consent Sharing” https://www.cookiebot.com/en/cookie-consent-solution/
The Cookiebot privacy policy https://www.cookiebot.com/en/privacy-policy/ talks about data collection: - In “YOU BECOME A CUSTOMER OR PARTNER OF USERCENTRICS” section
⁃ “To enable you to control the user experience towards End Users and enable the Service to automatically apply the End User’s consent to other websites of yours;”
⁃ “To produce and display cookie declarations to End Users and store and display scan report(s) to you;”
⁃ “To provide you with aggregated information on the choices of the End Users regarding accepted cookie types and generate a graphical representation in the Service Manager;” - “The identifiers are generated by the service providers listed in section 13.3 of this privacy policy. We use the identifiers in combination with conversion events, such as account creation (for example, if a trial period starts or you upgrade to a premium account) to inform the service providers about the event in relation to the provided identifiers. Aggregated statistical data on End User consents.“
- In section 13.3 “Processors /Trusted Third Parties”
⁃ With Akamai Technologies “IP addresses on the end user.”
⁃ With BunnyWay “P addresses (end users), Geographical location, Request URL, User Agent, User ID, Connection Times”
The Usercentrics Data Processing Agreement https://www.cookiebot.com/en/wp-content/uploads/sites/7/2023/08/DPA_01_2023.pdf talks about data collection:
⁃"Subject of the collection, processing and / or use of personal data are the following data:
⁃User data:
⁃ Consent Data (Consent ID, Consent date and time, User Agent of the browser and Consent State.)
⁃ Device data (HTTP Agent, HTTP Referrer)
⁃ URL visited
⁃ User language
⁃ IP address
⁃ Geolocation”
The most efficient way to have cookiebot.com removed from the Services list is for Usercentrics (the parent entity) to make a legally binding commitment that the cookiebot.com domain does not meet our definition of tracking. We have provided Usercentrics/CookieBot with acceptable language as well as the information above.
We are happy to consider additional information, or answer any questions.
from disconnect-tracking-protection.
Related Issues (20)
- Please add 1pixelcloud.com tracker HOT 1
- Please add location trackers HOT 1
- Remove NoFraud domains from the blocklist HOT 1
- Don't block the entire wp.com domain, block only its tracking subdomains
- Block OneTrust Privacy Annoyances HOT 1
- `app.datadoghq.eu` fails to load due to `datadoghq.com` rule HOT 2
- Japottatweet
- Consider reclassifying inmobi.com from tracker to content tracker HOT 1
- Consider only block tracking subdomain for Klaviyo but not all domains HOT 1
- x.com is missing from twitter's property HOT 2
- Tinypass breaks logins and accounts HOT 1
- Don't block Discord CDN, only root domain HOT 3
- OneTrust Privacyportal HOT 6
- ondemand.com unclear why on the list HOT 1
- Regarding a.js entries HOT 1
- `banner-rotation.com` seems to be a outdated asset for Awin HOT 1
- Only block analytics subdomain for Coveo to prevent search pages loading issues HOT 7
- Please remove our domains from the trackers list HOT 5
- Remove wistia from trackers list HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from disconnect-tracking-protection.