-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider making pingback and remote fonts configurable #291
Comments
I'm interested in creating a PR for the second part of this, i.e. disabling the pingbacks. Since I find the environment variable overly cumbersome, I'd like to implement a prop that can be passed to the individual components in order to control the pingbacks. I could also add a corresponding property for the fonts. Furthermore, in the interest of Privacy by Design, I would like to make this an opt-in setting. Please let me know if you have any objections. |
@jbg Thanks for your feedback. Pingbacks are invaluable to maintaining and improving GIPHY products, so we don’t have plans to accommodate this request |
At the very least, disclosing this behaviour clearly in the README would allow developers who use this library to comply with the requirement to get informed consent from their users, as required by myriad privacy laws these days. At the moment it's just a hidden unpleasant surprise that this library sends analytics data. |
Despite not being a lawyer, I would like to add some context from the GDPR that I find relevant here. In Recital 47, which expands on the concept of "legitimate interests" that may justify collection of data without user's constent it says:
I would argue that these components may be used in contexts where the collection of this data is not reasonably expectable*. Therefore, to comply with the GDPR, developers would have to be able to block these requests (or at least allow their users to disable them), which your decision makes impossible. I could see this forcing projects to re-implement these components on their own, which costs them time, will pobssibly result in a worse product and that might come back to damage your brand, e.g. if users see its name associated with a bad UI. Again, I want to emphasize that I am not a lawyer. But neither are most developers and I can imagine that many of them, just like me, would rather be on the safe side and not risk violating the GDPR. This decision just forces them to not use this library. More importantly though, I would agree with @jbg that the collection of data should be prominently disclosed in the README, as the current version might lead developers to accidentally and unknowingly violate the GDPR. * Personally, I would even argue that it is never reasonably expectable that an app may collect data about me hovering over an HTML item, combined with a presumably unique user ID. ESPECIALLY if this data is being collected just for a 3rd party. |
Duplicates
Latest version
Current behavior 😯
giphy-js makes analytics pingbacks and loads fonts from a remote server, and these behaviours are not configurable.
Expected behavior 🤔
These behaviours should be configurable (and ideally should be opt-in).
Steps to reproduce 🕹
Steps:
Screenshots or Videos 📹
No response
Platform 🌍
All
GIPHY-JS SDK version
All
TypeScript version
All
Additional context 🔦
The lack of configurability of this functionality forces projects which care about their users privacy to apply patches, e.g. https://github.com/jitsi/jitsi-meet/pull/11457/files
The text was updated successfully, but these errors were encountered: