Friday, May 10, 2024
Homepage · cookies
 Popular · Latest · Hot · Upcoming
11
rated 0 times [  17] [ 6]  / answers: 1 / hits: 6085  / 4 Years ago, tue, may 19, 2020, 12:00:00

This is my first time posting on Stack Overflow and I have a question about the GDPR.



Hi there! (This is ment to be on top of the post, but for some reason it gets deleted when I save it)



Situation:



On my website I don't want to bother visitors with cookie notifications, so the goal is to only place necessary cookies. However, there will be embedded YouTube video's on the website, which usually places tracking cookies.



After some research I stumpled upon the youtube-nocookie.com domain, which I am using now. Without using that domain, an embedded video url will be:



https://www.youtube.com/embed/7cjVj1ZyzyE


With using it, it is:



https://www.youtube-nocookie.com/embed/7cjVj1ZyzyE


By using the latter, cookies will only be placed after playing the video, and no tracking cookies will be placed (according to Google: https://support.google.com/youtube/answer/171780?hl=en under 'Turn on privacy-enhanced mode'). However, there will still be placed some cookies, and it is not clear for me if visitors will need to give permission for those, and if so, under what category (and maybe they are still tracking?).



Image of the cookies:



Image of cookies youtube-nocookies.com places



This is in Chrome. The cookies from the gstatic domain are placed on page-load for some reason. That doesn't happen in Opera.



Another weird thing is that FireFox (with allowing all cookies and trackers) and Edge don't seem to place any of the 6 cookies from the image at all.



Many sites and blogs say that this is the way to embed YouTube video's, but I can't seem to find a clear answer to the question if you still need visitors' permission for these cookies. Also on many sites where I only accept necessary cookies, I still have the possibility to view YouTube video's and the corresponding cookies will be happily placed without my consent.



Has anybody delt with this before?



Thanks in advance!


More From » cookies
 Answers
2

After some more research I think I found a clear answer. From a report of Cookiebot:



“Privacy-Enhanced Mode” currently
stores an identifier named “yt-remote-device-id”
in the web browser’s “Local Storage”. This
allows tracking to continue regardless of
whether users click, watch, or in any other way
interact with a video – contrary to Google’s
claims. Rather than disabling tracking, “privacyenhanced mode” seems to cover it up.



Source: https://www.cookiebot.com/media/1136/cookiebot-report-2019-ad-tech-surveillance-2.pdf


The 'yt-remote-device-id' indentifier, along with some other ones, are, even with the use of the youtube-nocookie.com domain (or 'Privacy Enhanced Mode'), still being placed on page load (given that the iframe with the set source is already part of the DOM at this point of course).


So while no tracking 'cookies' cookies are placed, the tracking has moved to the browsers localStorage (I overlooked this before), which basically means visitors actually do need to give permission before embedded YouTube video's with Privacy Enhanced Mode enabled should be loaded on the page.


Update


Gave some nuance in response to Marc Hjorth's comment.


[#3768] Saturday, May 16, 2020, 4 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
harleyaleenag
Add To Favorites
Follow
Total Points: 678
Total Questions: 121
Total Answers: 105
Location: Papua New Guinea
Member since Thu, Jul 9, 2020
4 Years ago
harleyaleenag questions
Thu, May 5, 22, 00:00, 2 Years ago
Thu, Oct 22, 20, 00:00, 4 Years ago
Wed, Aug 19, 20, 00:00, 4 Years ago
Thu, Mar 5, 20, 00:00, 4 Years ago
Thu, Dec 26, 19, 00:00, 4 Years ago
View All
;