Can't register without accepting third party cookies

I don’t think that is unreasonable.
True. Apologise for my misunderstanding.
Especially since it finally seems to be on point...

So I'm just going to follow this problem from afar before opening my big, grumpy French mouth (even if yesterday my big mouth served me well against England in the semi-finals of the World Cup 😋)... Thanks for the clarifications @Chris D
 
So here is my 2 cents.

Best case scenario might be to turn off XenForo's cookie ...manager and just use some consent management platform of your choosing. Maybe one that allows you to load and block scripts, as the user desires. Good ones also hide iframes (such as youtube embeds) behind an opt-in-layer.

I mean XF's own cookies are technically necessary (for the software to work), so no consent needed there. And everything else that might or might not be loaded, would be the problem of said CMP. Which you can also feed with stuff like the analytics tool of your choice, ads of your choice and many more.

I mean I do appreciate the effort the XenForo team puts into this - but at the same time (having to do this horse poo for all our company sites), I get to the conclusion that this is a bottomless pit and the XF team could put itself in danger of promising some kind of false security.

Because the consent manager, the piece of software, is one thing. Another is that you'd need a privacy statement that tells exactly that again. Just to name some points... As I said, to me, it's a bottomless pit, and tbh, "I" would not want to be the one responsible for a script like that to work. Because the fines are... salty.
 
The point is that we now have the situation that there are corresponding laws and that non-compliance can be expensive if you are warned by a lawyer.

This is the crux of the issue - in Germany you have lawyers, like our UK 'ambulance chasers' who look to get money out of companies/businesses/individuals by threat and hope that the threat and subsequent legal costs are far greater than 'paying them off'

How many do you know of who have actually been taken to court and been prosecuted?
Or are you trying to close all and every issue down to the point of paranoia? <genuine question>

I'm with the Dev's on this one. A request was made for this cookie related software, the request has been followed up and a 'Beta' release put out there, sure there might be some work still to do to satisfy locals and specifics, but again at what cost and to whom?
I'd much prefer them to continue updating the 'Beta' in their time, but not at the expense of everything else (dare I say it, XF2.3 springs to mind ;) )
 
I'd much prefer them to continue updating the 'Beta' in their time, but not at the expense of everything else (dare I say it, XF2.3 springs to mind ;) )
Seems to be a bit of a Catch 22 in that troubleshooting the beta easily could rely on people using it it live. I would prefer to see this fixed before 2.3 - it's a great feature, albeit not a very exciting one.

I'm happily trying out Turnstile and so it is all likely to work for me anyway, touch wood. Or else I'm happy to have Q&A. But I get it that people want hCaptcha and should expect it to work.
 
I think consent management should not be part of any forum software (or even any website software at all). It is not trivial and not easy to deal with it if made correctly. There is much more involved as cookie banners and buttons to click.

You would e.g. also need a consent log to be able to prove every single consent and when it was given, even for guests. You have to make sure that no third-party cookie of any ad-, information-, social-media-, etc. provider can be set on your website without having consent for it and record the consent in detail.

There are a lot of very sophisticated and trustable software solutions just for consent management. If you have a business website in Europe you should use one of them.

As you see in this thread it is not even possible to use the integrated solution with a naked XenForo forum if you use the wrong captcha for registration. A consent management solution can be made perfect but the effort needed for it would be better placed at real forum features.

Just my 2c.
 
This is the crux of the issue - in Germany you have lawyers, like our UK 'ambulance chasers' who look to get money out of companies/businesses/individuals by threat and hope that the threat and subsequent legal costs are far greater than 'paying them off'

How many do you know of who have actually been taken to court and been prosecuted?
Raises hand.

Well, not quite so far, but close. We were contacted by they authorities for privacy - multiple times. We did not push our luck, but rather we complied with what they wanted.

But we were NOT contacted by lawyers.

Well and again, we are talking about a "European problem", not a "German problem". That laws may not be enforced as hard as in Germany does not mean that this cannot change.
 
@HWS
There are a lot of very sophisticated and trustable software solutions just for consent management. If you have a business website in Europe you should use one of them.
Sorry, but reads as if you don't run a website from/in Europe. Because if you did, you would know that the GDPR is not only valid for commercial forums but also for private forums run as a hobby.

I would also have no problem buying a Xenforo Cookie Consent addon or one from a third party. But for that, Xenforo would first have to design the basics in order to cleanly record Xenforo's own and third-party cookies.
Look at Wordpress as an example, where the topic was apparently approached much more openly.

I really don't want to go all out now, although I'm not far from it. I've been a Xenforo customer from the very beginning, I've always followed the development over the years out of my own interest and I have to say that the magic that once made Xenforo 1.x a success is slowly disappearing today. Just a look at the bug tracker, but above all how bug reports are handled publicly has changed significantly. Chris D. is definitely not a bad developer, but I miss the openness and energy of Mike "The machine" Sullivan, especially in the bug tracker and in the suggestions.
It is completely clear that Xenforo cannot or does not want to respond to every request - full understanding. But cookie consent is essential for large parts of Europe if you want to operate a website, whether private or commercial. At least in Germany, the law makes hardly any differences.

In short, if it would motivate the developers more if Cookie Consent was a separate payed addon - then let them do it.
I would much prefer that to running my forums with an increased risk of warnings for more months and years.

So far we have been lucky that users rarely complain. So far, dubious law firms have complained often enough. But that can change at any time.
 
But for that, Xenforo would first have to design the basics in order to cleanly record Xenforo's own and third-party cookies.
Look at Wordpress as an example, where the topic was apparently approached much more openly.
That's a good point. AFAIK there's no third-party Consent Solution which you can easily integrate into a XenForo installation until now (because of missing hooks, lack of documentation, ect.).

I've been a Xenforo customer from the very beginning, I've always followed the development over the years out of my own interest and I have to say that the magic that once made Xenforo 1.x a success is slowly disappearing today.
+1

I really hoped that with version 2.2.12 XenForo is in line with GDPR, finally - but still no! 😢
 
At least try to be constructive guys and have some respect for the effort put in, consider what we had vs what we had now, consider that this is a beta and we’ve committed to listening to feedback and fixing issues.

It would be appreciated if we could show a modicum of patience and consider this to be a good start to implement a solution that people have been asking us for a while and it underlines our commitment to listening to and acting upon feedback.

If we could drop the sense of entitlement and faux outrage that the system to some feels incomplete we can maybe work together to get this right.

At this point, unless you have a comment about this specific bug report, this isn’t the thread to discuss it.

If you have other issues, you can open another bug report.

If you have a constructive suggestion or feedback this can be done via the suggestions forum.
 
now, consider that this is a beta and we’ve committed to listening to feedback and fixing issues.
I thought I had implied that, if not my apologies I think it’s worth saying again that this is a beta, feed back hopefully to help get some fixes and meanwhile it works with other verification methods. I’m happy so far with Turnstile.
 
At least try to be constructive guys and have some respect for the effort put in, consider what we had vs what we had now, consider that this is a beta and we’ve committed to listening to feedback and fixing issues.

It would be appreciated if we could show a modicum of patience and consider this to be a good start to implement a solution that people have been asking us for a while and it underlines our commitment to listening to and acting upon feedback.
I am sorry if my reports were interpreted as being impatient, that was not really my intent - I just wanted to report things that I think still need some work.

Altough I'd of course appreciate if those issues are addressed, it's not the end of the world if this doesn't happen.
The base we have now is not (yet) perfect, but seems kinda solid so it can easily be built upon.

Even in it's current beta state, I think this is a big step in the right direction and most likely allows me to throw away large chunks of custom code :)

Thanks for that!
 
Last edited:
Top Bottom