Almost rightBest case scenario might be to turn off XenForo's cookie ...manager and just use some consent management platform of your choosing. Maybe one that allows you to load and block scripts, as the user desires. Good ones also hide iframes (such as youtube embeds) behind an opt-in-layer.
The main problem here is that external solutions on their own can't reliably block content / cookies before it reaches the user.
This is not correct - XenForo uses essential and optional cookies; not all cookies set by XenForo are technically necessary.I mean XF's own cookies are technically necessary (for the software to work), so no consent needed there.
Even some of the cookies classified as "essential" aren't really required (like
So strictly speaking, those optional cookies do need consent.
There are basically two things that need to be doneI mean I do appreciate the effort the XenForo team puts into this - but at the same time (having to do this horse poo for all our company sites), I get to the conclusion that this is a bottomless pit
- Gathering / Managing consent
- Reacting to signals (eg. block or deliver content)
Doing a full-blown consent management solution is waay more complicated and involved than it looks on the surface.
I personally do know several such cases, it's definitly not just "paranoia".How many do you know of who have actually been taken to court and been prosecuted
Yes, definitely.I think consent management should not be part of any forum software (or even any website software at all). It is not trivial and not easy to deal with it if made correctly. There is much more involved as cookie banners and buttons to click.
But as pointed out before, external CMP technically can't work reliably without support from the website software.
The software must provide the necessary interfaces to react on signals so unconsented content can be blocked reliably.
Without such support, external CMPs can only do "best effort" - and most cases this will break in some scenarios.
XenForo can provide this necessary support infrastructure / Interfaces and pin fact 2.2.12, while not yet perfect, has made a big step forward here.
Absolutely. If ad networks are involved, you are pretty much required to use a TCFv2 compatible CMP.There are a lot of very sophisticated and trustable software solutions just for consent management. If you have a business website in Europe you should use one of them.
As said before though, support for reacting on signals is also required for a "waterproof" solution.
I think this is importantWell and again, we are talking about a "European problem", not a "German problem".
In most cases, German laws are based on EU regulation, Germany is usually just way more strict (than other member states) to actually enforce compliance.
I am unfortunately not aware of any 3rd party CMP that could be used for a XenForo Installation and that would reliably block 3rd party content (without adding quite some code to XenForo template modificstions, etc.)AFAIK there's no third-party Consent Solution which you can easily integrate into a XenForo installation until now (because of missing hooks, lack of documentation, ect.).
If XenForo addresses all the issues (both bugs and to some extend suggestions though those are more targeted to improve builtin consent management) I've submitted regarding "Advanced Cookie Consent" it would most likely provide everything that is needed for an external CMP to properly do its job