Fixed GDPR compliance dialog prevents reading Terms & Rules forum?

[Ben Grimm - Tepucom B.V.]

Affected version

2.0.9

I am not entirely sure that this is a bug, or some weird interaction between JS, dialogs, and cookies.

One of our users reported this problem:

When I logged in today I was asked to accept the Privacy Policy, and then to read and confirm that I accepted the rules. When I clicked the link I was taken to that section of the forum, but when I tried to open any of the posts there to read them I was simply returned to the page insisting I tick the box before proceeding. As a result I was forced to make a false declaration in order to find out what I had just agreed to! I'm afraid that wouldn't stand up in court, since it couldn't constitute informed consent. Obviously, this needs fixing.

Our Terms & Rules are collated in a sub-forum: https://forums.freebsd.org/forums/forum-rules-and-guidelines-required-reading.49/ - this sub-forum can be visited and read by anyone who is not logged on without anything more than a Cookie reminder.

Apparently, when someone is logging in and gets directed to the 'do you accept?' GDPR dialogs, so in a semi-logged-in state, visiting this sub-forum leads to a weird state of 'can see, but can't read'.

This may be (partially?) caused by the fact that this is a regular user who already had cookies for the forums before being confronted with the GDPR questions, which were suddenly being interjected because of a recent XenForo upgrade.

Can someone confirm whether this 'state of limbo' ("We'd love to let you read the rules, but you have to accept them before you can read them") is a bug or a feature?

 

[Chris D]

To be very honest, we never anticipated that people would store their terms and rules or privacy policies in multiple threads in a forum. I suspect it's quite a niche use case.

The idea of forcing users to agree to terms/privacy policies was mostly that you do not want any visitors to be able to use the forum at all until the policies were accepted, so we restrict access to all but that one URL (and perhaps some others).

So when something like this comes along which is essentially multiple pages that need to be agreed to, then it quite clearly doesn't work well.

I'd probably suggest that you review whether the "true" terms and rules can be amalgamated into a single, more concise page. Expecting a user to read a few sentences can be a bit of an ask sometimes, let alone 9 whole threads!

That said, we do have a solution for this in the next release which should help.

It is two new options (one for terms, one for privacy policies) that we show on the "Force X agreement" pages which allows you to supply a whitelist of routes (the part after your main forum URL) which will bypass the force agreement pages. You'd fill it in similar to this (though with a few more entries ):



By default your terms and rules URL would be accessible (https://forums.freebsd.org/forums/forum-rules-and-guidelines-required-reading.49/) and any of the thread routes listed in the option there.

There is perhaps a wider use case here in that there may be other admins out there with certain add-ons or other functionality that they would like to allow being available without needing to accept the agreements.

 

[Ben Grimm - Tepucom B.V.]

That sounds like a good 'masking solution' to us; we'll happily wait for the next release.