XF 2.2 Will xenForo cookie consent notice be on Google's list of certified CMPs?

Mr Lucky

Well-known member
Not content with recently making us jump through hoops editing the default xenForo consent notice, we now have this:

Google’s commitment to transparency and control means we regularly look at ways to improve the consent experience. When we do this, we’re thinking about evolving user expectations and regulatory indicators that we think will ultimately guide the broader online advertising landscape.
We recently announced in this blogpost that later this year, we will require partners using our publisher products — Google AdSense, Ad Manager, or AdMob — to use a Google-certified CMP that integrates with IAB Europe’s Transparency and Consent Framework (TCF) when serving ads to users in the European Economic Area or the UK. In the coming weeks, we will make available a list of certified CMPs that have integrated with the TCF and can demonstrate they meet the TCF’s specifications, and we’ll require that our publisher partners use a CMP from that list. This new requirement will apply to partners’ own accounts and those managed by partners on behalf of others. The list of Google certified CMPs will be available in our HC articles (Ad Manager, AdMob, AdSense).

I wonder if xenForo will be on the approved list, or whether we need to integrate a 3rd party "approved" CMP even though the xenForo team have done a great job in furnishing us with a GDPR compliant consent notice, but now Google has changed the goalposts yet again.

I'm sure that unless we use one of their approved CMPs then we will not be able to use adsense. And I'm also sure that integrating one of those is not going to be as easy and seamless as the provided xenForo consent notice. Grrrr.

Will xenForo be compliant?
 
Last edited:
It means you can use the Google one for your own purposes ie cookies
Yes, but finding it and how to install it seems to be very complex. I did find it once but it seemed it would only apply if you had auto ads, the last thing I want. How to just simply put it on your site seems impossible unless you are a developer.

Your previous post wasa great example of tech jargon that most ordinary folk do not have the foggiest idea of:

an internal use exception
 
Yes, but finding it and how to install it seems to be very complex.
Finding it was easy (just login to AdSense, they accost you with it), but agreed install is very complex, depending on your use case.

It seems to be simple if you just use AdSense everywhere on your site and have no conditions (like, no ads for Supporters) -- you can just use the built-in AdSense GDPR pop-up feature, while disabling the XF GDPR pop-up feature via adminCP.

But, for those who use Adsense only on select pages, the consent isn't going to suffice, since ALL usage data is within the owner's hands for analysis, etc. If a user lands on a page that doesn't show an ad, their usage details are still going to be captured, which would seem to be a violation. So, it's not very straightforward at the moment -- in fact, at this level, the set up via Google is extremely confusing.

Hopefully 2.3 will address this, and will be out in time to do so.
 
Finding it was easy (just login to AdSense, they accost you with it), but agreed install is very complex, depending on your use case.
Ah yes, I see they do now with a huge popup.

But then no instructions on how to configure it

It seems to be simple if you just use AdSense everywhere on your site and have no conditions (like, no ads for Supporters) -- you can just use the built-in AdSense GDPR
Yes this is what I found confusing. I only have ads for unregistered guests. I would want the Google one for that (as long as it didn't rely on auto ads like it appeared to last time I tried).

This is why I asked the original question. If xenForo had this, it could seamlessly integrate with the display criteria of your Ad settings.
 
What one do you think?
Would you think I would ask if I would know? It's hard enough to understand that Google technical crap because I'm not native English.
But never mind, with a lot of trying I probably found it.

Which enables a huge popup, where consent is -not- enabled by default, and no way to enable it (basic consent) by default. And which causes adsense (even when the default "accept" button is pushed, on several pages the ads are not shown.
Something I've already discovered in another thread I posted some time ago when I tested this.
 
Would you think I would ask if I would know? It's hard enough to understand that Google technical crap because I'm not native English.
But never mind, with a lot of trying I probably found it.

Which enables a huge popup, where consent is -not- enabled by default, and no way to enable it (basic consent) by default. And which causes adsense (even when the default "accept" button is pushed, on several pages the ads are not shown.
Something I've already discovered in another thread I posted some time ago when I tested this.
Consent CAN be enabled by default though.
 
Consent CAN be enabled by default though.
The basic consent which you get to see in the cookie window? I tried that in Google, but on saving it just appears with disabled again when looking at it again (red left arrow).
It should indeed be possible, but I don't know how.

1694899486556.png

Then I got a page "Select your data purposes" in the GPDR/AVG settings, didn't know what to do so I choose these, maybe that is wrong?
It's Dutch but the second line is basic ads.

1694899673319.png

So I don't know where else to enable them by default. Only see options to do that for "legitimate interest".
 
Correct me if I'm wrong, but Google appears to now have an option to do this for you:
"If I don't create a GDPR message by January 16, 2024, please publish my GDPR message for me."
 
While I'm waiting for my XenForo domain to get approved for AdSense, I did have good results with WordPress.

There, the Auto ads option could be used just for the damned cookie messages - while disabling any auto ads in the AdSense settings, and placing the ads manually. Worked like a charm.

My notes for XenForo so far (still untested & unconfirmed) - with links to the separate article for the auto ads cookie setup:
https://io.bikegremlin.com/32015/xenforo-forum-installation-securing-and-configuring/#8

I'll update it when/if my forum gets approved, while any feedback (especially additions & corrections) is more than welcome.

Relja ComeToTheDarkSideWeHaveGDPRcompliantCookies Novović
 
Consent CAN be enabled by default though.
Not really if you run any Google advertising product on a website in Europe - Google basically requires the use of TCFv2 and Legitimate Interest as a legal basis will be gone once TCFv2.2 has been rolled out by all CMPs.


Removal of the legitimate interest legal basis for advertising & content personalisation: within the scope of the TCF, Vendors will only be able to select consent as an acceptable legal basis for purposes 3, 4, 5 and 6 at registration level;

It was possible to enable Legitimate Interest by default, but as this will not exist any longer (for advertising) it is not possible.
 
Last edited:
I just got a reminder email that said: Adopt a certified CMP by 16 January 2024

Anyone here know of an easy implementation yet? Reading the previous posts on the thread seems to not have a definitive conclusion on what to do.
 
I agree, this remains outstanding and I am not sure the 2.3 release addresses this. To recap, my own use case of concern is using adsense on some of my site but not all of it. And, my "Supporters" usergroup won't see ads anywhere, while other visitors to the same pages will see ads.
 
Yes, but finding it and how to install it seems to be very complex.
It's now a bit easier
It seems to be simple if you just use AdSense everywhere on your site and have no conditions (like, no ads for Supporters) -- you can just use the built-in AdSense GDPR pop-up feature, while disabling the XF GDPR pop-up feature via ad
I have tested it and it only seems to show up on pages that have ads. In other words

  • Does not show e.g. on help pages (where I have disabled showing of ads)
  • Does not show to logged in users who do not see ads

It seems to be simple if you just use AdSense everywhere on your site and have no conditions (like, no ads for Supporters) -- you can just use the built-in AdSense GDPR pop-up feature, while disabling the XF GDPR pop-up feature via adminCP.
I am not sure about that.

The xenForo message is in regard to all cookies, I thought the Google message is only in regard to ads so I'm not sure the Google one can act as a direct replacement.

Further, it only shows to users who see ads, so that means the other users (e.g. your premium group) will get no consent message at all.
 
Last edited:
I am keeping the notice enabled on my main forum and see how it affects EU revenue. My gut feeing is most people will not give consent, and so EU revenue will drop (it's not that much anyway) as this basically just becomes an EU adbloker.

You don't have to show the refuse consent button, but I think that would just annoy people who then have to either give consent or fiddle about with settings.

Hence I may be better off not showing the notice and except I lose the EU revenue.
 
Last edited:
Back
Top Bottom