> We conclude that blocking CookieBot matches privacy expectations in ETP strict mode and private windows. Given the assessment from Disconnect, blocking cookieBot as a tracker protects users from tracking and improves privacy. I disagree with that assessment. To protect the privacy is the task of the CMP, which website operators in the European Union are legally obliged to do. Disconnect's reasoning ("several portions of the Usercentrics/Cookiebot policy and website marketing seem to support the current classification" and the following quotes) sounds as if Disconnect has not understood what the whole point of a CMP is - to give the user a choice. A CMP could even block things that are not on Disconnect's list and therefore be better for privacy. This certainly does not apply in every case. But to say that blocking the CMP is always better for privacy does not apply either. > The breakages mentioned in the bug are typical tracking protection breakages I have to disagree here as well. It's not "typical tracking protection breakage" as with a CMP, you usually implement fallback screens to give the user a choice so that they can opt-in by demand. For me, that's totally different from "typical tracking protection breakage" where something is broken for non-obvious reasons due to hidden tracker. > and we haven't seen many because of this I can give you more examples for websites breakage. As part of my work for an agency, I implemented CookieBot on several websites, so it's not difficult for me to show you breakage on more websites. According to CookieBot, it's used on 2.2 million websites, and I am sure you will find breakage on many of them, as the whole point of a CMP is to provide an alternative experience for disabled trackers and still give the user an option to accept a tradeoff for specific cases, like watching a video or viewing a map. > given that users can still disable ETP protection to make the site work Okay. But how is the user supposed to know that? It's not obvious at all that the tracking protection causes the CMP to break. CMPs are primarily a thing in the European Union. And users in the European Union are used to see CMPs as a measure introduced by the legislator to _improve_ privacy. And therefore, it's unexpected for us to see the CMP blocked by the tracking protection.
Bug 1899092 Comment 11 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
> We conclude that blocking CookieBot matches privacy expectations in ETP strict mode and private windows. Given the assessment from Disconnect, blocking cookieBot as a tracker protects users from tracking and improves privacy. I disagree with that assessment. To protect the privacy is the task of the CMP, which website operators in the European Union are legally obliged to do. Disconnect's reasoning ("several portions of the Usercentrics/Cookiebot policy and website marketing seem to support the current classification" and the following quotes) sounds as if Disconnect has not understood what the whole point of a CMP is - to give the user a choice. Things like personalization are okay if the user _explicitly requests_ this. A CMP could even block things that are not on Disconnect's list and therefore be better for privacy. This certainly does not apply in every case. But to say that blocking the CMP is always better for privacy does not apply either. > The breakages mentioned in the bug are typical tracking protection breakages I have to disagree here as well. It's not "typical tracking protection breakage" as with a CMP, you usually implement fallback screens to give the user a choice so that they can opt-in by demand. For me, that's totally different from "typical tracking protection breakage" where something is broken for non-obvious reasons due to hidden tracker. > and we haven't seen many because of this I can give you more examples for websites breakage. As part of my work for an agency, I implemented CookieBot on several websites, so it's not difficult for me to show you breakage on more websites. According to CookieBot, it's used on 2.2 million websites, and I am sure you will find breakage on many of them, as the whole point of a CMP is to provide an alternative experience for disabled trackers and still give the user an option to accept a tradeoff for specific cases, like watching a video or viewing a map. > given that users can still disable ETP protection to make the site work Okay. But how is the user supposed to know that? It's not obvious at all that the tracking protection causes the CMP to break. CMPs are primarily a thing in the European Union. And users in the European Union are used to see CMPs as a measure introduced by the legislator to _improve_ privacy. And therefore, it's unexpected for us to see the CMP blocked by the tracking protection.