Mtm_consent_removed

General questions
1

I have Matomo installed on my server and implemented the default Opt-In code through Borlabs Cookies (consent solution)
I also have implemented the follwoing Opt-Out code in Borlabs:

<script type="text/javascript">
_paq.push(['optUserOut']);
</script>

Now I’m doing the following steps after visiting the site:

  1. Opt-In: _pk_id and _pk_ses cookies will be set
  2. Opt-Out: _pk_id and _pk_ses cookies will be deleted AND the cookie mtm_consent_removed will be set
  3. Opt-In: _pk_id and _pk_ses cookies will be set again… BUT mtm_consent_removed will keep staying

What happens with the tracking if I have in step 3 the consent given through the Opt-In and the mtm_consent_removed cookies IS NOT deleted? Do I have to make sure it will be deleted or can I ignore it?

2

I tried to delete the cookie by placing 1000 version of scripts before the original Matomo script in Borlabs.
The idea is to delete the cookie mtm_consent_removed befor firing the Matomo code through Borlabs.

Unfortunately deleting of mtm_consent_removed is not working. Any idea how I can do this by script before the Matomo scriped will be fired?

…still not shure what is tthe consequent of deleting this cookie compared with leaving it there.

3

Now I’m progressing… I used this cote to delete the cookie

<script type="text/javascript">
document.cookie = "mtm_consent_removed= ; expires = Thu, 01 Jan 1970 00:00:00 GMT"
</script>

The point is that I need to refresh the site after this code is fired. When I fire this code to delete the Matomo cookies they will be deleted without a refresh. (I’m using Firefox)

<script type="text/javascript">
_paq.push(['optUserOut']);
</script>

Any idea how to delete without a site refresh? I know the cookie is deleted, also if there is no site refresh… but I want to get it out of the shown list of cookies without the refresh. Maybe I can auto-refresh the site with the script as a workarround ?

4

Is there anyone who can help?

5

Hi,

I honestly don’t fully understand your issue with Borlabs (which might just be because I don’t really know how it works and I am honestly not that interested into looking deeper into it as it is not Open Source), so you might want to rather ask their support for the Borlabs-part of your issue.

About the Matomo issue:

Maybe this helps:

It’s quite possible that there is a bug in Matomo and a specific order of opt-in and opt-out leaves a cookie behind. It would be great if you could reproduce this on a simple page that just uses the Matomo code without anything else.

6

Hi Lukas,

thanks for getting back!

Borlabs has just 2 fields to fill in codes… one for opt-in and one for opt-out. This code will be fired if the user give the consent or rejects the consent. So borlabs handles the consent

So if I got it right, as long as mtm_consent_removed is there, there is no tracking… even if the pk cookies are placed. Right?

What I need is to disable the consent management by Matomo, so no mtm_consent or mtm_consent_removed. A consent plugin is seting the default tracking code first if the consent is given and rejects the code if the consent is rejected.

In case of the opt-out of the consent through a consent tool like Borlabs it is important to delete the Matomo cookies. This I’m doing through this code which will ne fired when the opt-out happens. Don’t know if this is correct.

What I see is that at the opt in, the pk cookies will be set and in case of the opt-out they will be deleted while the mtm_consent_removed is set. When the user then re-optin the pk cookies will be set again but the mtm_consent_removed keeps there… and this is the problem.

7

This page I have already seen but I’m confused which code I sould use in case of the opt-out. Is this correct?

…or do I need to use _paq.push([‘optUserOut’]); or _paq.push([‘forgetUserOptOut’]); or …?

How do I stop the mtm_consent_removed to be set?

8

Hi @spitzbube74 I’m also not quite understanding how Borlabs works but generally optUserOut opts the user out of tracking (assuming user is opt in by default). forgetUserOptOut opts the user back in and “forgets” that the user opted out.

I don’t know if you have users opted in by default or opted out. If they should be opted out by default then you will want to check out https://developer.matomo.org/guides/tracking-consent

Hope this helps

9

Ok, let’s forget Borlabs (which is one of the best Wordpress consent tools) for now.

I just have to fields to fire code, one for opt-in and one for opt-out.When the user is opting in, this code I copied to the opt-in field:

<!-- Matomo -->
<script type="text/javascript">
  var _paq = window._paq = window._paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="https://analytics.esser.me/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '1']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<!-- End Matomo Code -->

Great, everything is working now. Now the user is opting out and I have to tell the tool which code to fire to do so. I decided for:

<script type="text/javascript">
_paq.push(['optUserOut']);
</script>

This is working, too. The pk cookies are going awy and the mtm_conent_removed will be placed

Now the user re-opt-in and the first code will be loaded again:

<!-- Matomo -->
<script type="text/javascript">
  var _paq = window._paq = window._paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="https://analytics.esser.me/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '1']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<!-- End Matomo Code -->

Great, it is working… the pk cookies will be set again. But the mt_consent_removed cookie will not be deleted. That’s why I added to the optin code the following way:

<!-- Matomo -->
<script>
_paq.push(['forgetUserOptOut']);
</script>

<script type="text/javascript">
  var _paq = window._paq = window._paq || [];
  /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
  _paq.push(['trackPageView']);
  _paq.push(['enableLinkTracking']);
  (function() {
    var u="https://analytics.esser.me/";
    _paq.push(['setTrackerUrl', u+'matomo.php']);
    _paq.push(['setSiteId', '1']);
    var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
    g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
  })();
</script>
<!-- End Matomo Code -->

Thought to make sure the opt-out is forgotten I fire the _paq.push([‘forgetUserOptOut’]); before firering the default matomo code… but this doesn’t change anything, the mtm_consent_removed cookie is still there.

This is what borlabs is writing regarding Matomo opt-out:

It is not necessary to include the opt-out iframe of Matomo. If Matomo is included via Borlabs Cookie, the code of Matomo will not be loaded in case of an opt-out. Therefore the opt-out function of Matomo is unnecessary and should not be included.

…but with the mtm_consent_removed plugin it looks like the opt-out function of Matomo is in place. Right??? How can I stop this?

10

Hi,

If I understand this correctly, if a user opts out and then opts in the tracking code is loaded twice?

Wouldn’t it be easier to just always load the tracking code (with a _paq.push(['requireConsent']); so it doesn’t track anything until the opt-in) and then only toogle _paq.push(['rememberConsentGiven']); and _paq.push(['forgetConsentGiven']); (or _paq.push(['optUserOut']); and _paq.push(['forgetUserOptOut']);) in borlabs?

11

grafik
grafik1119×555 16.3 KB

This is the prozess of Borlabs. Usualy all consent tools think just in the first 2 steps, not in the third.
Boarlabs is unloading the script in step 2 and re-loading it in step 3 (will be in place only once, but loaded for the second time)
The first qquestion is if the mtm_consent_removed cookie is blocking anything in step 3? Also if not, from a GDPR point it would be better to use only this cookies which are needed, so the mtm_conent_removed should never be set. Is this possible?

Your recomendation would be easy… sure. But Borlabs is working this way. The only issue is that in step 2 the mtm_consent_removed will be set. If this can be blocked, everything would be ok.

12

Is there a way to stop the mtm_consent_removed cookie to be set?

13

No way? :frowning: :frowning:

14

@spitzbube74 it would maybe work by calling _paq.push(['deleteCookies']) and then it would be deleted? Could you try this?

From a GDPR perspective I would say the mtm_consent_removed cookie should not cause any trouble though since it is in the interest of the user to have this cookie and is basically an “essential” cookie to prevent from tracking etc.