occasional tracking without consent #748
Comments
|
Thanks @KrisBrys for reporting, are you able to update the ticket to follow the format like in this issue, once done we will have a look into for you :D thanks again for raising this |
|
Hi, I updated the format af the report. |
|
My initial assumption here is that it will be related to the custom setup/custom adjustment to the tracking script where Matomo doesn't reliably get the information about the consent not being given. I imagine on some rare occasions/race conditions around the dom loading speed or Cookiescript loading speed the tracking fires up before the consent not given could be passed to Matomo. @matomo-org/core-reviewers care to weigh in here? Also, should we move this to MTM repo since OP mentions they use Matomo Tag Manager and not the standard tracking script? |
|
There are some similar integrations covered in our consent manager guides (eg. https://matomo.org/faq/how-to/using-cookiebot-consent-manager-with-matomo/) , race conditions are a common issue here and the usual approach is to either have the Matomo tracker disabled entirely until consent is given or add event listeners to the consent tool to toggle the Matomo consent status. MTM loading will complicate this further, so I'd concur that the MTM repo might be a better place to find answers on this one. |
|
@KrisBrys Can you check my previous comment and let us know if we are good to close this issue |
|
@KrisBrys I am closing this issue, feel free to reopen the issue if you are still facing the issue. |
What happened?
When a visitor has not given consent and the Matomo.getAsyncTracker().hasConsent() in dev console is indicating no consent was given to Matomo, some page visits are tracked. There is a visible POST request on dev tools network tab to matomo.php with a payload containing basic information (action_name, idsite, rec,r, h, m, s, url, urlref, etc) that seems to be initiating the container to track the visit. When we check the visitor logs in Matomo dashboard, the visit is recorded. It is occuring on some visits, ranging rates ca 1/100 up to 1 in 5 visits.
The custom tags are not used for visitors that not gave consent, only the basic tracking info stated above.
The issue occured since at least 3 weeks ago. We reproduced it in an isolated setup on our intranet with same results. We checked ik privacy mode and different browsers: Opera, Chrome, Edge and Firefox.
the matomo.php post request with initiators
Payload on post request to matomo.php
check consent Cookiescript:
check consent Matomo using dev tools:
What should happen?
A visitor of the website that does not give explicit consent to be tracked by accepting category 'performance' in Cookiescript, should not be tracked.
Only visitors accepting the Performance category may be tracked, according to GDPR regulation in EU.
How can this be reproduced?
We have Matomo Cloud and configured consent from Cookiescript (in head of page). After Cookiescript, the Matomo Tag Manager is loaded in the head of the page.
Matomo configuration:
Enable Do Not Track Support: checked
Disable tracking by default: checked
Disable sessions recordeing: checked
Disable heatmaps: checked (was unchecked at time we discovered this behaviour, disabling heatmeps seemed to drop the tracks without consent but 2 weeks later we still notice tracks without consent.
Cookiescript handles keeping track of Consent we do not use Matomo to do so. Therefore we use the method to push setConsentGiven on every page load. To do that we have in the MTM container a custom tag in Head position that triggers when Dom Ready. Every page load the matomo opt in tag will set requireconsent, then check if performance category is accepted by visitor by requesting this information to Cookiescript. If they do gave consent the script pushes a setConsentGiven to Matomo. When visitor does not accept performance, no setConsentGiven is sent to Matomo for that page load.
See screenshot below for configuration of the script
setup consent in matomo tag manager:
How to test after this configuration:
Matomo version
Cloud Matomo
Matomo Patch or Minor Version
Unknown: latest Matomo Cloud version
PHP Version
Unknown: Matomo Cloud server
Server Operating System
Unknown: Matomo Cloud server
What browsers are you seeing the problem on?
All tested browsers: Firefox, Chrome, Edge, Opera
Computer operating system
Windows 11
Relevant log output
See screenshots in this ticker
The text was updated successfully, but these errors were encountered: