In order to make my website safe with regard to GDPR I have tried to host all required libraries locally, on my own server. I managed to replace the urls in the theme files that lead to several CDNs with local copies of the scripts. However, Stacks seems to add a reference to a Jquery deposit and insert that line of code into the plugin header: <script type='text/javascript' charset='utf-8' src='https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js'></script>
For the life of me I can’t find that anywhere. Even when I disable the CDNs in the Stack plugin preferences this line appears. Is there a way to get rid of it?
I think Google have already committed to GDPR compliance - or are working on it. So jQuery CDN, Google Fonts, Maps etc should be safe to use… but check here (bottom of page):
Google’s compliance isn’t the point. It is the required consent of the visitors. As soon as the browser loads jQuery or a Google Font or a Google map it sends the IP address of the visitor to Google’s servers - without any option to ask for his consent beforehand.
I can host all the stuff locally and load it from
there. Not as comfortable because I’ll have to update it manually, but alas. But if the Stacks plugin automatically adds a jQuery call that I can’t modify this breaks the GDPR rules. @isaiah can you please comment on this? Thanks!
Google can agree to the GDPR but nevertheless it is not allowed to transfer any personal information (the ip is a personal information) without the visitors consent. If the visitor doesn‘t want that Google grabs his ip or other personal information we are not allowed to do this and we have to build our websites in a way the data transfer won’t be possible
Even Apple agreed to the GDPR but in their iCloud EULA they write that in some special cases they would give personal information to the US authorities. I think the other great players will do the same. Even If those companies accept the EU regulations this is no guarantee that no data will be transferred.
But what about fingerprinting…? We have no chance do do anything…?
Not sure if this will help, but if you click Prefs > HTML from the bottom right of your Stacks window, you can change where Stacks gets its jQuery / jQuery UI and Font Awesome icons from:
This screen grab is from Stacks 3.5 and I think this is an option available to the general public, not just developers or Beta testers. Unchecking the CDN options will load local versions of these instead that are hosted on your own website:
I’m in agreement with @Fuellemann and @therealmf. The way GDPR is written, Google and other CDNs are not compliant, based on my interpretation of the law. Disabling these calls to third-party sites appears to be the easiest form of compliance.
I am in the process of releasing free updates for some of my themes that remove the CDN links and use local versions of everything instead. So these updates combined with the above setting in Stacks should get you very close towards full GDPR compliance. If you are in need of specific theme updates from me, please get in touch.
Thanks Will. Unfortunately as Jannis already pointed out you can only disable the calling of some of the libraries and JQuery UI remains. I thinm Isaiah needs to fix this.
OK, so there are two sort of swirling issues here, one about GDPR and one about jQueryUI on a CDN.
GDPR
I don’t live, work, or operate in the EU so don’t have a strong opinion on the GDPR. That said, my research seems to indicate that Google CDNs will be in compliance. However it does seem ambiguous enough that I certainly think there were be many who choose to read it that all CDNs have to be eliminated from the web and vice versa. And I’d like to make Stacks work well no matter which way you read it.
CDN disabling for jQueryUI
This is a bug – or rather a feature that was never completed in Stacks 3.x. We added the switches for other CDNs and libraries – but somehow just never added the button for jQueryUI. Ironically all the difficult code is included inside of Stacks as if the checkbox exists and there is even a copy of jQueryUI within Stacks – just no way to enable it!!! But in 3 years no one has noticed or cared until this new law. LOL
Look for a bug fix for this in the coming week. I can’t say exactly when as any time I modify the UI things tend to take a few extra days. I’ll release it on the Slack channel (http://slack.yourhead.com) as a beta version as soon as it’s ready.
Thank you very much Isaiah Hopefully in time so other Developers can update their stacks as well to support this. Thanks again, you are lifting a weight from our shoulders.
No. This is all about the general preference settings in the Stacks plugin. After the update we will be able to switch all four basic components from cdn to local.
There may (and will, most likely) be additional calls that single stack elements make but these have to be dealt with by the respective developers or by us modifying the stacks.
Thank you very much, Isaiah!
You don’t need to do anything and neither do stack developers. Stack developers get to choose the library, it’s up to the user to determine the source of the library.
And local libraries are the default.
So if all goes as planned, it will just start using the built in local library after the next update.
You’ll need to republish any pages that use the jQueryUI library. Probably safest just to choose Republish All Files from the File menu after the update. That will make sure you get 'em all.
That Google (and others) is now compliant to the to the GDPR solves only one problem. The other problem is that there are personal information still transferred outside the EU. That is the main problem and we have to ensure that our websites do not sent any information anywhere (especially outside the EU).
to be precise: it IS permitted to transfer personal data outside the EU. It just takes explicit consent of the visitor of the website. That’s what we need to ensure: that our sites don’t transmit ip addresses without explicit consent of the visitors to do so. Which requires the consent before any other library is being loaded from CDNs.
Hopefully in time so other Developers can update their stacks as well to support this. Thanks again, you are lifting a weight from our shoulders.