0

I am not a professional and it is my first small project to create a website.

I use different tools/widgets from third party providers. For example a booking system. My problem is that the third party tools (like the booking system) send the data (e.g. IP address) to Google (Google Tag Manager) or to Matomo (Tracking Tool). For example I see this through the network analysis (see screenshot).

enter image description here

My question: Can I write a script that cancels/blocks/disable these requests? It is best if the script is compatible to all browsers. I think it should be possible or? I mean, there are extensions like Ghostery that block these requests (especially also this Google Tag Manager Request, when I enable ghostery).

Why do I need this? I live in Germany and here is the GDPR (= General Data Protection Regulation). This means that no personal data (like IP address) may be sent to external servers without permission.

Sud0
  • 55
  • 5
  • 2
    Contact the support of these third-party providers how to disable their tracking, or find a different provider for the booking system. There's really no good way around it, especially if you don't want to (and likely can't) modify the third party scripts. – Bergi Nov 24 '20 at 22:06
  • Thanks for your answer. Unfortunately I have already deactivated everything in the tool. But it did not help. I have already contacted the support, but I did not get a satisfying solution. Nevertheless what I do not understand. Tools like Ghostery block requests, don't they? So it should be possible to write a script to block these requests? – Sud0 Nov 24 '20 at 22:58
  • 1
    Browser extensions like Ghostery use a very different API than what is available to the code within a webpage. (Consider the reverse: tools like ghostery also allow unblocking specific requests - it would be bad if a webpage could do that on its own). – Bergi Nov 25 '20 at 08:48
  • That said, a content security policy or possibly a service worker might be able to do this. It does sound very cumbersome though. – Bergi Nov 25 '20 at 08:49
  • thank you for explaining this in detail. – Sud0 Nov 26 '20 at 16:46

2 Answers2

2

Google Tag Manager is indeed a problem because it sends data to the US, and that's no longer legal since the collapse of privacy shield and SCCs to the US. The only way to avoid that is not to use GTM. Google analytics is just as bad, and you should consider Google Fonts to be a tracking mechanism too.

GTM and GA's "GDPR compliance" options are a waste of time. They do nothing until after their scripts have loaded, by which time the damage has already been done. Just don't use them.

Matomo is a different matter, because it's usually self-hosted and so is not sending data to anyone but yourself. That said, it usually does so via a javascript tracker plugin, and may set cookies. However, it will also work purely with log analytics which require neither of those things.

Seek out services that do preserve privacy; they exist.

Synchro
  • 35,538
  • 15
  • 81
  • 104
  • GDPR really gives me a headache and a lot of work. The problem is, the third party tool has integrated Matomo. You write that Matomo can be hosted by yourself. As I said, I am a beginner and this is my first project. Google dev-tool tells me: https://counter.simplybook.me/matomo.php that means the booking system/booking tool hosts Matomo and does not send any data to Matomo? If no, then I probably have to use a tool that is subject to a fee. – Sud0 Nov 24 '20 at 22:50
  • Yes, Matomo is self-hosted (read their docs), but it looks like the service you’re using provides it. If you don’t want to share data with them, remove references to it on your side. Generally following GDPR is *less* effort than not doing so – the main thing is simply *not* to do all the tracking. The problem is that so many services claim compliance while doing the opposite. – Synchro Nov 25 '20 at 07:37
  • What exactly do you mean by "remove references"? Can you give me a hint what I can do? Where/what should I look up (Matomo docs, specific JS code?)? – Sud0 Nov 25 '20 at 11:45
  • Whatever it is in your app that is loading Marino from simplybook.me. The developers of that service should be able to help you. – Synchro Nov 25 '20 at 12:18
  • all right thanks, i will have to wait for a reply from support or find another tool. – Sud0 Nov 26 '20 at 16:45
1

This is rather difficult to do if your scripts add these. You are best off looking at configuration possibilities of those tools/widgets, or the libraries they use. E.g. if the GTM installs GA, you might be able to disable GA tracking by adding

window['ga-disable-UA-XXXXXX-Y'] = true;

Before the other scripts in the html file.

Jkarttunen
  • 6,764
  • 4
  • 27
  • 29
  • thanks for the code snippet. I will try tomorrow. The problem is, I have already disabled all kinds of things in the tool and I still get the request to Google and so on. – Sud0 Nov 24 '20 at 22:34
  • 1
    unfortunately it did not work. But thanks for your time – Sud0 Nov 25 '20 at 11:38
  • 1
    That would not prevetn GTM from loading, but if you repace the XXXX-y part with their GA id, it might disable the GA, if GTM injects that. – Jkarttunen Nov 26 '20 at 11:40
  • Oh, I'm sorry. I misunderstood something. There is no GA installed. And like you said, the code does not prevent loading with GTM. I also noticed that when I implemented the code snippet. Sorry for that. Okay, so it is not possible to disable the GTM. I understand. – Sud0 Nov 26 '20 at 16:44
  • Yes, but typically GTM is used to install the actual tracking scripts, like GA – Jkarttunen Nov 26 '20 at 21:57