Cookies Consent Bric sends data offsite without the user's consent

frankjonen · July 25, 2022, 11:08pm

This is a problem with the Cookie Consent Bric that can end up being rather costly for website owners. Especially if you’re in Germany where we have a vulture lawyer system that jumps on GDPR violations just to get money out of people.

The Bric sends user data to https://ipinfo.io without disclosing it to anyone. I noticed it in the Brave error logs by accident.

It doesn’t seem necessary to even gather all that data about the user. We’re talking about a DIV with a button here that gets displayed on first site visit, sets an agreement cookie and that should be the end of it.

Norm · July 26, 2022, 11:40am

The Bric is free and uses this free service. All of the JS code used on Blocs sites that use this Bric is not ours and is 3rd party.

They may offer a deeper insight into why this call is made.

frankjonen · July 26, 2022, 1:18pm

Thanks for the info. I’ll try to figure out why and strip the JS of the call in the meantime. It’s blocked by default in Brave which doesn’t seem to have any effect on the functionality.

I need to learn how to make Brics anyway.

Norm · July 26, 2022, 3:14pm

I’m guna give this an a few other brics a refresh in September so please feel free share findings, or write your own Bric

Bootsie · July 26, 2022, 5:26pm

Yes, please do so.