Further lock down Google Analytics to be GDPR compliant.

wordplaydev · Oct 24, 2023 · 91d0ac7 · 91d0ac7
1 parent 0865c25
commit 91d0ac7
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 7 deletions.
diff --git a/src/db/firebase.ts b/src/db/firebase.ts
@@ -19,7 +19,7 @@ import {
     getFunctions,
     type Functions,
 } from 'firebase/functions';
-import { getAnalytics, type Analytics } from 'firebase/analytics';
+import { getAnalytics, type Analytics, setConsent } from 'firebase/analytics';
 
 let auth: Auth | undefined = undefined;
 let firestore: Firestore | undefined = undefined;
@@ -50,6 +50,13 @@ if (typeof process === 'undefined') {
         functions = getFunctions(app);
         analytics = emulating ? undefined : getAnalytics(app);
 
+        // Deny consent for analytics, ad tracking, and personalization tracking.
+        setConsent({
+            analytics_storage: 'denied',
+            ad_storage: 'denied',
+            personalization_storage: 'denied',
+        });
+
         // Initialize emulator if environment is local.
         if (emulating) {
             connectFirestoreEmulator(firestore, 'localhost', 8080);

diff --git a/src/locale/en-US.json b/src/locale/en-US.json
@@ -4243,15 +4243,15 @@
                 "header": "Rights",
                 "content": [
                     "Hi!",
-                    "This is where we set some expectations about your rights and ours (also in light of policy, such as the <COPPA@https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-312> and <GDPR@https://gdpr.eu/compliance-checklist-us-companies/>)",
+                    "Let's set some expectations about your rights and ours (also in light of policy, such as the <COPPA@https://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-312> and <GDPR@https://gdpr.eu/compliance-checklist-us-companies/>)",
                     "The first thing to know is that we are not a commercial entity. We are a community-based research project housed at a not-for-profit university. Our goal is to create a platform that brings you joy and helps us make discoveries about a more equitable and just world of computing. We have no interest in making money on this platform; any money we gather (usually through public funding) is used to sustain the platform, not to enrich anyone who works on it (or contributes to it).",
                     "Because we are not seeking profit, this also means that we can't make any promises about the reliability, availability, or longevity of this platform. That said, <Amy@https://amyjko.phd> is committed long term to sustaining it, and as a tenured professor, she's got a pretty stable gig.",
                     "That brings is to *data*. Here's what we gather and store in the cloud:",
-                    "• If you are 13 or older, your *email address*. We use this to ensure that only you and anyone you share with can access your projects and settings. If you are younger than 13, then we only store the username you choose, which you should ensure doesn't contain any personally identiable information.",
-                    "• Your *projects*. We store any projects you contribute.",
-                    "• Your *settings*. This includes the locales you choose, your animation preferences, and your tutorial progress. Everything else is stored on your device.",
-                    "• Your anonymized *activity*. We track the projects you view, the size of your screen, when you leave the site, when you read to the end of a page, and when you login.  We use this to help prioritize engineering work, and to help raise funding by reporting how much the platform is being used in the aggregate. None of these events are in linked to you, and we do not track you across websites.",
-                    "We don't store anything else. No 'cookies', no IP tracking, no recordings of any camera or microphone input. Our <source@https://github.com/amyjko/wordplay/tree/main/src> is public, so anyone can verify this, and report any unintended tracking.",
+                    "• If you are 13 or older and choose to log in with  your email address, we store your *email address*. We use this to ensure that only you and anyone you share with can access your projects and settings. If you are younger than 13, then you should create a username and password without personally identifing information.",
+                    "• Your *projects*. We store any projects you contribute and your changes to them.",
+                    "• Your *settings*. This includes the languages you choose, your animation preferences, and your tutorial progress. Everything else is stored on your device only.",
+                    "• Aggregate *activity*. We track logins and the pages you visit, but not in a way that can identify you, track you across the site, or track you across other sites. We use Google Analytics in 'consent denied' mode, which only gathers minimal non-identifiable information about page views, without storing cookies, or sending IP address information to Google. We use this aggregate information to help raise funding by reporting how much the platform is being used.",
+                    "We don't store anything else. Our <source@https://github.com/amyjko/wordplay/tree/main/src> is public, so anyone can verify this, and report any unintended tracking.",
                     "*You* own your data, not us. That means:",
                     "• You control who can access your projects. They are private by default, but you can share them with individuals, groups, or make them entirely public.",
                     "• You can fully delete any project or your own account at any time.",