# Canon Rumors becomes fully compliant



## Canon Rumors Guy (Feb 19, 2021)

> Over the last couple of weeks, I have spent a lot of time looking over the various laws surrounding compliance with affiliate disclosures, cookie requirements as well as web accessibility.
> As you’ve probably seen for the last week or so, there is now an affiliate disclosure on every post. Affiliate revenue helps to keep the lights on.
> After hours of research, I have selected the service providers to implement these changes. They are not free and do add to the monthly costs of the site.
> Canon Rumors is now fully compliant with the following requirements:
> ...



Continue reading...


----------



## Peter Bergh (Feb 19, 2021)

I, for one, appreciate your efforts. Thank you!


----------



## COBRASoft (Feb 19, 2021)

Why the Admiral block in my face as a pro user of this site? I'm forced to give consent or I can't continue on the site or use dev hacks to get rid of it.
Please revisit the Admiral popup for pro users.


----------



## Valvebounce (Feb 19, 2021)

Is that what this is? It is completely blocking every page, it’s taken 15 attempts to get to here, keep setting preferences and accepting, reload or change page and bam blocked again.
This is currently making it impossible to view the site.
Really not happy after paying for pro!


----------



## Jethro (Feb 20, 2021)

Hmm - I haven't seen it - and I've been scrolling through pages for a while now. In Australia, on Apple.


----------



## privatebydesign (Feb 20, 2021)

I can see the icon for accessibility but I don’t know how to access the cookies and privacy settings.


----------



## privatebydesign (Feb 20, 2021)

Valvebounce said:


> Is that what this is? It is completely blocking every page, it’s taken 15 attempts to get to here, keep setting preferences and accepting, reload or change page and bam blocked again.
> This is currently making it impossible to view the site.
> Really not happy after paying for pro!
> View attachment 195892


I think you will find that is a national privacy issue, any time I use a UK, or EU, based IP address I get the same. I don’t think Craig has any say in you accepting the conditions of the site.


----------



## privatebydesign (Feb 20, 2021)

Yes I just confirmed that the Admiral Consent Module is an EU/UK thing. What want to know is do you check for consent or to withdraw consent, it is deliberately misleading.

But those that get the Module and have a mind for privacy should be happy, the various governments have forced websites to give opt out options, the rest of the world doesn’t!


----------



## COBRASoft (Feb 20, 2021)

Exactly, where is the opt out? I don't want to give consent to those things. I live in Belgium, Europe and know quite a bit about GDPR as a software developer.
Edit: I do understand Craig tries to comply to all those rules out there. It's no joke! Perhaps you can make the popup a bit more clear?


----------



## MiraMatt (Feb 20, 2021)

privatebydesign said:


> What want to know is do you check for consent or to withdraw consent, it is deliberately misleading.


User Interface designers call it a "dark pattern", a design intentionally crafted to lead you to do something against your best interest or preferences: It provides the appearance of helpfully "allowing" you to opt out - but under these laws, you do not need to opt out. Rather, a site must convince their a users to opt-in to tracking functions, which they do by throwing up these confusing barriers whose sole purpose is to trick the 99% of people who can't navigate the misleading and distracting options into opting in. Getting to content becomes a tortuous task, unless you give up your right to privacy.


----------



## AlanF (Feb 20, 2021)

Like for Valvebounce, the Admiral pop up won’t let me save opt out settings on the iPad. The pop up appears every time I navigate to a new page. Maybe it’s an EU thing but it renders the site unusable on an iPad.


----------



## zim (Feb 20, 2021)

AlanF said:


> Like for Valvebounce, the Admiral pop up won’t let me save opt out settings on the iPad. The pop up appears every time I navigate to a new page. Maybe it’s an EU thing but it renders the site unusable on an iPad.


Even if you select the first option and reject the rest? The site needs that first option to work.


----------



## AlanF (Feb 20, 2021)

zim said:


> Even if you select the first option and reject the rest? The site needs that first option to work.


Thanks, that’s fixed it.


----------



## RGB49 (Feb 20, 2021)

I laboriously went through and deleted all options only to find that it made no difference it just re-appeared every time making the site unusable.
I did find that if I use my VPN it got rid of the problem, but that VPN uses a European address so I don't know if it is an EU problem.


----------



## AlanF (Feb 20, 2021)

RGB49 said:


> I laboriously went through and deleted all options only to find that it made no difference it just re-appeared every time making the site unusable.
> I did find that if I use my VPN it got rid of the problem, but that VPN uses a European address so I don't know if it is an EU problem.


See Zim's advice to me: you have to consent to the first option to allow the functional cookie to save settings on your computer.


----------



## COBRASoft (Feb 20, 2021)

Where is the accept minimal or even none?


----------



## Valvebounce (Feb 20, 2021)

zim said:


> Even if you select the first option and reject the rest? The site needs that first option to work.


Hi Zim. 
I was just about to say this, I finally realised it needs to store a cookie to get past this then reject the rest. 
Perhaps that one should be called a necessary cookie as on many other cookie option selectors. 

Cheers, Graham.


----------



## zim (Feb 20, 2021)

Valvebounce said:


> Hi Zim.
> I was just about to say this, I finally realised it needs to store a cookie to get past this then reject the rest.
> Perhaps that one should be called a necessary cookie as on many other cookie option selectors.
> 
> Cheers, Graham.


Yeah, this type of entrapment design is all too common now in compliance popups, doubt it's anything CR has control over. I've seen many a lot worse, I've seen a few better.
Unfortunately sensible plain wording and button location defeats the purpose of the design in the first place.


----------



## Canon Rumors Guy (Feb 20, 2021)

Valvebounce said:


> Is that what this is? It is completely blocking every page, it’s taken 15 attempts to get to here, keep setting preferences and accepting, reload or change page and bam blocked again.
> This is currently making it impossible to view the site.
> Really not happy after paying for pro!
> View attachment 195892



I can't block something that is required by the laws of the land. If you don't accept any cookie at all, you will continue to get the popup.

I have edited the frequency of the popup for people that give no input, reject all and partial rejection.

I have also inquired as to why there isn't an easy to see "reject all" button.


----------



## Deleted member 381342 (Feb 20, 2021)

Opt out off all is supposed to be just as prominent as accept all. Though of course /etc/hosts 127.0.0.1 fumblingform.com


----------



## Canon Rumors Guy (Feb 20, 2021)

There is now a "Reject All" button, though it may take a bit of time to actually show up.


----------



## COBRASoft (Feb 20, 2021)

Canon Rumors Guy said:


> There is now a "Reject All" button, though it may take a bit of time to actually show up.


Your efforts are appreciated! Thank you


----------



## jvillain (Feb 20, 2021)

Big props to Canon Rumors for the way they have handled this.


----------



## Canon Rumors Guy (Feb 20, 2021)

I have updated a bunch of settings on the backend to make things far less annoying, but they don't appear to have hit the live site.

For now, I would just "accept all" until my changes go live.

I have a support ticket open with Admiral and I'm waiting to hear back. It may not be until Monday.

Below is what it's supposed to look like.


----------



## Valvebounce (Feb 20, 2021)

It is a shame that the one necessary cookie isn’t listed as such, most of the cookie controls I have encountered list ”Necessary cookie, always on, these enable your choices to be stored.“ or similar wording, the way the Admiral one was labled gave no indication that it was a necessary cookie!
Thanks for everything you do for us.

Cheers, Graham.


----------



## Canon Rumors Guy (Feb 21, 2021)

Everything should be as I wanted now. The reject all button is live and I extended the times between the confirmations. So there should be few annoyances now


----------



## AlanF (Feb 21, 2021)

Canon Rumors Guy said:


> I can't block something that is required by the laws of the land. If you don't accept any cookie at all, you will continue to get the popup.
> 
> I have edited the frequency of the popup for people that give no input, reject all and partial rejection.
> 
> I have also inquired as to why there isn't an easy to see "reject all" button.


There is now a reject all button. Thanks.


----------



## LDS (Feb 23, 2021)

Just a note: GDPR is a European Union law (plus UK as long as it has a similar law) - but of course not the whole Europe. European countries outside European Union are not bound by the same rules.


----------



## Fischer (Feb 24, 2021)




----------



## Fischer (Feb 24, 2021)

LDS said:


> Just a note: GDPR is a European Union law (plus UK as long as it has a similar law) - but of course not the whole Europe. European countries outside European Union are not bound by the same rules.


Its not about countries but companies and individuals - so GDPR applies to everyone out there managing EU-citizen data originating within the EU.


----------



## LDS (Feb 24, 2021)

Fischer said:


> so GDPR applies to everyone out there managing EU-citizen data


Of course, but not for example those of Swiss or Ukrainian citizens - which are in Europe but not in EU.

Anyway it does apply to EEA countries as well, so it does include Norway and Iceland, for example.


----------



## Canon Rumors Guy (Feb 24, 2021)

I understand why the laws exist, I just wish they were easier to implement and understand.


----------



## Valvebounce (Feb 24, 2021)

Canon Rumors Guy said:


> I understand why the laws exist, I just wish they were easier to implement and understand.


So do most of us that have to go through the bollocks every time we view a new site!


----------



## Fischer (Feb 25, 2021)

LDS said:


> Of course, but not for example those of Swiss or Ukrainian citizens - which are in Europe but not in EU.
> 
> Anyway it does apply to EEA countries as well, so it does include Norway and Iceland, for example.


Its not about _citizens_. Its about where you harvest and how you store data. A Chinese living in Berlin is protected. A German living in Japan is not.


----------



## Fischer (Feb 25, 2021)

Canon Rumors Guy said:


> I understand why the laws exist, I just wish they were easier to implement and understand.


The problem with GDPR is that they became over-ambitious when making the rules. The result is that compliance is very difficult and the rules sometimes make no sense to ordinary people. We see this in a lot of modern legislation. The US is of course the mother of overly detailed and complex legislation - but its a rising problem.


----------



## privatebydesign (Feb 25, 2021)

Valvebounce said:


> So do most of us that have to go through the bollocks every time we view a new site!


Yes, and also every time you clear your cookies. My wife has here browser set to clear cookies after every use, she gets policy acceptance notifications every single time she uses her iPad.


----------



## snappy604 (Feb 26, 2021)

privatebydesign said:


> Yes, and also every time you clear your cookies. My wife has here browser set to clear cookies after every use, she gets policy acceptance notifications every single time she uses her iPad.


that's why I block all cookies and scripts and ads with various tools. I was already surfing ad-free, but wanted to support this site hence went for it 

I get site admins need to make money and wish to support them, unfortunately most of the platforms that generate that ad revenue tend to be a bit sketchy


----------



## privatebydesign (Feb 26, 2021)

snappy604 said:


> that's why I block all cookies and scripts and ads with various tools. I was already surfing ad-free, but wanted to support this site hence went for it
> 
> I get site admins need to make money and wish to support them, unfortunately most of the platforms that generate that ad revenue tend to be a bit sketchy


Most sites won’t load or run properly with all cookies and scripts blocked. I too subscribed to this site even though I run an ad blocker and got no ads. People have to accept that the stuff they want has to be paid for somehow.


----------



## Joules (Feb 26, 2021)

privatebydesign said:


> People have to accept that the stuff they want has to be paid for somehow.


Which is why it makes perfect sense for sites to disclose the Form of this payment and make the acceptance explicit.


----------



## LDS (Feb 26, 2021)

Fischer said:


> A Chinese living in Berlin is protected. A German living in Japan is not.


Evidently. EU laws apply in EU only - and data originating from EU are still protected by EU law - although it's difficult to protect them anyway - that's why Schrem was able to take down Safe Harbor first and Privacy Shield later, as US law is not enough to protect EU data.

I should have written "people living in Switzerland and Ukraine" instead of "citizens", true, as citizen is a legal term.



Fischer said:


> The problem with GDPR is that they became over-ambitious when making the rules.



Actually the issue with GDPR is that it sets the goals but not how to achieve them - so companies have to figure that out themselves, and they were so easy with data protection before they don't really have a clue about doing it properly.

It's a strength of the law, because if it was written with a lot of technical details it would have been obsolete within few years, and it would have been easier to pretend to follow it. 



privatebydesign said:


> People have to accept that the stuff they want has to be paid for somehow.



There are ways to make money from ads without tracking people. This is photo site - it would be quite clear what kind of ads people would like to see here, and have a chance to turn into a sale. The problem is that those selling ads placement made their customer believe they can make more money by tracking and profiling people by running sketchy code in the browser - and then in turn people block scripts and ads because of that.


----------



## privatebydesign (Feb 26, 2021)

LDS said:


> There are ways to make money from ads without tracking people. This is photo site - it would be quite clear what kind of ads people would like to see here, and have a chance to turn into a sale. The problem is that those selling ads placement made their customer believe they can make more money by tracking and profiling people by running sketchy code in the browser - and then in turn people block scripts and ads because of that.


Peoples data is a major source of revenue for many companies and that goes far beyond the initial website. I left my browser running for 8 days without clearing it, I had 1,137 cookies.

This website is nothing different, don’t apply different standards we all know Facebook and Google are the world leaders in collecting and selling data.


----------



## LDS (Feb 26, 2021)

privatebydesign said:


> we all know Facebook and Google are the world leaders in collecting and selling data.


That's why I stay away from both of them, and that's why laws like GDPR are born. They pushed the data collection too far, and all the other followed for fear of being cut away. Thus sites like this now have to go through all the complications of becoming compliant with privacy laws.


----------



## Canon Rumors Guy (Feb 26, 2021)

LDS said:


> Evidently. EU laws apply in EU only - and data originating from EU are still protected by EU law - although it's difficult to protect them anyway - that's why Schrem was able to take down Safe Harbor first and Privacy Shield later, as US law is not enough to protect EU data.
> 
> I should have written "people living in Switzerland and Ukraine" instead of "citizens", true, as citizen is a legal term.
> 
> ...



Cookies actually improve ad revenue quite a lot, as it gives people relevant ads. I as the site owner has no access to any information beyond anonymous demographic information. The rest of the information is fed into the algorithms. There really is very little sinister going with the top end ad networks. Yes, there are some garbage ad networks, but they don't serve here. They're generally on the seedier part of the internet.

Pre-internet and electronic credit card machines, a human would actually go over your purchase patterns and they'd choose which flyers ended up in your mailbox. Now we just use algorithms.


----------



## Canon Rumors Guy (Feb 26, 2021)

privatebydesign said:


> we all know Facebook and Google are the world leaders in collecting and selling data.



I don't pay any attention to Facebook, but Google is not a data broker, everything they collect stays internal (under the Alphabet umbrella) unless there is some legal reason to hand over data. Google's value is based on keeping its data internal, there's no benefit short term or long term in selling it.

All of the ad networks I serve through header bidding also keep data internal, it's in the terms and conditions of the contracts that I sign.


----------



## privatebydesign (Feb 26, 2021)

Canon Rumors Guy said:


> I don't pay any attention to Facebook, but Google is not a data broker, everything they collect stays internal (under the Alphabet umbrella) unless there is some legal reason to hand over data. Google's value is based on keeping its data internal, there's no benefit short term or long term in selling it.
> 
> All of the ad networks I serve through header bidding also keep data internal, it's in the terms and conditions of the contracts that I sign.


Hmm, I think that is a case of semantics, real-time bidding involves Google sharing a lot of the information they have acquired to interested advertisers, whilst technically not ‘selling’ that information it is passed to others who are in turn able to monetize it. 

Personally I am not a tin hat kinda guy, I use ad blockers and a VPN, I don’t use Facebook/Twitter or any other social media and I clear my browser history regularly. My personal website has no cookies. I accept all the websites I visit are trying to make money somehow.


----------



## Canon Rumors Guy (Feb 27, 2021)

privatebydesign said:


> Hmm, I think that is a case of semantics, real-time bidding involves Google sharing a lot of the information they have acquired to interested advertisers, whilst technically not ‘selling’ that information it is passed to others who are in turn able to monetize it.
> 
> Personally I am not a tin hat kinda guy, I use ad blockers and a VPN, I don’t use Facebook/Twitter or any other social media and I clear my browser history regularly. My personal website has no cookies. I accept all the websites I visit are trying to make money somehow.


Well, if you have credit or a smartphone.. You're tracked more than web sites which merely use cookies to personalize advertising. and humans in those other industries can actually see everything you do on a personal level.. unlike Google.


----------



## privatebydesign (Feb 27, 2021)

Canon Rumors Guy said:


> Well, if you have credit or a smartphone.. You're tracked more than web sites which merely use cookies to personalize advertising. and humans in those other industries can actually see everything you do on a personal level.. unlike Google.


Of course, all I have been trying to say is that vilifying CR for compliance and a few normal enough cookies seems unfair. Data collection is everywhere and a thing, criticizing CR for what they do makes no sense unless you appreciate that and treat any other source of data collection with equal vociferousness.


----------



## Joules (Feb 27, 2021)

privatebydesign said:


> Of course, all I have been trying to say is that vilifying CR for compliance and a few normal enough cookies seems unfair. Data collection is everywhere and a thing, criticizing CR for what they do makes no sense unless you appreciate that and treat any other source of data collection with equal voracity.


Was there criticism? All negativity I read was addressed by CR guy through updates to how the cookie prompt looks and works. That's just constructive criticism.


----------



## zim (Feb 27, 2021)

Joules said:


> Was there criticism? All negativity I read was addressed by CR guy through updates to how the cookie prompt looks and works. That's just constructive criticism.


Correct there was absolutely nothing wrong with it other than a few design tweaks to provide clarity. What I didn't realise was that it was customisable by CR I thought only supplier could do that so I learned something.


----------



## Otara (May 27, 2021)

Love the accessibility button.


----------



## MiraMatt (May 27, 2021)

Otara said:


> Love the accessibility button.


That's what I dislike most of all. If your site is not accessible, adding an accessibility button won't make it accessible, no matter how much your expensive vendor claims it will. And because it's "trying too hard" to do things it shouldn't need to do, innocent things like hitting tab a few times now lead to invisible state changes that make it impossible to type (which is how I ended up with a half-posted message).

https://adrianroselli.com/2020/06/accessibe-will-get-you-sued.html - complaints about AccessiBe specifically.


----------



## stevelee (May 28, 2021)

It has been in the 90s here this week. The ads I see on Facebook now mostly relate to travel in Norway. That is well targeted for me these days.


----------

