Remove Google JavaScript reference / host locally

Question

Remove Google JavaScript reference / host locally

mwllgr opened this issue 2 years ago · 6 comments

Hello, about the following line in the source code:

<script src="//www.gstatic.com/cv/js/sender/v1/cast_sender.js?loadCastFramework=1" defer="defer"></script>

That's not good when it comes to GDPR compliance as far as I know. Is there some way to host it locally?

Answer 1 · 2022-08-26T14:59:48.000Z

I'm not sure what you mean here, this is loading the APIs for casting to Chromecast and other supported devices, it's not doing tracking, has nothing to do with the GDPR and is necessary for that functionality. It talks to Google APIs anyway, so hosting it locally achieves nothing.

Answer 2 · 2022-08-26T15:01:52.000Z

The problem is that Google receives the IP of every visitor. It would be nice to disable casting functionality to stop the script from getting loaded or similar. Aug 26, 2022 17:00:01 Gareth Latty ***@***.***>:

…

I'm not sure what you mean here, this is loading the APIs for casting to Chromecast and other supporting devices, it's not doing tracking, has nothing to do with the GDPR and is necessary for that functionality. It talks to Google APIs anyway, so hosting it locally achieves nothing. — Reply to this email directly, view it on GitHub[#456 (comment)], or unsubscribe[https://github.com/notifications/unsubscribe-auth/AGEZST6BNBQGFPXT5GG7RA3V3DLW5ANCNFSM57MGLXZQ]. You are receiving this because you authored the thread.[Tracking image][https://github.com/notifications/beacon/AGEZSTZ2BQNTGTQ3DWTV6X3V3DLW5A5CNFSM57MGLXZ2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOJE5QBUY.gif]

Answer 3 · 2022-09-25T10:13:30.000Z

the problem is, visitors IP will be submitted to google - thats against GDPR in EU - a cookie banner is nessesary to opt in / opt out - or disable it completly (so no CAST function)

would be nice to have a ENV or something to disable the g. cast completly
or integrate a opt in/out cookiebanner to inform user that data will be transmitted to google and they can choose

i think thats what mwllgr want to say :)

+1 for this

Answer 4 · 2022-09-25T10:42:43.000Z

This is not against the GDPR. The script does not set any data in cookies/local storage/anything else client side, and especially not tracking data. The GDPR does not stop you making requests to services, and it does not stop you using cookies/local storage/whatever for non-tracking purposes.

It's necessary to load the script to provide a feature. If you don't want that feature, there are tons of great content blockers that can block the request, the site will function normally otherwise, but I'm not breaking the site for people who do want that feature.

The hosted instance also uses cloudflare, it's hosted on a cloud platform: fundamentally the internet involves your IP being spread around to everyone you connect through. Just loading a resource with no tracking being done is not unreasonable, and painting it is such is a little absurd.

Adding a cookie banner would be flat out misleading. No cookies (or equivalent) are being set, no tracking is being done.

If you would like to host your own instance with the casting stuff stripped out, the project is open source and it is simple to achieve, but I'm not breaking the feature for no reason.

Answer 5 · 2022-09-25T10:46:41.000Z

This is not against the GDPR. The script does not set any data in cookies/local storage/anything else client side, and especially not tracking data. The GDPR does not stop you making requests to services, and it does not stop you using cookies/local storage/whatever for non-tracking purposes.

It's necessary to load the script to provide a feature. If you don't want that feature, there are tons of great content blockers that can block the request, the site will function normally otherwise, but I'm not breaking the site for people who do want that feature.

The hosted instance also uses cloudflare, it's hosted on a cloud platform: fundamentally the internet involves your IP being spread around to everyone you connect through. Just loading a resource with no tracking being done is not unreasonable, and painting it is such is a little absurd.

Adding a cookie banner would be flat out misleading. No cookies (or equivalent) are being set, no tracking is being done.

If you would like to host your own instance with the casting stuff stripped out, the project is open source and it is simple to achieve, but I'm not breaking the feature for no reason.

Not all ppl are Programmers and can do it By own - this was just a question From ppl that are Scared About the law in EU

If Cast dont Send Any private Datas all is Fine i Think u got this wrong and your answer Seems a Bit aggressiv :D all is okay Then with help of your explanation :)

Answer 6 · 2022-09-25T11:01:15.000Z

Sorry if my tone was overly harsh, wasn't my intent.

I think there is a lot of FUD about GDPR out there, a lot of companies just throw cookie banners at everything because it is simpler, and because they track everything. This project doesn't do any tracking, and just using Google's APIs like this doesn't either, so it's well within the bounds of GDPR, and generally users should hopefully be able to feel comfortable about their data, as we only take what we need to let you play, and only keep it for as long as needed for the game.