
Show HN: Metomic Contextual Consent – a privacy layer under embedded content - benvan
https://contextual.metomic.io/
======
rapnie
I really like the privacy-first products Metomic is creating, but from this
perspective imho the Contextual page should have something like the Metomic
footer allowing to navigate to the privacy policy (at
[https://metomic.io/privacy-policy](https://metomic.io/privacy-policy) )

~~~
benvan
Good point! Have added a link to our privacy center at the bottom of the page

------
ThePhysicist
If you're looking for an open-source consent solution there's Klaro, which is
used by thousands of websites already and is completely free (BSD-licensed):

[https://klaro.kiprotect.com/](https://klaro.kiprotect.com/)

You can easily adapt it to various legislations (GDPR & ePrivacy, CCPA, ...)
and customize styling and code. It's fully self-hostable and does not require
any external resources, it also doesn't send any information to third parties.
Interactive consent as a feature (what they call contextual consent) is coming
soon as well.

I like Metomic but I wouldn't say it's "privacy-first" as they log consent in
their backend. This unnecessarily sends user data to a third party. Neither
the ePrivacy directive nor the GDPR requires such a thing. I can understand
why they want this data as they need to monetize their service, but I think
it's really pointless as you store a cookie that then allows you to retrieve
consent data, which you could just as easily store directly in the cookie as
well (which Klaro does). Storing consent directly in a cookie allows the
website owner to check it on the server side if required, and to prove that
the user was asked for his/her consent.

Otherwise it seems like a great tool with a good UI!

~~~
benvan
Thanks for the feedback!

Regarding privacy-first - we're striving to do a good job at this so really
appreciate opening up the conversation. We don't actually store consents on
our server - unless you enable "logged in mode" as a Metomic customer. When
this is the case, you can generate a JWT for your customer that we then use to
store a record of their consent serverside.

However for most of our customers, we operate in "anonymous mode", where
consents are stored on the browser only. The only thing we do is store an
incremental counter on the server that allows companies to see which policies
are being accepted and which are not. Whilst we're all figuring out how to be
more equitable with users as companies, it's extremely helpful to know when a
change you make to a policy is something that people don't support (i.e.
reject) - and our dashboard shows you this information

We actually have a community slack channel dedicated towards discussing
exactly this type of thing - please do join if you'd like to chat!

[https://join.slack.com/t/metomiccommunity/shared_invite/enQt...](https://join.slack.com/t/metomiccommunity/shared_invite/enQtOTY4MzMyODQwOTEyLTk0MmFjNGExMTRhZjA4ZWY2NTBkYjQ3YTJkMzFiMDU2NmIwMThlN2Y1NTAzNDEwYzZiNTc0NDAwODMyODM0MGI)

~~~
ThePhysicist
Well, I can't find a running version of Metomic on any of your reference sites
(maybe you can point me to one), on your own site the script sends several
GraphQL queries to your backend when I consent, and also communicates with
that before I do (not sure if this is due to other scripts on the page not
related to the manager).

Again, this is totally fine, I wouldn't call it "privacy first" though, as it
does not systematically minimize information exposed to third parties.

------
rapnie
Similar idea: [https://vwochnik.github.io/reveal-frame-
component/](https://vwochnik.github.io/reveal-frame-component/)

~~~
benvan
I really like this. It's a pretty elegant way to handle iframe content in
particular. Will keep a keen eye on this project!

The issue we ran into in this area was with embeds that don't use iframes -
generally it ends up being a third party script that needs innoculating (e.g.
instagram / twitter embeds), with a bunch of associated dom content somewhere
else on the page (the new facebook embeds work the same way).

The approach we've thus taken is to allow you to bundle related content
together under a single "purpose" \- when permission for that purpose is
granted, all associated content gets unlocked.

There's also a bunch more info on this over at the docs:
[https://metomic.io/docs/placeholders](https://metomic.io/docs/placeholders)

