Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Metomic Contextual Consent – a privacy layer under embedded content (metomic.io)
27 points by benvan 30 days ago | hide | past | web | favorite | 7 comments

I really like the privacy-first products Metomic is creating, but from this perspective imho the Contextual page should have something like the Metomic footer allowing to navigate to the privacy policy (at https://metomic.io/privacy-policy )

Good point! Have added a link to our privacy center at the bottom of the page

If you're looking for an open-source consent solution there's Klaro, which is used by thousands of websites already and is completely free (BSD-licensed):


You can easily adapt it to various legislations (GDPR & ePrivacy, CCPA, ...) and customize styling and code. It's fully self-hostable and does not require any external resources, it also doesn't send any information to third parties. Interactive consent as a feature (what they call contextual consent) is coming soon as well.

I like Metomic but I wouldn't say it's "privacy-first" as they log consent in their backend. This unnecessarily sends user data to a third party. Neither the ePrivacy directive nor the GDPR requires such a thing. I can understand why they want this data as they need to monetize their service, but I think it's really pointless as you store a cookie that then allows you to retrieve consent data, which you could just as easily store directly in the cookie as well (which Klaro does). Storing consent directly in a cookie allows the website owner to check it on the server side if required, and to prove that the user was asked for his/her consent.

Otherwise it seems like a great tool with a good UI!

Thanks for the feedback!

Regarding privacy-first - we're striving to do a good job at this so really appreciate opening up the conversation. We don't actually store consents on our server - unless you enable "logged in mode" as a Metomic customer. When this is the case, you can generate a JWT for your customer that we then use to store a record of their consent serverside.

However for most of our customers, we operate in "anonymous mode", where consents are stored on the browser only. The only thing we do is store an incremental counter on the server that allows companies to see which policies are being accepted and which are not. Whilst we're all figuring out how to be more equitable with users as companies, it's extremely helpful to know when a change you make to a policy is something that people don't support (i.e. reject) - and our dashboard shows you this information

We actually have a community slack channel dedicated towards discussing exactly this type of thing - please do join if you'd like to chat!


Well, I can't find a running version of Metomic on any of your reference sites (maybe you can point me to one), on your own site the script sends several GraphQL queries to your backend when I consent, and also communicates with that before I do (not sure if this is due to other scripts on the page not related to the manager).

Again, this is totally fine, I wouldn't call it "privacy first" though, as it does not systematically minimize information exposed to third parties.

I really like this. It's a pretty elegant way to handle iframe content in particular. Will keep a keen eye on this project!

The issue we ran into in this area was with embeds that don't use iframes - generally it ends up being a third party script that needs innoculating (e.g. instagram / twitter embeds), with a bunch of associated dom content somewhere else on the page (the new facebook embeds work the same way).

The approach we've thus taken is to allow you to bundle related content together under a single "purpose" - when permission for that purpose is granted, all associated content gets unlocked.

There's also a bunch more info on this over at the docs: https://metomic.io/docs/placeholders

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact