@ayo#YouTube "enhanced privacy" embed is a complete lie.
They just use Local Storage instead of cookies. And when you click Play, they set a cookie anyway.
@ayo I was excited to discover it, too, when I was working on improving the GDPR compliance of our site.
This YouTube "feature" could cost people some hefty fines. How people are supposed to know that youtube-nocookie.com actually uses Local Storage (and cookies) and is not GDPR-compliant?
@demivan that's really sneaky 😬 So the cookies are saved on local storage probably via other means and their youtube-nocookie.com version will just get the cookies from there? 🙈
@ayo It is not exactly the same as using regular cookie. When embedded, YouTube generates a new device identifier (and lots of other data) and saves it in Local Storage without user consent. This is already a GDPR violation. And when the user clicks "Play" they send this info to the server and exchange it for the actual cookies. So data is only bound to the user when they click "Play".
Add comment