Wp-rocket: Why is WP Rocket adding Mixpanel JS to plugins.php?! Rocket Analytics is OFF!

Hello @Netzlichter I am trying to replicate this. Can you please provide the entire tracking code that was added by WP Rocket?

@Tabrisrp Any idea if this is valid?

@arunbasillal It is valid.

It's coming from the deactivation intent panel.

Even when Rocket Analytics is off, the Mixpanel JavaScript is present and a cookie is set.

Similar ticket:
https://secure.helpscout.net/conversation/917682739/118009/

Rocket Analytics and our Deactivation Intent pop-in are two different things.

Rocket Analytics gets data from your website which needs your consentement.

Deactivation Intent doesn't get any data from your website. It doesn't have any relation with Rocket Analytics.

Yes but regarding DSGVO implement a third party code and cookie is not that smart in my humble opinion. Nethertheless Im using WP Rocket on many sites but do not like that my adblocker is blocking code on my own sites ;) and by the way the popup is annoying ... please consider to remove that.

So as mentioned here https://github.com/wp-media/wp-rocket/issues/1959#issuecomment-538039136
the script is added for the deactivation intent and not for Rocket Analytics.

Since the deactivation intent doesn't collect or send any data back to origin until the user chooses to do so, it should be GDPR compliant, right?

Sorry to disturb. Of course Mixpanel is getting personal data from me and all other admins, my IP address, every reload of my admin-sites, all this is or might be logged somewhere in the US without my explicit agreement or knowledge. It shouldn't be activated without my consent, because admins are people too. GDPR is actually quite clear about this. Especially when you are transferring my data to the US, this is not allowed any more, as privacy shield isn't existing, so there is no contract.

Actually I don't care oof you change it or not, I just wanted to give a chance to review this. WP-Rocket will be removed as soon as possible from our blogs because it feels to me like a privacy breach in my admin "backyeard" that I have to find out by searching who is adding third party sources without being informed in any way. Not cool.

@saschafoerster Thanks for the feedback and sorry for the late reply. I will do more investigation from our side.

@GeekPress For the deactivation intend, do we really need the Mixpanel script? Can't we do something custom so that no third party is involved?

@arunbasillal Everything is possible to do on our side with their pros and cons. Having something custom will require to create an interface somewhere on our back-end to analyze the data. We will need to maintain the code, etc... When with Mixpanel, the back-end to analyze the data is already done. We have all our anonymous feedbacks centralized in the same tool, etc...

You can keep Mixpanel, but you should at least get my consent and the consent of the users in the backend when activating it and accept a no, then you might transfer data outside of my server. No consent, no mixpanel in my backyard. 😉 And if you transfer data to your own servers, of course you need a rightful base for that data-transfer as well. Consent might be the fairest option in my opinion and only load mixpanel- or other external scripts in the moment if they are really needed and not track every step in the admin-plugin-panel I am doing (because the mixfile-logfiles will see my IP with every fresh load of the plugin page including the full URL and all my browser-data).

@GeekPress What if we keep the deactivation intend only for users who have opted in to provide analytics and feedback? Would that be a middle ground approach?

Likely related: https://secure.helpscout.net/conversation/1404458869/233642/