How's the GDPR (used to) related to my blog
Felix: they say that EU readers are blocked from your blog
me: wtf really? how?
also me (3 yrs ago): Haha GDPR goes brrrrrrr
This is funny, I used to have google analytics integrated in my blog (maybe it still presents now? I'm not sure), and in order to make ga work, I added an adblock detector (but I've just realized that I'm not using it from the very beginning!). Also, I'm not willing to prompt users every time they visit the blog, so I set a cookie named blker (for blocker, I guess).
Then I realized that this might violate the GDPR.
Not good, I thought, so I searched on google for ways to create a valid, legal popup that informs users about those GDPR user agreement stuff. Unfortunately, the search results showed that I need to pay an amount of money to generate the legal text I need, and the fee was not what I could afford as I was still a high school boie at that time.
So the approach was simple: I need to use ga to count readers (I know they provides far more information despite the readers count, but I'm not interested), so I want readers to disable their adblocker; In order to tell them to disable adblocker, I need to prompt them; As I don't want them to be prompted every time they visit the site, I have to set a cookie to mark readers that have been prompted. At that time, I felt like setting cookies without asking for agreement is violating the GDPR, and I couldn't cope with it because I have no money to generate the legal text, so it looks like I have no chance to be compatible with the GDPR law.
Hmm, maybe I can stop EU readers from accessing the site, I thought. That's simple, just make a GET to /cgi-bin/trace api provided by cloudflare, and you can get the country code determined by source IP. At the time I wrote these code, the UK was still part of the EU (legacy code, lol), so I think I should keep UK in the list, and remove it when they finally complete the transaction (of course, I totally forgot this lol)
Felix told me that if cookies are not correlated to a single user, then setting it may not violate the GDPR. But now I don't need cookies anymore: since 2020, I've been using busuanzi which only counts the number of readers.
And I've just realized that they have shutdown the service (502 Bad Gateway for busuanzi).
UPDATE: seems like the busuanzi service is working again, so I've just encountered a short outage?