Being able to embed memes right inside the Ghost editor is very nice but I’m hesitant about the “hidden cost” of using Tenor for this. It’s served by Google and it’s free. If a service is freely served by Google, we all know that means our visitors pay the price by sharing their surfing history to Google.
Google doesn’t clearly mention how they use Tenor access logs but it’s not paranoid to think that they just store request headers to find out which websites our visitors visit, in cross-site way. Google doesn’t mention anything on GDPR specific to Tenor images. Probably (as in Google Fonts) it’s also not GDPR compliant at all.
Anyone had that kind of concerns before? If so, how did you conclude? Should a Ghost website mention Tenor in its privacy policy?
I would read Tenors, then if you cant get enough details email them and if you are concerned then add to your policy that its Googles service.
If it’s just an iframe of a gif not sure how they are going to track users? They will know the referrer domain but that’s generic I assume there is no iframe interaction, having not used their embed?
When you pick a GIF image and put it in your post, you are putting an image that is fetched from media.tenor.com while your visitors see the post. This image request done by browser is enough to:
- Track which websites a person visits. Consider that Tenor is used by many websites around. When you navigate through them, you are logged by Google with those image requests. And of course Tenor is just one of those tracking service of Google like Google Fonts, Google Analytics, embedded Google Search, and of course Google Ads.
- Track when a person visit what from where (with the IP address)
- Track which email client you use and when do you check your emails (if you send it with a newsletter)
- Get information about your device type and model, with user-agent header.
There can be even more “smart” ideas to mine information from a single HTTP request. And this is the key of the success of ad networks.
1 Like
Totally get your concern—yes, if you’re embedding Tenor via Ghost, it’s wise to mention it in your privacy policy. I chose to self-host or avoid it altogether for peace of mind.
1 Like