Support » Plugin: Yoast SEO » Algolia

  • I was experimenting with a new GDPR compliance plugin, which includes an automatic cookie scanner. To my dismay, it identified a cookie-setting script I’ve never heard of, something called Algolia, calling algoliasearch-client-js.

    After a great deal of searching, I found that the only reference to it in my code is in the Yoast SEO plugin! It’s in plugins/wordpress-seo/js/dist/components-1210.min.js. What is this? What on earth is it doing? If it’s setting cookies (which the Complianz GDPR cookie scanner indicates it can — it returns some generic “this lets us use the Algolia search function” text — it is creating serious potential liability for me that I was TOTALLY unaware of.

    I know Yoast SEO has become full of bloatware, but this would be a new low. I am furious and I demand a prompt explanation of what this is, why it’s integrated into Yoast SEO, and how I can get rid of it.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support martijnvaneeghem

    (@martijnvaneeghem)

    Hi @ate-up-with-motor,

    While I understand your concern regarding GDPR compliance, rest assured that there is nothing to worry about here. Please allow me to explain.

    In our plugin, at the top of almost all Settings-pages, we have a Help Center. From there, you can directly search the knowledge base articles on our website. We use Algolia for this search functionality.

    Furthermore, using this functionality does not store any cookies on either your own device or the devices of the people visiting your website. The only thing that it does do in terms of storage, is using your local storage whenever you search our knowledge base from the plugin. However, there is still no issue in terms of privacy and working with GDPR, because (1) the data never leaves the browser (it’s deleted upon page refresh), and (2) it does not include personal data.

    Plugin Support devnihil

    (@devnihil)

    We are going ahead and marking this issue as resolved due to inactivity. If you require any further assistance please create a new issue.

    Ate Up With Motor

    (@ate-up-with-motor)

    All right, I suppose that makes sense. I’m still very concerned that the Complianz GDPR cookie scanner indicates that Algolia places cookies; that scanner sometimes misses cookies set by plugins the developers weren’t familiar with, but for it to identify cookies that aren’t there seems odd.

    Ate Up With Motor

    (@ate-up-with-motor)

    Also, if the Algolia script is calling data from the Yoast KB, doesn’t that involve a remote server call that exposes the administrative user’s IP? (This is an existing issue with the plugin; there are elements on the dashboard that are served by Yoast rather than locally.) An IP address is considered personal information under the GDPR and CCPA — I happen to think that’s technically misguided, but I didn’t write the law! — so this is a GDPR-relevant concern.

    i have the same problem. will deinstall this plugin until fixed.

    no idea why this is marked as resolved!? the problem still exists. and as A.U.W.M. said, even transmitting an IP-address is GDPR-relevant.

    I concur. I changed the post flag from resolved to unresolved; this is not the first time I’ve asked about the server call issues, and I think the Yoast team needs to address it.

    (To my original point, I have not seen any Algolia-related cookies, but my browsers have third-party cookies disabled, so if the search script tried to place a third-party cookie, it might not show up for me.)

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.