Support » Plugin: WooCommerce » tk_ai cookie and GDPR

  • Resolved gcdorian

    (@gcsystems)


    I try to keep my sites clean and GDPR compliant, and I noticed that WooCommerce sets a new cookie called “tk_ai” since some months ago. It’s not listed in the docs, and according to the limited info I found, this cookie was previously only related to Jetpack and mainly for user tracking.

    What does WooCommerce use this cookie for? Is it really needed or can we disable it?

    By the way, I don’t use Jetpack.

    Thanks in advance.

Viewing 14 replies - 1 through 14 (of 14 total)
  • Also looking for info on this one, thanks.

    Stef

    (@serafinnyc)

    This cookie is only tracking admins in how they use the backend so that WP can better the platform in the future. It is not related to Customers and customers are never served this cookie.

    Interesting, I visit my website in incognito mode and the tk_ai cookie is present.
    Made in the Moon Does it show for you?

    Stef

    (@serafinnyc)

    Private browser, Incognito doesn’t matter, what matters is that it won’t be served to customers only Admins. Try it. Create a Customer account and check with that account.

    I am having the same problem. No jetpack installed, only woocommerce (nothing else woocommerce related, no “woocommerceservices”, no “woocommerce payment gateays” etc). I have opted out of any metrics or analytics to be shared from woocommerce to anything auttomatic.

    I am trying to keep the least cookies possible. I have only firefox open and I open my website without any account login. I navigate to my website store and the TK_AI cookie is set immediately, no other cookie, just that.

    I tried from another computer where I have never logged in at my website or even opened it for that matter and same exact behaviour, the cookie was set.

    If the expected behavior is, as it was mentioned here, to set that cookie only to those visiting the website as admins, then there seems to be a problem here, or not?

    TK_AI seems to be a jetpack cookie (according to jetpack) for getting user info and if I understand it right sharing it with auttomatic products as Jetpack, a third party for my website and its users. Not having jetpack installed and not opting for sharing anything from my store with auttomatic, this TK_AI cookie doesn’t make any sense to me. TK_AI is setting a unique ID for me as a user when I browse my own site, whether logged in as a subscriber/customer/admin or not logged in at all. What and with whom my woocommerce/wordpress backend is sharing my user info remains a mystery to me.

    Any help to get rid of that cookie would be appreciated.
    Thanks in advance!

    Stef

    (@serafinnyc)

    Thank you for the answers and the links, Stef.

    If that cookie is only tracking admins in how they use the backend as you mentioned, I still don’t get why non logged-in users and customers are being served that cookie. I’m getting the same results as @cramond2print and @joedons.

    I’ve tested it in every possible way and clearing every single cookie before each test:
    – Without logging in / Logging in with a customer account
    – Incognito mode / Normal mode
    – Multiple computers

    Also, being logged in as a customer, tk_ai cookie gets served again if I selectively clear it in my browser, meaning that it is not only served to guests.

    This cookie is being set by WooCommerce, not by WordPress. If I disable WooCommerce, that cookie is never served. This didn’t happen before, and is probably happening after the git merge I linked in my first post (I can’t confirm it).

    So, my initial questions remain the same:
    What does WooCommerce use this cookie for? Is it really needed or can we disable it?

    If it’s safe to disable it, the bonus question is: how?

    Thank you in advance.

    • This reply was modified 1 month, 1 week ago by  gcdorian.
    • This reply was modified 1 month, 1 week ago by  gcdorian.
    • This reply was modified 1 month, 1 week ago by  Andrew Nevins.
    Stef

    (@serafinnyc)

    WooCommerce is WordPress now. Essentially. Automattic is the parent company of both items. If you want to disable cookies you can use a plugin.

    Read this

    And maybe grab this

    charlotteslawit

    (@charlotteslawit)

    I am getting the exact same results as @cramond2print and @joedons and @gcsystems. After disabling WooCommerce the tk_ai cookie is gone.

    It appears that this cookie is set as part of the WC_Track class in the Woocommerce code. On their website they tell you how you can deactivate tracking.

    I’m curious if any of the other posters have any luck with that, because I do not. It appears that this setting is not having any effect on the tk_ai cookie being set.

    I had a look at the code to see what that option does. It is stored as 'woocommerce_allow_tracking' (Line 320 in class-wc-settings-advanced). That option is checked by the is_tracking_enabled() method in /includes/tracks/class-wc-site-tracking.php.

    The cookie however is set by the code in /includes/tracks/class-wc-tracks-client.php on line 72 in the maybe_set_identity_cookie() method that does not care a single bit about all those settings, because it is hooked into wp_loaded on line 37 and does not check for any opt-in. As soon as a WC_Tracks_Client is initialized the cookie is set. So perhaps the actual sending of data is stopped (I did not check that), but the cookie with the unique identifier is still set.

    Thanks to WordPress hooks system we can also unhook this thing again to get rid of the WooCommerce identifier cookie. Add this to your functions.php:

    remove_action( 'wp_loaded', array( WC_Tracks_Client, 'maybe_set_identity_cookie' ) );

    WooCommerce should fix this though. The placement of this cookie should respect the tracking setting in the preferences.

    Plugin Support dougaitken

    (@dougaitken)

    Automattic Happiness Engineer

    Hi all @charlotteslawit @serafinnyc @gcsystems @joedons @cramond2print

    This one slipped through without getting an “official” answer.

    We’ve now updated the Cookies documentation page – https://docs.woocommerce.com/document/woocommerce-cookies/

    We’ve also made a change which will be released in 3.6.4Tracks: set cookie on admin_init insead of wp_loaded

    I want to call out this line specifically:

    WooCommerce is WordPress now. Essentially. Automattic is the parent company of both items. If you want to disable cookies you can use a plugin.

    WooCommerce is not WordPress – although most core developers on WooCommerce are Automatticians, that is not the case for WordPress.

    Automattic is not the parent company of the WordPress software. No one “owns” that. Automattic is the company behind the managed WordPress.com offering.

    Thanks!

    Stef

    (@serafinnyc)

    Ah, thanks @dougaitken for explaining the overall company layout. It appeared to me that when looking at WC it said by Automattic thus making me believe it was now “owned” by Automattic. It even says on Wikipedia now that it is developed by. Alas, I have been away from the world of WC and WP for some time now.

    I based my information on the cookies from the “official” documentation you posted but now that has changed. Thank you.

    charlotteslawit

    (@charlotteslawit)

    Thanks @dougaitken. I notice on GitHub that Paul Sealock comments:

    As is now, the function is only called on admin screens because the files are loaded via WC_Admin.

    What puzzles me is that when I load the homepage after clearing cookies tk_ai is set even though I am not signed in as admin, so I’m guessing there is some other piece of code that is calling maybe_set_identity_cookie()? After removing the action through functions.php (as described in my previous post) the cookie is no longer set, changing wp_loaded to admin_init does too, so that works fine.

    Plugin Support dougaitken

    (@dougaitken)

    Automattic Happiness Engineer

    Hey @charlotteslawit

    What I believe that comment means is that current that cookie is served to loading any page and when the PR is merged, it will only be served on Admin pages.

    Thanks,

    Hello,

    tk_ai cookie is served to all visitors at my webpage (Pattuka.com). I don’t use Jetpack and I switched down tracking.

    This is no fair.

Viewing 14 replies - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.