During a recent cookie audit of some of my sites to comply with the new EU legislation, I was pretty alarmed to see a number of cookies starting with “wpgb_visit_last” but also with the domain name in them.
Not only, but the cookie was storing the referrer as well, ie. the website that I had been before the one that I was auditing and had obviously clicked on to get there at some time.
It took some detective work, but in the end I found the culprit: a plug-in called “WP Greet Box”.
WP Greet Box is a plug-in that greets new visitors to your site and allows you to adapt the greeting depending on where the visitor came from. So someone coming from your RSS feed may be asked to sign up to a mailing list, while someone coming from a Google search may be asked to sign up for the RSS feed. Twitters users will be asked to follow you there, and Facebook users will be asked to “like” your page.
The fact that such a widely used plug-in was storing such information about my visitors was a bit of a shock, and I dare say that most site owners are not aware of this. My sites carry privacy information stating that we store as little personal information in cookies, and do not use them to track people – especially not between sites.
Now I may live in Germany where such things are more strictly controlled than in most countries, but I do think that if you are using the plug-in on your site you should be aware of what it is doing.
More importantly, while the plug-in continues to store that data, I would consider removing it. I have taken it off my sites and probably will not putting it back any time soon. Firstly there is a hefty fine in Germany for breaking privacy laws, but also because I feel that I owe it to my readers not to store that amount of information without letting them know.
In my opinion, the new EU directive on cookies goes too far, but this sort of discovery only goes to highlight why at least some form of legislation is necessary.