Continuation of Part 1
Civitai and enforced third-party js code analyzed, at least for now.
Findings so far
On civitai.com / .green / .red:
Google Tag Manager / GA
Cloudflare Insights
Snigel (cdn.snigelweb.com)
GA + Insights load before consent.
Reference stored in CivitAI's own cookies under:
GA cookies (_ga, ga*, etc.)
Not blocked (on purpose):
Turnstile (challenges.cloudflare.com), image CDN, SignalR/API — site itself.
Allowing this, to dig:
advertising.civitai.com
Related domains
civitai.com (+ .green / .red), Main app (Next.js)
image-b2.civitai.com, Real images (B2 + Cloudflare, WebP)
advertising.civitai.com, Their own ad network — serve / view / engagement
cdn.snigelweb.com, Third-party ad engine
googletagmanager.com, GA4 (G-N6W8XF***** green, G-WETB***** blue/red)
cloudflareinsights.com, CF analytics beacon,
One of the first AD's I got, delivered by CivitAI's engine:
OneShotLora, look it up vs legality. It violates CivitAI's own policies, see Part 1.
I had an idea and made something
Prevents some privacy intrusive cookies and attributes to be set on CivitAI domains.
Blocks the third-parties.
Just a quick POC so far, Mozilla & Co support Global Privacy Control, they'll gladly accept it.