If you’ve logged in to Tumblr in the last few days, you will have seen the GDPR warning, telling you Tumblr is part of the Oath family of sites, and requiring you to opt-in to their privacy settings.

You may not have realised that, in contravention of the GDPR rules which ban default opt-ins, if you don’t go into the ‘more options’ button and opt out of each individual sharing partner, Tumblr will share your data with a whole huge list of other companies. Like, 300 of them.

@the-mad-duchess has a post here describing how you can disable them.

If you’ve already opted in to the Oath privacy stuff, you need to go to your Settings page:

Click the Privacy button on the right:

Then, click the little button next to ‘Cookie Consent’ to revoke it.

After confirming you want to revoke consent, you will immediately be taken to that big privacy opt-in page again. From that point we follow the steps @the-mad-duchess described - first click ‘Manage Options’:

Then, click the blue ‘Manage’ button, and expand the two lists. You’ll see five kinds of data sharing, and like 300 different companies:

The first five you can click manually more easily than using javascript. That might be enough to opt out of any data sharing - but I want to be sure. So, let’s make sure we disable every single enabled partner as well.

However, clicking on 300 little buttons to opt out of  is an absurd demand. There is, thankfully, a shortcut, using your browser’s developer tools.

What you want to do is open the web console. In Firefox, you do it like this: click the little menu in top right, then go down to where it says Web Developer:

Then, click the Web Console option:

This will open up the web console in the bottom of the screen. It will have a bunch of messages in it that you can ignore:

As shown, what we want to do is copy and paste some JavaScript code into this, then hit ‘enter’, which will make the browser simulate a mouseclick on every single one of these little buttons and thereby turn them all off. The code is this:

var rows = document.getElementsByClassName("vendor-options")[0].children;
for (var i = 0; i < rows.length; i++) {rows[i].lastChild.firstChild.click();}

If you’re not familiar with JavaScript, let me briefly explain what this is doing. The first line finds the part of the page with all the buttons in it - specifically, the rows in the table of vendors, which is identified by the “vendor-options”. The second line goes through each of them one by one, and for each row of the table, goes inside and finds the button, and simulates a click on it.

If it works correctly, you will abruptly scroll to the bottom of the page and all those little buttons will slide to the ‘greyed out’ position. Now you can go ahead and click Done, click the OK button, and carry on using Tumblr, trusting that if they keep their word, they won’t share your data with those 300 companies.

I’m gonna chat with the New XKit devs to see if this can be added (they may already be working on it). But I hope this saves you some time.

Note also - this is not actually compliant with the new GDPR laws. The rule is that you have to explicitly opt in to letting companies use your data, you can’t have a list of default opt-ins behind a button like this. At some point, somebody will hopefully sue Yahoo/Oath and establish that in court. In the meantime, let’s keep our data to ourselves.