Introducing c15t with Chris Burns
Chris Burns demos c15t, an open-source consent management framework, its benchmarking tool, composable architecture, and developer-focused approach to cookie banners.
Episode Description
Christopher Burns demos C15t, an open-source consent management framework, showcasing its benchmarking tool, composable architecture, and developer-focused approach to cookie banners.
Episode Summary
Christopher Burns returns to discuss the evolution of his consent management startup, now split into two brands: C15t for the open-source framework and Consent.io for the hosted platform. He demonstrates a new benchmarking tool called Cookie Bench that measures the real performance impact of cookie banners on websites, comparing metrics like network overhead, Largest Contentful Paint, and screen real estate across different providers. Burns walks through a live setup of C15t on a fresh Next.js app, completing the entire installation in roughly two minutes using the CLI. The conversation explores the technical architecture in depth: each hosted C15t instance runs as its own Cloudflare Worker with an isolated SQLite database, while the control plane dashboard sits on Vercel backed by PlanetScale. Burns explains the composable design philosophy, where the front end, back end, and even the ORM layer are swappable, supported by an internal SDK toolkit called Double Tie that abstracts database adapters, API routing, and logging. The discussion broadens into why consent management extends far beyond cookie banners to encompass EULAs, terms of service, and data processing agreements across the digital ecosystem, touching on regulatory standards like IAB TCF 2.2 and emerging laws in Germany. Burns also previews an AI-powered privacy policy analyzer and reflects on framework choices, maintenance burden, and the challenge of educating developers about a domain most treat as an afterthought.
Chapters
00:00:00 - Catching Up and Travel Stories
Anthony welcomes Christopher Burns back to the stream, connecting from Athens, Greece. Christopher shares that he's been traveling through Malta, Sicily, and Greece after his rental became unsafe, improvising international travel without much preparation. The two swap stories about digital nomad life and personal decisions that changed their plans, with Anthony joking about how getting a girlfriend derailed his travel ambitions.
Christopher explains he's planning to move to London for its tech and startup community, drawing a parallel to cities like New York and San Francisco. The conversation takes a lighthearted detour through Saint Louis trivia and tornadoes before transitioning toward the main topic of the stream.
00:04:45 - Introducing C15t and the Andy Warhol Philosophy
Christopher teases new developments at his startup, invoking an Andy Warhol quote about finding excitement in ordinarily boring things, which he applies to the world of cookie banners and consent management. Anthony draws the parallel to Warhol's Campbell's soup cans, finding the artistic in the mundane. Christopher then explains the rebranding from their previous name to C15t for the open-source framework and Consent for the business platform, separating developer tooling from the commercial product.
The naming follows the same convention as Andreessen Horowitz's A16z abbreviation, using the first and last letters with the count of letters in between. They humorously debate whether the space between words should be counted, ultimately confirming neither A16z nor C15t includes the space. Christopher also touches on the domain strategy and why "consent management" was too hard for users to spell correctly.
00:09:36 - The Suitcase Analogy and Bundle Performance
Christopher introduces a travel analogy for understanding how marketing scripts bloat website performance: you pack your suitcase under the weight limit, but then someone stuffs extra items in without your knowledge. Similarly, developers build lean bundles that get weighed down when marketing teams add Google Tag Manager and other third-party scripts. He explains that most cookie banner providers use IIFE script tags rather than bundled modules, which creates network waterfalls and removes developer control over caching and compression.
This leads into the reveal of Cookie Bench, a benchmarking tool the team has been building over the past few days. Christopher explains that developers typically only check Lighthouse scores twice — once when they finish the site and once after marketing scripts tank performance — and this tool aims to surface that impact proactively with detailed metrics rather than just heuristic scores.
00:13:09 - Cookie Bench Demo and Performance Metrics
Christopher shares his screen to demo the Cookie Bench tool running on localhost, showing a baseline Next.js site that renders in 20 milliseconds. He compares the C15t Next.js package, which has zero network overhead because everything is bundled or handled by React server components, against the C15t React package, which makes one additional network request. The tool tracks all network requests and their cascading effects rather than relying solely on core web vitals heuristics.
Anthony asks clarifying questions about what information goes beyond what the browser's network tab already shows. Christopher explains the tool includes a scoring system measuring cookie banner impact, screen real estate percentage, and render timing. For instance, the React package shows the cookie banner in 128 milliseconds from a 26-millisecond initial page load. They also examine a competitor like OneTrust, revealing it loads roughly 711 kilobytes across 12 files using heavy third-party IIFE scripts, which the tool can filter and isolate to show the true network cost.
00:28:06 - Benchmarking Methodology and Framework Choices
Christopher discusses the technical decisions behind Cookie Bench, explaining that every benchmark runs on a standardized Next.js site using Turbo Pack with identical React and React DOM versions. He justifies the Next.js choice on two grounds: market dominance among deployed websites, and the need for a full-stack framework that can test middleware, cookie usage, and server-side rendering scenarios that a plain HTML file couldn't demonstrate.
The conversation shifts to C15t's core library design, which is built in pure TypeScript to be headless and framework-agnostic. Christopher walks through the available packages including a Node SDK for backend access, a Next.js package optimized for server-side rendering, and React components. He raises the interesting technical question of whether cookie banners can be server-side rendered when they depend on geolocation to determine which regulations apply, sparking a brief debate about how to detect location without client-side JavaScript.
00:33:40 - Cookie Banner Functionality and Common Misconceptions
Christopher outlines the gap between what developers think constitutes a proper cookie banner and what legal compliance actually requires. He points out that many open-source cookie banner libraries lack geolocation support, remote consent storage, and other features necessary to meet regulatory standards. Simply rendering a banner without storing consent remotely fails to meet minimum requirements, making it arguably worse than having no banner at all.
The discussion highlights how consent management extends beyond cookies into areas like EULAs, app permissions, and data processing agreements across the entire digital ecosystem. Christopher argues that while authentication gets extensive developer attention, consent — which governs what an application is legally permitted to do — is treated as an afterthought. He compares the developer experience gap to chat widgets, noting that cookie banners are one of the few remaining areas where the standard integration method is injecting a script tag.
00:36:38 - Live Installation Demo
Christopher runs a live demo installing C15t on a fresh Next.js application. Using the C15t CLI, he creates a new project, connects it to a Consent.io instance with a generated endpoint URL, and has the cookie banner rendering in the browser within a couple of minutes. The CLI automatically detects the project setup, installs the client package, and injects the necessary provider code into the application layout.
Anthony notes he's surprised Next.js doesn't include built-in cookie banner support given everything else the framework offers. Christopher explains that the legal liability is a key reason — framework providers don't want to take responsibility if a consent implementation fails to meet regulations. This is exactly what Consent.io takes on as a business, requiring users to accept terms and conditions that cover that legal responsibility.
00:48:16 - Dashboard, Composable Architecture, and Hosting
Christopher demos the Consent.io dashboard, showing organization support, instance management, and the open API that backs every C15t instance. He emphasizes that every part of the system is composable: you can self-host the database and API, use the C15t frontend with a completely different consent backend like OneTrust, or run in offline mode with no backend at all. The React components are similarly customizable through a cascading theming system that doesn't require Tailwind or any specific CSS framework.
He positions Consent as a legal platform built for developers, contrasting it with OneTrust which he describes as a legal platform built for lawyers. Anthony notes that everything Christopher has built looks polished, but suggests improving discoverability across the multiple domains and products. Christopher explains the intentional separation: keeping benchmarks on Cookie Bench rather than the Consent brand ensures developers trust the metrics as unbiased rather than marketing material.
00:59:04 - Consent Beyond Cookie Banners
Christopher broadens the conversation to explain that consent management encompasses far more than cookie banners. He cites examples from video game EULAs to airplane Wi-Fi terms of service, arguing that the entire digital ecosystem relies on consent mechanisms that developers rarely think about building properly. He pushes back on the common American perspective that cookie banners are unnecessary, posing the question of whether users would prefer all their data used or none at all.
The discussion covers regulatory complexity including Germany's new law requiring a reject-all button, UK news sites that block content behind cookie walls requiring paid subscriptions, and the IAB TCF 2.2 standard that governs how companies like Google and Facebook verify advertising consent. Christopher notes that C15t doesn't yet support IAB 2.2 but plans to, and uses the Cookie Bench roadmap to transparently show which compliance boxes the platform does and doesn't check.
01:07:28 - Infrastructure Deep Dive: Cloudflare, PlanetScale, and SQLite
Christopher breaks down the hosting architecture in detail. The control plane dashboard runs on Vercel with a PlanetScale MySQL database, while each customer's C15t instance is deployed as an isolated Cloudflare Worker with its own SQLite database. He explains the decision to use PlanetScale over Postgres providers like Neon came after experiencing performance issues, and that the self-hosted version supports Postgres, MySQL, or SQLite with adapters for Prisma, Drizzle, or Kysely.
The per-instance SQLite architecture was chosen to simplify version control: when breaking changes ship, each isolated instance can run its own API version without needing complex multi-tenant routing logic. Christopher describes how C15t instances are bundled for Cloudflare Workers inside the Next.js dashboard application, which then deploys them programmatically. He acknowledges the approach is unconventional but functional, and notes the team has considered Kubernetes but finds the current setup sufficient for their scale at four months and two people.
01:17:55 - Framework Opinions and Redwood SDK
Anthony asks about the new Redwood SDK, and Christopher reveals he's already tested it and built a demo. He praises its server-side rendering approach but notes the Cloudflare deployment workflow — running a manual command rather than git-based deploys — is less ideal. The conversation broadens into framework market dynamics, with Christopher arguing that Next.js dominance drives practical decisions for dev tool companies even if other frameworks might be technically superior.
Anthony shares his own framework journey through Astro, Solid, Fastify, and pure Node CLIs, noting the value of learning to build things from scratch before returning to integrated frameworks. Christopher emphasizes that for business purposes, following where the developer market actually is matters more than theoretical framework preferences, which is why C15t prioritizes Next.js and React packages first while keeping the core library framework-agnostic.
01:25:51 - CLI Tooling and Double Tie SDK
Christopher walks through the C15t CLI codebase, revealing it's built with Clack for the interactive interface and bundled with tsup via a custom build tool. He shows the context-based command system and highlights the custom logging library called Double Tie Logger, which standardizes how the CLI communicates success, failure, and debug information. The logging system is part of a larger internal SDK toolkit called Double Tie that abstracts database adapters, API routing, migrations, error handling, and type systems.
Anthony realizes this explains how C15t supports multiple ORMs and databases — the Double Tie abstraction layer handles the adapter logic internally. Christopher explains that Double Tie packages currently live inside the C15t backend monorepo and haven't been extracted yet because he wants to avoid releasing unsupported code. He reflects on the tension between building custom tooling versus using existing libraries, noting that AI has shifted the calculus by dramatically increasing development velocity, though the maintenance burden remains a serious concern for a two-person team.
01:39:37 - Education, AI Privacy Tools, and Wrap-Up
Anthony suggests Christopher should better surface all the educational content already built, particularly the regulations pages on Consent.io that break down jurisdiction-specific privacy laws. Christopher demos a prototype AI tool that analyzes privacy policies against global data protection standards, noting it found Consent.io's own policy to be well-structured and comprehensive. He plans to integrate this into the dashboard with clear disclaimers that it's not legal advice.
The stream wraps up with Christopher acknowledging that the biggest challenge isn't building the technology but educating developers about why consent management matters. He compares it to building both the car and the road, since most developers don't understand the domain well enough to know what they need. Anthony encourages him to pursue podcast appearances and offers to connect him with shows like JavaScript Jabber, while planning a future stream to integrate C15t into his Astro-based AutoShow project.
Transcript
00:00:03 - Anthony Campolo
And we are live. Welcome back, everyone, to AJC and the Web Devs. We have returning guest Christopher Burns, coming at us from Greece. Is Greece an island? I forget.
00:00:16 - Christopher Burns
Well, many islands, but Athens is on the mainland.
00:00:20 - Anthony Campolo
Okay.
00:00:21 - Christopher Burns
I'm pretty sure it is. Yeah, the capital.
00:00:24 - Anthony Campolo
Awesome. You've been traveling all over Europe, right?
00:00:28 - Christopher Burns
Yeah. I wouldn't say all over. I hit a period where my accommodation, the rental place I rent, wasn't safe to live in, so I had to find somewhere else. I was like, what do I do? And I decided I'd go to a different country. I went to Malta, then Sicily, and now I'm in Greece.
You could say there are pros and cons. I'm not sure. It's been quite delightful, but I do like having a base to come back to. Still, it has been very fun.
00:01:10 - Anthony Campolo
So you're not a big digital nomad, just wanted to try it out.
00:01:14 - Christopher Burns
I don't know. I feel like if I'd prepared better, I could have been, but I literally decided to go down to London and then said, you know what? I'm just going to take everything I've got in my suitcase and go. So I left from London with the random stuff I packed without preparing for international travel at all. I got to the airport and they were like, do you know you've got scissors, [unclear] stuff, all in your bag? I'm like, oh yeah, I forgot about that.
00:01:48 - Anthony Campolo
You can't fly with scissors in the UK.
00:01:50 - Christopher Burns
Well, it's an international thing. You can; they just have to be under a certain size. It's like knives. You could stab someone. If you check it in, it's fine. It's if you bring it into the overhead.
00:02:03 - Anthony Campolo
Yeah.
00:02:03 - Christopher Burns
The overhead. So it's been an enjoyable time. Learned a little bit of Italian. Haven't learned any Greek, but yeah.
00:02:15 - Anthony Campolo
Greek's a little harder.
00:02:17 - Christopher Burns
Bit squiggly for me.
00:02:19 - Anthony Campolo
So that's cool, man. I used to dream about doing that. That was kind of my plan for a while. When I was first learning to code, I was like, I'm going to get a job and I'm going to travel the world. And then I got a job. One month later, I got a girlfriend who turned into a wife, and all that went out the window.
00:02:35 - Christopher Burns
Yeah, I think it's one of these things where I'm at the point in my life where I'm very sure of what I'm doing with work and the startup I'm working on. But I'm also so lost with personal life: you can go anywhere, you can live anywhere, so where do you want to go? And it's like, you don't know. So you're trying to pick something better but not extreme and try it out. For me, that's London. I'll be moving to London, hopefully next month.
00:03:09 - Anthony Campolo
And you've never lived in London before? I'm sure you've been there plenty of times, right?
00:03:12 - Christopher Burns
Yeah, I've been there hundreds of times. But it's one of those things where there are quite a lot of tech communities around London, and it's okay living up the country. But at the end of the day, London is like its own country compared to the rest of the UK. Sure, it costs a lot more, but there's just so much more technology startup community there than anywhere else in the UK.
00:03:39 - Anthony Campolo
Yeah, totally. It's like, you know, New York or San Francisco in that respect.
00:03:43 - Christopher Burns
Yeah. And then Saint Louis in the middle, where there's some random things. Not much.
00:03:48 - Anthony Campolo
Just hurricanes, as you say. It was actually a tornado, not a hurricane. Okay.
00:03:55 - Christopher Burns
Look, the amount of random facts I hear sometimes from Saint Louis is like, I never heard of this place before. Then I met you, and there's just loads of random things that seem to have happened in that square kilometer.
00:04:10 - Anthony Campolo
What's funny is...
00:04:11 - Christopher Burns
The area around there.
00:04:12 - Anthony Campolo
This is the first time I've lived in Saint Louis for a little over three years. I think this is the first time I got contacted from my dad who was like, hey, I heard something happened in Saint Louis, the first time anything has been a big enough deal that made it to the news in California. What's that, Fuzzy? He said, oh snap, it's burned. Chris.
Fuzzy, I was supposed to pair with you this weekend. Sorry I didn't get to that. I ended up having a super busy weekend.
But let me guess. We have an awesome announcement coming up. I don't know if you have an announcement, but you definitely have new work to show, that's for sure.
00:04:45 - Christopher Burns
Yeah, well, there are some sneak peeks that I can give of some things that we're working on, and some technical discussions that we can have and talk about. It is pretty awesome. There's a quote by Andy Warhol that I heard. I'm going to paraphrase it terribly, but it's basically: find something that is very boring and make that the most exciting thing. And I think that's what we've really been doing with all the legalities and consent and cookies and cookie banners. It is definitely a very, very interesting area where we've got so much exciting stuff that we're building out.
00:05:36 - Anthony Campolo
No, I love that. I love that quote. He said something about boredom.
00:05:44 - Christopher Burns
I have it in one of my notes. Let's see if I can find it. I've got it: You need to let the little things that would ordinarily bore you suddenly thrill you.
00:06:01 - Anthony Campolo
Yes.
00:06:01 - Christopher Burns
There we go.
00:06:03 - Anthony Campolo
That makes a lot of sense. He would say that because he was doing things like taking a Campbell's soup can and making it a work of art. So he was trying to find the artistic in the mundane. And you're trying to find the technically interesting and elegant in the most, I argue, the most mundane thing in all of software: cookie banners.
00:06:24 - Christopher Burns
Oh, trust me, we've hit some really, really interesting findings and stuff that we're on a really interesting path with. So I guess we get into it and talk about what we've seen recently, where we're at in terms of our technology.
00:06:45 - Anthony Campolo
Actually, first, how did you pick the new name? I have a hunch.
00:06:49 - Christopher Burns
What, C15t?
00:06:51 - Anthony Campolo
Yeah. Most people will know, but some won't.
00:06:54 - Christopher Burns
Yeah. Previously we had a different name, but we decided that we wanted to split the name of the company and the hosting provider from the open source framework. What we realized is that, while we're very much targeting the sale of cookie banners, a lot of the customers using it are not necessarily developers, while a lot of the innovation is done for developers. So we went with C15t for the consent management framework and Consent for the platform. So what does C15t mean? It means consent management.
00:07:40 - Anthony Campolo
The first and last letter, and then the number of letters in between. Exactly. Andreessen Horowitz A16z.
00:07:47 - Christopher Burns
Exactly. But the question is, does it include the space or not in the numbers?
00:07:52 - Anthony Campolo
I would say no, but I don't know. Does Andreessen Horowitz include the space?
00:07:57 - Christopher Burns
I totally forgot. But we went with the same Andreessen Horowitz did. So if Andreessen Horowitz did, we did. If they didn't, we didn't.
00:08:06 - Anthony Campolo
What.
00:08:06 - Christopher Burns
That's what...
00:08:07 - Anthony Campolo
I would have done.
00:08:08 - Christopher Burns
I'm pretty sure it's with it because I was like, C14 rings more of a bell than C16.
00:08:19 - Anthony Campolo
I'm gonna have to count real quick. Let's see: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17. Okay, Andreessen Horowitz does not count the space.
00:08:29 - Christopher Burns
Okay, so I think consent management doesn't count.
00:08:32 - Anthony Campolo
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16. Yeah. So yours does not count the space either.
00:08:40 - Christopher Burns
There you go. We went with the same as Andreessen Horowitz. Call that a sign, I don't know. Well.
00:08:46 - Anthony Campolo
It's good because if you did use the space, then you'd both be 16. It would be C16t and A16z, and that would be a little confusing.
00:08:54 - Christopher Burns
Yeah. Especially where we have a dependency called C12. So C15t has a dependency called C12 as well.
00:09:03 - Anthony Campolo
C15.com is also a really good domain.
00:09:08 - Christopher Burns
Yeah. It was actually one of the original names for the company, but we thought it was too technological, with the numbers in as well. So we actually pivoted out. The first domain we tried to buy when we started moving away from Koroflow was consent management, but ask someone to type consent management into their browser and they would 90% get it wrong.
00:09:34 - Anthony Campolo
It's a tough word.
00:09:36 - Christopher Burns
So yeah. We went with C15, and so much innovation has happened since we last spoke. That sounds like me being a businessman: so much innovation. But genuinely, we've really been thinking a lot about bundling, core web vitals, core web speeds. How much do cookie banners actually affect performance? And there's a really nice analogy and story that I like to use when we think about consent banners. It's around travel.
How many times have you packed your suitcase? You know the airport limit is 20kg. Sorry, I don't know what it is in American, but in Europe, or the world, it's 20kg normally, and your suitcase is under 20kg. So you pack it up, you zip it up, and then you get to the airport and you put it on the scales, and then the airport goes, actually, it's 30kg, and you go, what do you mean?
[00:10:45] It should be under 20. And then you open up your suitcase and you realize that your mom or your family have added loads and loads of things to that suitcase.
00:10:55 - Anthony Campolo
Because your child is hiding inside.
00:10:57 - Christopher Burns
Yeah. And that analogy is how we look at bundling and what we think cookie banners and marketing scripts are doing to it. You build out your website and you look at that core bundle and you go, it's really lean. We know everything that's in it. And then the marketing department comes along and says, hey, we need Google Tag Manager, and they add 3 to 5 things, 3 to 5 JavaScript scripts, that start tanking web performance, making core web vitals, page speed, everything way, way worse. But yeah.
00:11:42 - Anthony Campolo
Yeah, Fuzzy is saying you have no idea what it's like having an Indian mother. Half the suitcase is just other folks' shite.
00:11:50 - Christopher Burns
Yes, yes. But that is the analogy that I came up with recently to start describing bundling, because bundling is one of these things that a lot of people tend to glance over. A lot of developers glance over it, and they only really start thinking about bundling when their website is performing badly, or it takes a long time to load, or images are the wrong size.
Normally when they check Google Lighthouse scores, we see people normally do it in two places. They finish the website, they run Google Lighthouse, and it's like performance is great. Then they hand it over. Then the marketing scripts get added, and that's when it all goes wrong.
We've actually been building out a tool to work out the bundling, work out the bundling strategies, and the good things and the bad things. I'll be happy to give you a quick demo of it.
00:12:55 - Anthony Campolo
Yeah. I just have a couple high level questions before we get into the code. So what makes this different from just a traditional bundle analysis tool that we already have?
00:13:05 - Christopher Burns
Why don't we just show you?
[00:13:07] - Anthony Campolo
Okay, fine. Go for it.
00:13:09 - Christopher Burns
Why don't we just show you? Let me pull this up and let's start.
00:13:30 - Anthony Campolo
You have balls of steel.
00:13:32 - Christopher Burns
Wow, why don't I just.
00:13:35 - Anthony Campolo
Just because you're willing to demo, go straight into it. Not, not. Yeah.
00:13:39 - Christopher Burns
So look, there are some slightly risky things on here. It is not finished, and we're demoing localhost. But this is actually a really good tool that we've built out to express why C15 is different and the differences involved with it.
00:13:59 - Anthony Campolo
So you bump your font up just one time.
00:14:03 - Christopher Burns
There we go. So when we talk about this, it's sick. Yeah. Thank you, thank you.
This is one of the things that we've built out. I love these things, but what we're looking at right now is just a basic Next.js website that's got nothing on except a header that says Benchmark. And what we can see is that it renders in 20 milliseconds. The Largest Contentful Paint is 20 milliseconds, and obviously there's no cookie banners or anything.
And why is bundling so important? Because we're speaking about a resource type that is normally not necessarily bundled into the website. Bundling is done in multiple ways, and JavaScript execution as a whole, we're quite used to bundling things with things like Webpack or Turbopack or esbuild. But the other method of JavaScript execution is something called an IIFE script tag. Have you ever used one of these before? You probably have.
00:15:19 - Anthony Campolo
Immediately Invoked Function Expression.
00:15:22 - Christopher Burns
Exactly.
00:15:22 - Anthony Campolo
Yeah. It's when you just.
00:15:23 - Christopher Burns
Wrap.
00:15:24 - Anthony Campolo
It and then you have the parentheses afterwards.
00:15:27 - Christopher Burns
Exactly. And a lot of cookie banners out there use that system for executing their JavaScript bundles. So is there anything wrong with that? Not necessarily.
00:15:43 - Anthony Campolo
Cool. It's kind of very old style JavaScript.
00:15:47 - Christopher Burns
And it has a network waterfall. It means it pulls in multiple resources that could be bundled into the direct bundle. It also means that you don't actually control that bundle. You can't control the caching of that bundle. It's not necessarily open source, so it's not something that you can even include into your bundle.
00:16:11 - Anthony Campolo
There are a million things wrong with it, which you just listed a bunch. Yeah.
00:16:15 - Christopher Burns
So we wanted to start building out a tool that first we could compare C15 with, but also compare other solutions out there as well. I'm just going to show this page. It shouldn't really have two things on these tables; they should be merged. But don't worry, and these numbers are wrong. So let's just go to the home page where we view this.
The reason we built out this tool originally was to compare the c15t Next.js package with the c15t React package and their differences. You might be saying, why? What are the differences? Well, because we're now using things like bundled technologies. We can use things like server-side rendering, middleware, and optimistic requests. And depending on the tool, say the c15t React package does most things client-side rendered.
For example, we can see here that the Next.js package has zero network requests. Network overhead? Zero, because everything that it needs is bundled in, or a React server component decides whether it needs to show the cookie banner or not.
[00:17:48] But then comparing that to the React package, we can see that it does actually have a network overhead of one file. And we can see here it's "show consent banner."
As we've seen, it's not 100% correct. Some of the numbers need tweaking, but we can see that this benchmarking tool is not heuristically just looking at that core web speed and how fast it loads. It's tracking all the network requests, seeing how different resources pull other resources to really work out the network effect of these cookie banners.
So this was the real first reason we built out this tool, to really say, hey, we hear a lot about this should be server-side rendered or this should be client-side rendered, or are we doing that or what about this? And our first thought was, well, how are we actually going to know it makes a difference? How are we going to know it makes a difference from converting our provider from being what's in the React package, where it sends off a network request to understand if it needs to show the banner, to a React server component that has that network request built into it.
[00:19:14] And this was the method where we can see that in the React package.
00:19:19 - Anthony Campolo
If we stay on the bottom real quick, I just want to ask a couple questions here. Yeah. Yes, all the way at the bottom.
So right here, what we're looking at is the same information you would get from looking at your network tab, just kind of in a nicer format, correct? Yeah. Great.
00:19:35 - Christopher Burns
So.
00:19:36 - Anthony Campolo
So what we see here is, you know, you've got your different scripts, most of which are loading in like 20 to 30 milliseconds. Then you've got your show consent banner, which is taking about 400 milliseconds, about half a second. So that would kind of tip you off to saying, hey, here's this thing that's taking longer than everything else.
00:19:54 - Christopher Burns
Correct? Yeah.
00:19:55 - Anthony Campolo
Great. So is there information that you're surfacing that is not in the network tab?
00:20:01 - Christopher Burns
Yes. So we're actually putting together a scoring system where we're trying to look at things higher level holistically as well, where we've got some performance statistics.
So for example, these statistics here, the cookie banner impact, are actually the critical ones. For example, the React package shows the cookie banner in 128 milliseconds. Obviously this is on a plain network, plain React app with no other content, and it renders that cookie banner within 128 milliseconds. That's really, really fast considering from initial page load at 26 milliseconds to then showing the cookie banner at 128 milliseconds.
00:20:57 - Anthony Campolo
Yeah. And I really like how you combine it with the core web vitals. So you can kind of see them next to each other.
00:21:04 - Christopher Burns
Exactly. And the other thing as well is that cookie banner is taking up 12.5% of the screen real estate, meaning it's probably not blocking, like one that literally sits in front of everything. That's probably going to be like 80%.
You can also see that the network impact is zero. Technically it's not, because obviously there is a network request. I think this is more the benchmark is currently looking at the core bundle, as in when you need to fire off the event. No resources are loaded. This is still a work in progress. This is super early. We've been working on it for about four days. Five days?
00:21:47 - Anthony Campolo
No. It's legit. I mean, there's like a lot of information on screen. It was a little overwhelming when you first pulled it up, but now you've explained it. It seems pretty.
00:21:55 - Christopher Burns
Yeah. And actually we pass in things like the GitHub. So you can load up the GitHub, you can open up the npm.
And the reason for this was trying to take away the mythology of actually how much does it impact, how much can this help make developers have a more informed choice on how these critical pieces of our applications that are normally looked at like an afterthought are actually affecting performance. So I think we can quickly look at a different provider.
00:22:32 - Anthony Campolo
I was actually just curious before we do that, can you go back real quick? Yeah, I'm just kind of curious because I'm always curious how websites can figure this out just by looking at the code. How does it know you're using pnpm?
00:22:45 - Christopher Burns
So that's manual configuration.
00:22:48 - Anthony Campolo
Okay.
00:22:49 - Christopher Burns
All the tech, the sidebar, is a manual configuration file where we set it, saying, oh, this package uses pnpm. It has an ESM bundle, it has a bundle.
00:23:02 - Anthony Campolo
So the user kind of enters that information.
00:23:04 - Christopher Burns
Yeah.
00:23:06 - Anthony Campolo
Okay, cool.
00:23:06 - Christopher Burns
It's not necessarily, I don't think we're necessarily going to have the ability for you to search your own website and get like a report right away. It's mainly, you put the test suite into the repository. You run the CLI that's running that test suite that then gives out a JSON structure. And then that JSON structure, when uploaded to the website, tells you the statistics.
We could add the ability for you to benchmark your own websites in that, but maybe in like a second or third version. This is just V1.
And what's actually really interesting as well is you can do things like disable first party. So you can see that the Next.js has zero third party resources that get loaded to show up the cookie banner. But if you were to compare that with the React one, you can see that actually there is a third party resource.
[00:24:25] So it's really, really interesting. This tool is hopefully going to be released in a few days, really trying to demystify performance for developers because day after day I see people saying, my performance is bad. We're using all of these scripts; they're loading, and they're not cached very well. They're not compressed well. They're not bundled in a certain format.
And we can look at a competitor, and this is more open source. We want to not only look at competitors that provide full services like I O or OneTrust cookie bar cookie kit. You know, there's hundreds.
00:25:22 - Anthony Campolo
I don't know any of those. Yeah. They go into them.
00:25:27 - Christopher Burns
Yeah. But also smaller libraries like the cookie banners that don't necessarily have a backend or.
00:25:36 - Anthony Campolo
Oh, yeah, I see now it says unknown for package manager. Yeah.
00:25:41 - Christopher Burns
And also, like, it's not open source, it's proprietary, but the performance is okay. But then you see the bundle, it uses quite a lot of heavy third party. And as you can see, if you wanted to filter, and this is where it's really interesting, if you turn off the bundled resources, you're turning off basically everything that Next.js would bundle.
So we know that OneTrust, every time it loads a website, is pretty much loading 711 kB and 12 files. If that's okay for you, that's okay. But really what we're trying to do is just highlight it, saying, hey, a lot of these providers are using IIFE scripts. You then start wondering about performance and network impact and the critical figures of how long it actually takes for a cookie banner to show, and really just try to inform people about an area of performance that I don't think anyone has ever seen before.
So this is, you know, back to what Fuzzy said about, like, any announcements. This is one of them: Cookie Bench.
00:27:08 - Anthony Campolo
Is this going to be a hosted thing? Like, people can go to cookie.com or whatever.
00:27:14 - Christopher Burns
Yeah, yeah, yeah. So it will all be on cookie.com, where you'll be able to see all the benchmarks that we have run. Okay. You already have.
00:27:25 - Anthony Campolo
That domain is redirecting to consent. Yes.
00:27:28 - Christopher Burns
Yes, yes, yes, it will be open source.
00:27:33 - Anthony Campolo
Can you see the comments on the bottom right on the screen?
00:27:36 - Christopher Burns
No, I'm not looking at the comments right now. I need to.
00:27:40 - Anthony Campolo
So what I'm saying right now, there's a new StreamYard feature. I just turned it on where it shows comments on the stage. So on your screen share, it's on the bottom right. I don't know if you can see that.
00:27:50 - Christopher Burns
No, I can't see it on the screen share, but I can see it when I swap back. So for all that, I will actually show some code for this because.
00:28:02 - Anthony Campolo
The comments are too small to read. So I'm just going to turn them off and go back to doing this.
00:28:06 - Christopher Burns
I think it's quite fun to talk about this, but there are some things that we've chosen with the bundling that are not always necessarily, you could say, the right choice, but they are a fair choice.
For example, when we look at the benchmarks, like we said, every single benchmark runs on a Next.js website. It runs Next.js with Turbopack, so it builds with Turbopack and runs Turbopack dev. It has the same Next, React, and React DOM versions. The first thing you could probably ask is why Next.js.
00:28:51 - Anthony Campolo
I know, I know why Next.js. Because. Why? Because you're Chris.
00:28:56 - Christopher Burns
Well, no, actually there are two points to it that I think are really interesting. One is market value. You know, Next.js has a dominance in that market of developers. A lot of websites that are deployed in this current era are Next.js websites. So it's putting the benchmark.
00:29:18 - Anthony Campolo
Fuzzy's dismay, I'm sure.
00:29:21 - Christopher Burns
To use. Yeah. But the second thing is we wanted to have a full stack framework that we could also easily test things like middleware, things like cookie usage, because we have some really big ideas on how we can push the performance of our Next.js package or any of these full stack kind of frameworks, logic forward.
But if we used just a pure HTML file, we couldn't really show that, if that makes sense. So we went with what we knew, obviously Next.js. That does make the initial bundles bigger, like comparing it to the baseline, but it was that simple way that we can easily debug.
For example, we can see that when we look at the page for the Next.js one, it's exactly the same, but this one pulls the consent manager provider from the Next.js package, when this one pulls it from the React package.
00:30:39 - Anthony Campolo
So aside from React and Next package, you have other ones so far or just those.
00:30:43 - Christopher Burns
So the core library, and we've not really spoken about this yet, but the core library of C15t is built in a way that is completely headless and composable to any framework.
So when we look at C15t packages, we have quite a few packages being built in right now. And let's just swap this to Canary.
00:31:12 - Anthony Campolo
We got a node SDK. Is that like, if you want to use it from the back end?
00:31:15 - Christopher Burns
Yep. So that's calling your C15 server from the back end. So say if you want to pull your consent into your dashboard like we do with our dashboard, we use the node SDK.
We have a Next.js package. This is currently work in progress because we're really trying to work out the best performance that optimizes for server-side rendering. You know, a good question is should a cookie banner be server-side rendered? Could it be server-side rendered?
00:31:50 - Anthony Campolo
I'm sure it could. Why couldn't it? Because if it can't, then what's the point of React server components if I can't even render a cookie banner because.
00:31:59 - Christopher Burns
It needs to be conditioned. You know, if you're in the US, you shouldn't see the cookie banner. If you're in the UK, you should.
And server-side rendering makes it basically static without JavaScript. So how are you going to work out location without that initial fetch call? It's a really interesting.
00:32:25 - Anthony Campolo
Different endpoint that's triggered by something in the front end.
00:32:28 - Christopher Burns
But how do you know the location? This is a really interesting area.
00:32:32 - Anthony Campolo
The front end. Just because you could detect it on the front end and still render it on the server. Just additional logic.
00:32:39 - Christopher Burns
Wow. It's an interesting question. We could talk about it more. But back to the whole point that we just spoke about was the core library is pure TypeScript. So you could take C15t and build it into a Svelte website or a Solid website with a custom cookie banner.
Or you can use our React components, our Next.js components. Obviously, if someone came along and said, hey, I've built out Svelte components that look exactly the same as the components, we would love to have them built into the actual package, and we would release a Svelte package or whatever, but it's just one of these things of maintainability and also things like Mitosis. And we've spoken about this a hell of a lot. It's really, really hard overall. But we have some.
00:33:40 - Anthony Campolo
I've given up on all frameworks except React and Solid at this point.
00:33:46 - Christopher Burns
Yeah. And we have some really cool things that we've been working on as well.
For example, let me just close my tab because we can just speak it over. But when people think of a cookie banner, and this is also part of the cookie bench that we're building out, is what functionality is core and what is additional. For example, deciding if you should show a cookie banner or not. So geolocation support, how many providers out there actually have that? How many providers have that built in or additional extra? How many open source libraries that say, hey, here's a cookie banner, support that?
And this is one of my favorite areas right now. When I go onto Reddit or communities and people talk about cookie banners, they're like, oh yeah, just do this. And you're like, that's wrong. You're not hitting the standards that you need to hit or because there's so much.
00:34:58 - Anthony Campolo
You're telling me that people on tech websites are talking out of their ass about technical decisions?
[00:35:04] - Christopher Burns
Well, I don't think it's necessarily talking out their ass. I think it's about truly understanding the needs.
00:35:10 - Anthony Campolo
So it's just legitimate ignorance. Yeah.
00:35:13 - Christopher Burns
And also, for example, if I just put a cookie banner on the website, that's it. Done, right? Well, is it storing the consent in a remote location? No. Then no. You're better off just not having a cookie banner because you're not hitting that standard. So this is that whole part of that cookie bench as well, is saying the heuristic side of it is the education around consent to say, hey, you don't know. So here's what you need to know to actually have a solution that is well built, built for developers.
Legalities change, but that doesn't mean the actual underlying code has to. And the other thing is performance. Name another area of programming or companies that say, hey, to load this, you need to run a script into your React app. Chat apps are pretty much the only one out there. That's probably the closest one that they have. And we've not even spoken about Google Tag Manager and that.
[00:36:26] So we've been doing an incredible amount, but I think we should give it a whizz and have a demo of setting it up. What do you think?
00:36:38 - Anthony Campolo
Sure.
00:36:39 - Christopher Burns
Yeah. So let's do it. Let me just create a demo. I'll just share my screen. So here we go. This is exciting. I think this is exciting.
00:37:01 - Anthony Campolo
I know what the stream is all about.
00:37:05 - Christopher Burns
So.
00:37:06 - Anthony Campolo
Bump your font up a bit.
00:37:09 - Christopher Burns
So, we're not going to stay here, but all we're going to do is run npx create-next-app. Even though we're in the wrong repository, it's fine for this demo. So yes. No, no. Yes, yes, yes. No. Done. Why is that so challenging? That is a good question, dude.
00:37:38 - Anthony Campolo
This is why.
00:37:38 - Christopher Burns
I do.
00:37:39 - Anthony Campolo
Like, anytime I do an init create kind of thing, I always just figure out all the flags I need and I create one big command. By the way, we're getting some weird kind of background sound. It's not necessarily just the typing sound; it sounds like you're typing on your microphone. There's this kind of sound.
00:37:57 - Christopher Burns
Yeah, it might be my MacBook. I'll try and type softly. So, okay, let's just pop up a new Cursor tab, and then let's just swap the screens to that one.
00:38:16 - Anthony Campolo
So you use Cursor now.
00:38:20 - Christopher Burns
I've been using it for a little while. I don't really think about them too much because they can take up a lot of people's minds on, oh, I use this one, or I use that one. To me, I'm a man on a mission. I've got a lot of things to do and not a lot of time.
00:38:39 - Anthony Campolo
I agree. Bump your font up again. I haven't even switched to an AI editor yet. I'm just raw dogging ChatGPT right now.
00:38:50 - Christopher Burns
Hey, there's nothing wrong with that. Nothing wrong with that. We've all seen Next.js websites before, so this is just one of those things. So let me actually share my window, my whole window, so I can make it easier. Present. Stop screen share. Screen. Okay, so here we are. Okay.
00:39:19 - Anthony Campolo
So screens. Yeah.
00:39:21 - Christopher Burns
Yeah. So I'm terrible with this, but when we load up this, it's just a standard Next.js website. Cool. So how fast can we get C15 on there? So adding a cookie banner to your website. So let's do it. We literally do npx c15t@canary. We just hit enter. And then what that does is say, hey, are you okay installing this canary? We say, yeah, of course. So let's just give it a minute. We're on Greek internet here. Let's give it one more minute. Let me just take a drink. Well, what is happening? It shouldn't take this long.
00:40:19 - Anthony Campolo
No, it's just anytime you're streaming, usually things can take longer. Sometimes it gets caught up.
00:40:26 - Anthony Campolo
There. I also find that for whatever reason, sometimes when I install dependencies in my editor, it takes longer than if I do it in my warp terminal. I don't really know what that's about, but I've noticed.
00:40:37 - Christopher Burns
So here's the c15t CLI. Basically now we're ready to start the onboarding. For this example, we're going to host it on Consent. So we're going to say yes. Do we need to create a Consent account? No. And then it says give me your C15 endpoint. So let's, yeah.
00:41:05 - Anthony Campolo
I logged in real quick before we started the stream, and I got an endpoint.
00:41:10 - Christopher Burns
Oh, so you got an endpoint already. Great.
00:41:12 - Anthony Campolo
I do, yeah.
00:41:13 - Christopher Burns
So if you send over the endpoint, and then there's nothing here on screen.
00:41:21 - Anthony Campolo
You want me to send it to you?
00:41:22 - Christopher Burns
Yeah. It's not private. It's public information.
00:41:27 - Anthony Campolo
One second to log back in.
00:41:33 - Christopher Burns
But I can just log in as well.
00:41:39 - Anthony Campolo
Yeah, I don't know. How do I find it in your dashboard now?
00:41:46 - Christopher Burns
I show all my email addresses to the world. So for this purpose, we'll create a new instance of it: AJC web, AJC demo. And we'll say we'll host it in Europe because that's where I'm closest to it. Why Ireland? Because that's where we can host the back end solution. So the database is hosted in Ireland, but it uses Cloudflare Workers. So for the database. No, for the API. We can talk about that more in a minute.
00:42:29 - Anthony Campolo
Yeah.
00:42:30 - Christopher Burns
But we can see that we now have an instance URL. So we take that instance URL. And then we can post it in here. And then — yes. It detected we're using Yarn. We're not using Yarn, but okay, no Yarn.
We were trying to figure out the provider. It can be pretty mental. But what we have seen is that it's added the code that you need automatically into the layout. And it would have auto-installed the client. So let's just install Next.js at Canary, and then it should be as simple as that. When we load up the web page.
00:43:49 - Anthony Campolo
Is that a Cursor thing where it has your packageManager field nested under your package.json?
00:43:55 - Christopher Burns
Oh, that's a VS Code thing. It's just settings where you can hide things.
00:44:03 - Anthony Campolo
I don't know how to do that. That's cool.
00:44:05 - Christopher Burns
So we can see here, now when we open it, we have a cookie banner and it's done. Literally, as soon as I click accept and reload this page, we shall see that we have one active consent record. It's that simple.
So this normally super, super complicated task, we think you could speedrun it in like two minutes if you knew what you were doing.
00:44:41 - Anthony Campolo
That was only a couple of minutes.
00:44:46 - Christopher Burns
Yeah. You know.
00:44:48 - Anthony Campolo
I'm actually, I was googling around before this. I'm actually surprised that there is no built-in Next.js cookie banner. Anything like that. I was kind of surprised to see that. It seems like they have all this other stuff built in, but they don't have a cookie banner. That's kind of surprising to me.
00:45:04 - Christopher Burns
Mhm. Yeah. Yeah. Yeah.
00:45:06 - Anthony Campolo
And it's also about that.
00:45:10 - Christopher Burns
I've had some really interesting question-and-answer discussions with Vercel. But one of the biggest questions, and I think one of the hardest things about it when it comes down to the legalities, is you can provide your own custom cookie banner or cookie component, but is it legal? And do Vercel or any of these other parties want to take on that legal responsibility if it fails?
00:45:38 - Anthony Campolo
Oh, so you're taking on the legal responsibility?
00:45:42 - Christopher Burns
Exactly. Because I had to accept.
00:45:46 - Anthony Campolo
Two different things to sign up to.
00:45:49 - Christopher Burns
Terms, conditions, and privacy policies. Yeah. It's a great component. And that is a secret second product that we don't have time to really discuss or talk about yet, but it is a very, very exciting area.
00:46:06 - Anthony Campolo
I don't know, man. You booked us for three hours. I think we got time.
00:46:10 - Christopher Burns
We booked this for three hours. I feel like I've done all the demoing. I'm like, here we go. We're done. Forty-five minutes in.
00:46:16 - Anthony Campolo
We spend the next two hours talking about Redwood SDK if you want.
00:46:20 - Christopher Burns
We are like, I don't want to sound optimistic or anything, but it's like I've demoed how to install it without even looking at the docs. We have tons of docs. Yeah, because you're the founder.
00:46:34 - Anthony Campolo
Of course you can install without the docs. You built the thing. That's not that surprising.
00:46:41 - Christopher Burns
You could do that with the CLI. It was pretty straightforward.
00:46:45 - Anthony Campolo
It was. It was pretty slick. I will admit, I'm just saying, you know, it's always easy to do something when you're the one who built it.
00:46:51 - Christopher Burns
And also, you know where to click and what to look at. This is one of these really interesting things where we try to focus on what is important and nail it down time after time, harder and deeper and deeper.
For example, so many of the competitors out there have amazing products, but they don't focus on the developer experience. They don't focus on even explaining how to install it into React. Well, the amount of them that even have a Next.js package or a React package is really low. And then the amount that are just stubs pulling all their other libraries are still massive.
So much about what Consent is doing as a company is about education. It's about saying, hey, we believe this is a massive area of development that goes unspoken about. So many people speak about authentication for days upon days upon days. But consent is just as important. It's the legalities to your application. No matter where you are in the world, it's the hey, you can, you have the right to do this because you put in your terms and conditions, or you definitely can't do that because you didn't put in your terms and conditions.
[00:48:11] It's this area that we all just really skirt over. [00:48:16] - Anthony Campolo You should demo your dashboard because you didn't actually go into that.
00:48:21 - Christopher Burns
Yeah, let's do that.
00:48:23 - Anthony Campolo
So I logged in, checked it out, and saw you already had a whole working thing, and you could sync up your GitHub and all that. That was pretty cool.
00:48:31 - Christopher Burns
Yeah. So what's really important about the dashboard.
00:48:37 - Anthony Campolo
Like one or two times.
00:48:38 - Christopher Burns
Yeah. Also, should I just?
00:48:42 - Anthony Campolo
Yeah.
00:48:43 - Christopher Burns
Should I also make it dark mode, just to not flash bang people?
00:48:45 - Anthony Campolo
Obviously.
00:48:46 - Christopher Burns
Really, not flash bang people. So looking at this, there's not much there right now. That's all we know. But we wanted to focus on the important things first. For example, organization support and instances. We're going to get into that because this is the question you asked about the database and how it actually works.
00:49:15 - Anthony Campolo
And we want to know more about how you're hosting this and all that. I always find it interesting. Yeah, yeah.
00:49:19 - Christopher Burns
So, yeah, right now there's not much in there, but there's a version number. Each C15t instance has an open API that you can call. Going back to the founding principles of Consent, we believe the technology is so diverse. You could have a consent dashboard and use the C15t backend but completely manually create the front end if you wanted to. There's nothing stopping you from calling show consent and seeing, "Hey, I need to show GDPR because I'm in Greece," without any front-end code. Every single part of Consent is composable.
So what do we mean by everything being composable? I think it's best to look at our documentation. This is a work in progress because there's so much to discuss, cover, and explain. But we built c15t in a way that is fully composable from the front end to the back end.
[00:50:51] So if you wanted to host the database and the API layer yourself, you can do that. Or if you just wanted to use C15t in the front end and give that consent to a totally different consent management platform, you can do that as well. We built it to be completely composable, depending on the framework choice for your needs. But one of the biggest things was saying, when we look at the quick start.
00:51:27 - Anthony Campolo
Just hopping off screen for a quick second, but I'll still be listening. Keep going.
00:51:31 - Christopher Burns
So the quick start with Next.js is saying, "Hey, what are you actually going to need it for? And what are you going to be installing?" For example, do you actually need the backend package or do you not? We have worked on this to the point where we think it's important that the C15t front-end framework works in three modes.
It has the default hosted method. That's where you're going to host a C15t instance yourself, so the database plus the API, or you're going to get started faster and easier with our cloud instances. You have the second mode, that's offline mode. That's where you say, "I don't need a back end, or I'm going to provide this content to a different provider, so I don't need you to send off fetch requests to C15t because there is no C15t back end." And then the third one is a custom client. This is saying, "Hey, we already use OneTrust, and we're locked into a contract with OneTrust for five years or whatever."
[00:52:57] But we know it's slowing down our Next.js application. So that's where they would use the custom client to say, "Hey, we want all the performance benefits of using C15t, but we want to store the consent with OneTrust." So we've built it out to be really flexible.
00:53:21 - Anthony Campolo
You get the fire emojis for that last part. Art.
00:53:24 - Christopher Burns
Yeah.
00:53:25 - Anthony Campolo
And what is OneTrust? Can you explain that real quick? I have no idea what OneTrust is.
00:53:30 - Christopher Burns
I'm assuming OneTrust is the biggest consent management solution out there that focuses on multiple areas. Not only do they focus on consent management, they focus on AI now and the legalities of AI. The way I like to discuss it is: OneTrust is a legal platform built for lawyers, compared to consent, which is a legal platform built for developers. I like that.
00:54:02 - Anthony Campolo
That's a good little pithy statement because everyone hates lawyers. So anytime you can frame your thing as being against lawyers.
00:54:11 - Christopher Burns
It's built directly for lawyers. Every time I've spoken to somebody who uses Onetrust, they're like, "Yeah, the lawyer said..." We said, "Hey, the performance is terrible. It's going to suck in all these methods." And they go, "No, no. Yeah, yeah, we know, but the lawyers have said we want to use Onetrust."
00:54:27 - Anthony Campolo
Because it's like saying the vampire said, "We need to use this blood bank."
00:54:33 - Christopher Burns
Yeah. It's because there's not enough education in how bad it's going to affect performance and page speeds. Sure, the lawyers want this solution, but what about our customers? How much does it actually affect them?
00:54:53 - Anthony Campolo
What about the customers? Exactly.
00:54:56 - Christopher Burns
So not only is the back end and the front end composable, you can have one without the other. We also made the React components as composable as possible. You can completely customize the styling. You can make it look something completely different. For example.
00:55:24 - Anthony Campolo
What I always see looks super great, Chris. By the way, everything looks really, really nice.
00:55:30 - Christopher Burns
Thank you, thank you.
00:55:33 - Anthony Campolo
Follow.
00:55:34 - Christopher Burns
Yeah. When I follow up consent, you can see this cookie banner looks nothing like the default cookie banner. It looks directly like the website because we've customized the class names to allow that to have an effect. The underlying system is super complicated, the theming system that has cascading class name management and style management and CSS variables. But the key to this is we didn't want to say, "Hey, you need to bring Tailwind," because what happens is your website doesn't use Tailwind, or we want to use Tailwind. Okay, you need to disable all the default styles.
So we try to look at every single part of the consent journey and say, if we were going to make the world's best developer platform here, how would we do that? It's seriously focusing on every single aspect of performance, styling, management, and deployment and saying, how can we make an incredible developer platform? I think there's still a lot of work to be done. We are not there yet, but I think this is all really, really exciting.
[00:56:49] What do you think?
00:56:50 - Anthony Campolo
I think it's great, man. I think you got so much stuff going on. You got a dashboard, you got an open source library, you got a GitHub repo, you got this benchmark tool. There's a whole bunch of stuff you got going on. I think the main thing is going to be having this all packaged together in a holistic way where people realize all the stuff you're offering because some of it's on different domains. It's a little bit spread out right now. But everything you've got is incredible. And Fuzzy says the man is fucking cooking. I agree, this is absolutely amazing.
00:57:27 - Christopher Burns
So there's a reason that things are spread out across multiple domains. It's trying to say, "What is open source? What is business, you know, what needs to make money, and what is education?" When we try to merge all of them into one brand identity, we felt like no one would trust the benchmarks because they're directly tied to Consent or C15t.
00:58:02 - Anthony Campolo
This was Nissan's thing about calling JavaScript Jam, JavaScript Jam and not calling it Edgio Talks or something. That was his exact idea, and I thought he was really right about that.
00:58:15 - Christopher Burns
Exactly. And the whole point of Cookie Bench is to educate developers on the performance impacts of cookie banners. There's a really interesting reason why cookie is not in the name of c15t or consent management, and it's because we believe consent is much bigger than just the cookie banner. It's the long-term vision of what we're looking to build. A lot of these platforms are like, "Yeah, when I need a cookie banner, I go to Cookie Pot or cookie whatever." I'm sure I could say 20 words after cookie, and there'd probably be a cookie banner system out there.
00:58:57 - Anthony Campolo
Well, let's hone in on that. What actually is involving consent outside of cookie banners? Because I don't really know. Yeah.
00:59:04 - Christopher Burns
So consent is everywhere. We just choose to wipe our brain of it straight away. For example, have you ever loaded a video game and the first thing it does is say, "Hey, you need to accept a EULA and a license agreement," or you go onto an airplane.
00:59:26 - Anthony Campolo
Terms and conditions. Not even gaming, any app.
00:59:30 - Christopher Burns
Or apps, websites, Zoom, events. Consent to say, "Hey, I consent for you to use my data," is across the board, across the whole digital ecosystem. But it's not one of these things that we bring up. It's not one of these things that we think about. When you start a startup, you think, "I need to put time to build my authentication out," but you don't think, "Oh yeah, I need to put time to build out the consent, the what are we allowed to do, what are we not allowed to do?" Do you even know what you're allowed to do versus what you're not allowed to do? Do you even know what's legal versus not legal?
It's a joke that I keep thinking about in my head, like, "Oh, I'm on an airplane 20,000 ft in the air." Well, 45,000 ft in the air. And I need to sign a terms and conditions, a cookie banner, to buy the Wi-Fi.
01:00:33 - Anthony Campolo
Yeah.
01:00:33 - Christopher Burns
And it's like these things. There's so many people that say they're annoying, but there's a reason that they exist, and that is to say, "Hey, we want to give you visibility of how your data is being processed and used." I think we live in a world where it would be really naive to say we don't need them. It's a very American view that's like, "We don't need cookie banners."
Okay, so the rhetorical question I would ask to an American who said we don't need cookie banners is: would you rather all your data is used or not at all? You know, agree to all or agree to minimum.
01:01:19 - Anthony Campolo
I mean, they would like the information that needs the app to function to be used and not to sell you crap you don't want. That's what. That's what we want when we say things like that.
01:01:30 - Christopher Burns
But then you say, "Okay, I want minimum," and then you go, "Why can't I reach the port? I can't contact support."
01:01:40 - Anthony Campolo
But that's what I mean about only giving the information you need to do the things you want to do. So that's what they want.
01:01:47 - Christopher Burns
Yeah, but the thing is that lies in essential cookies. It's an area of consent management where it's like, what is essential to the platform versus what is third party? Is a chat widget like Crisp or Zendesk, or Intercom, required? Is that essential or is that additional?
01:02:12 - Anthony Campolo
The South Park episode Human Centipede? No.
01:02:16 - Christopher Burns
No. I don't really watch South Park.
01:02:22 - Anthony Campolo
South Park. Yeah. It's a reference of The Human Centipede, which is an absolutely disgusting movie.
01:02:28 - Christopher Burns
I think I watched it in my youth. I really shouldn't have. But yeah. Overall, the biggest thing here is about education and about exploring it. In saying that, all cookie banners are not the same size or style. What I mean by that is, depending on what you want to do on your website, you need a different type of cookie banner. For example, if you want to show Google ads, you need a cookie banner that has been authorized by the European Union, the international agency.
01:03:14 - Anthony Campolo
That's where this stuff really gets squirrely. You're talking about Americans. The reason why Americans hate cookie banners is because it's all based on bullshit laws written in other countries.
01:03:25 - Christopher Burns
Sure, but it's one of these things where you say, is it bullshit, or are they saying that these solutions hit a minimum specification set out by a legal government? It brings every single solution onto that level. For example, c15t does not have IAB 2.2 authentication yet. It will be something that we get. But all of the biggest websites out there in the world where you go on and it says, "Hey, if you click accept, 250 businesses are going to have access to your data," that is because they're using the TCF standard, a standard that Google, Facebook, all of these have built in to say if we show an ad, we know that we have the consent to do it.
So you could say, is this standard a good thing or a bad thing? Would you rather Google owns this standard or the European Union? It's a good question.
01:04:44 - Anthony Campolo
Yeah. I don't know if there even needs to be a standard. I would like it if just different apps use data the way they want to, and users can decide how they want. What I want is transparency. I want it to be clear how is my data being used, so I can make an informed decision about whether to give it to this company or not.
01:05:04 - Christopher Burns
What about? Here's another one for you. What happens if you're in a country like Greece and you can't even read the cookie banner because it's in Greek, but your laptop's in English?
01:05:14 - Anthony Campolo
Well, that doesn't matter, because all languages are easily translatable with a click of a button.
01:05:19 - Christopher Burns
Well, you would think, but if the website isn't like 90% English, but then the cookie banner is in Greek, you Google Translate it.
01:05:27 - Anthony Campolo
I put it in Google Translate, like I just have to go into a different app. I guess so. Okay, so here's a good thing Fuzzy is saying here. He just says he denies it all anyway. So what's the issue with that, Chris?
01:05:39 - Christopher Burns
In terms of the platform that I build out, I don't believe there's an issue with that. Germany actually just passed a law saying that you have to have a reject all, deny all button as standard in cookie banners.
01:05:56 - Anthony Campolo
That because?
01:05:58 - Christopher Burns
Because there are certain things you can say, how much of its heuristics, how much can you actually get away with? For example, there are providers for news in the UK and Europe that literally say you can't decline our cookie banners without paying a subscription. So if you pay a subscription.
01:06:17 - Anthony Campolo
It's like a cookie wall pay wall.
01:06:19 - Christopher Burns
Yeah, legit, 100%. And obviously this law is to go against those kinds of standards that have popped up to say, "Hey, what you're doing is unlawful, and you need to stop doing that." Because for myself, I believe it's a gray area of consent management. All businesses should follow the legal standards if they choose to or not; that is up to them. But we really want to provide the best tools and the best default actions to do those things.
01:07:01 - Anthony Campolo
Yes. Major in The Sun. Yeah, I know The Sun. I don't know the Daily Ranger.
01:07:07 - Christopher Burns
I don't know the Daily Mail.
01:07:10 - Anthony Campolo
The Daily Mail. Yeah.
01:07:12 - Christopher Burns
That happens all over. This is a really interesting area that we're trying to make a lot better. So yeah, that's consent management as a whole. And I know we booked three hours to go.
01:07:28 - Anthony Campolo
Three hours. We can just go a little bit longer. I want to talk to you about some things not related to this. So let's kind of wrap this conversation up, but.
01:07:35 - Christopher Burns
You know that.
[01:08:22] - Anthony Campolo
That's so funny. People boycott different papers in America. They support the wrong president. For you, it's more about football.
01:08:29 - Christopher Burns
Yeah. This is an area that I don't try to dig my head into because I have stuff to share, and we ship a lot.
The question about where we host things is a really interesting question. We host our infrastructure. Our dashboard is on Vercel, and the API is also hosted on Vercel. The database is a PlanetScale database. You could say the control plane is basically MySQL and Next.js.
01:09:16 - Anthony Campolo
But then why'd you pick PlanetScale, just real quick?
01:09:20 - Christopher Burns
That's a really interesting question, because I don't know. I spent a lot of time with Postgres in my previous startup, and we used more lower-level stuff on Google Cloud. Then there's a lot of serverless Postgres that has popped up, but nothing felt really battle-tested like PlanetScale. If you were going to pick one of these more high-level abstraction providers, it felt like the best option.
01:09:58 - Anthony Campolo
So things like Neon would be the Postgres equivalent, right? Yeah.
01:10:02 - Christopher Burns
And then we kind of said to ourselves, do we even need Postgres? Postgres gets so much of the talk and the hype, but it's like, do we even need Postgres in this? It was like, actually, we probably don't.
We felt like PlanetScale was a better database in that discussion. It wasn't a long discussion. It was probably like a half-an-hour discussion, to be fair. It's like, let's go with PlanetScale because we actually converted from Postgres Neon to PlanetScale after we saw a lot of the performance issues Neon was going through. And then they get acquired, but that's a discussion for another day. But then to carry on, the control surface.
01:10:52 - Anthony Campolo
Is.
01:10:54 - Christopher Burns
Yeah, by Databricks. That makes the control surface MySQL. But then the really interesting question comes up when we say, because we built this self-hosted technology, you can host it in Postgres, MySQL, or SQLite. So you can run a c15t instance in any of those three databases.
01:11:19 - Anthony Campolo
Is that because you're using Prisma? Or no?
01:11:22 - Christopher Burns
Well, it's because, yes, you can also use Prisma or Drizzle or Kysely. So when you have a package that can work with all of them, you then question how you should host the official host of it. Which one should we pick internally? Postgres, MySQL.
01:11:44 - Anthony Campolo
SQLite? Okay, so what you're saying here is that you built the library in a way that is agnostic to all of these things. Then when you host the canonical instance, you have to make a decision.
01:11:56 - Christopher Burns
Exactly. So which one do you pick? It's a good question. We picked SQLite for every single instance. Yes. And we also have some instances on Cloudflare D1, whatever it's called.
The main reason we picked SQLite was version controlling. We thought it was better to version c15t as a whole on the same semver number. So when we introduced breaking changes to, say, the backend package, you would also reflect that into the frontend package.
But then you have this hosted solution. Say you update the backend to have a breaking change. Now you need to write an API that controls it to say, hey, if they're on version one, use this API. If they're on version two, use this API. This is where we thought, big-brain geniuses that we are, why don't we just let each instance be isolated so it has its own database and its own.
01:13:22 - Anthony Campolo
Database per user, basically.
01:13:24 - Christopher Burns
Exactly. So each c15t instance has its own database.
01:13:28 - Anthony Campolo
I was planning on doing that for AutoShow for a while, actually.
01:13:33 - Christopher Burns
But it's really complicated because.
01:13:35 - Anthony Campolo
Exactly. Yeah.
01:13:36 - Christopher Burns
It's really easy, and it's really complicated. Version control gets a lot more interesting. But at the same time, you could say it was a really interesting choice because it wasn't our first choice.
Our first choice was to build c15t to have extra hooks that would add client IDs and organization IDs to the tables. So it'd all be in one general database, say on Postgres or MySQL. But then we thought we were diverting from the C15 specification that we were building out by building all this custom logic to host it. So what we really try to do is keep the logic and the hosting as close to the open-source version. It's very dogfooding.
It's basically saying, if we need functionality for our database, we're not writing custom logic for the wrapper around C15 that we call Consent. We're just going to write that logic directly into the C15 instance. So when we think about the dashboard, that's just using the C15 REST API, the Node SDK, and trying to keep that methodology.
[01:15:03] And that thought process has been really interesting. One of these areas is, will it scale? We don't know to a certain extent. We have already had some customers scale much, much bigger than the rest of the customers, and I think it's fine.
01:15:23 - Anthony Campolo
So you mentioned a while ago the Cloudflare. Where does Cloudflare fit into this stack?
01:15:28 - Christopher Burns
So Cloudflare runs C15 instances. When you deploy a C15 instance, you're deploying a database plus a Cloudflare Worker. So every single C15 instance is its own Cloudflare Worker.
01:15:44 - Anthony Campolo
So that's why you're saying you're hosting your dashboard on Vercel, but the users are working off of that dashboard, and then they're launching their own instances on Cloudflare.
01:15:55 - Christopher Burns
Exactly. Because Vercel's deployment structure is not necessarily set up for us to do instances like we could. There is a way to do it.
But I think there's bigger questions as well, like, would it be better to run our own Kubernetes clusters? We will see. Where we are in our scale journey, what is there is working, and it's simple.
01:16:30 - Anthony Campolo
Yeah. So it sounds like at this point there's no Docker containers anywhere in this mix.
01:16:35 - Christopher Burns
Nope. We have an open issue on GitHub for a Docker container.
01:16:40 - Anthony Campolo
I've heard Cloudflare is going to run Docker containers soon.
01:16:44 - Christopher Burns
I wouldn't be surprised. But also I wouldn't say that we don't need them. They're built for a very certain developer, and we think most developers are just going to say, hey, log on to Consent, spin up an instance, copy and paste the variable into their app, and done.
If you want to go run Docker, run databases for Consent, be our guest. But we think the majority of the audience is going to host it. So yeah, totally.
I love talking about this, but I also can't believe how fast we've covered so much breadth of tools. It's pretty incredible what we've built out in such a short time. This is only month four of the company, technically. And two people. It's kind of crazy. It is kind of bonkers.
01:17:55 - Anthony Campolo
The last thing I wanted to talk to you about, I'm sure you probably have not been paying much attention to it or know much about it, but what are your thoughts on the new Redwood SDK?
01:18:05 - Christopher Burns
Actually, I have been spending a lot of time on it. I do have a demo of it. I've used it, I've tested it.
01:18:12 - Anthony Campolo
Oh, yeah. Cool.
01:18:13 - Christopher Burns
And I also use a lot of Cloudflare right now, with obviously consent reasons.
01:18:20 - Anthony Campolo
I wanted to ask. Yeah.
01:18:22 - Christopher Burns
Cloudflare documentation can be very shaky at times.
01:18:26 - Anthony Campolo
It's almost like there's too much. It's a rare situation. They have so much docs across their whole platform.
01:18:34 - Christopher Burns
So many areas.
01:18:35 - Anthony Campolo
A very specific thing, you're like, how do I find this one thing? Yeah.
01:18:38 - Christopher Burns
Or like, for example, how do I add multiple environment variables to an instance? The API is not necessarily clear, or you need to use a CLI, or there's a lot of things I like about Cloudflare Workers.
The one thing that I don't particularly like is the deployment strategy, the manual deployment system. If I'm going to throw shade on Redwood in any way, it's not necessarily Redwood. It's just run this command and it pushes it up. But I quite like the git flow strategy.
01:19:15 - Anthony Campolo
Yeah.
01:19:16 - Christopher Burns
Where it's like, you've deployed to production, now it deploys it. And I think there's a lot of room there for a tool or a hosting provider, because that's what we're basically doing. We're manually, instead of using the Cloudflare CLI, deploying instances in the cloud and adding the bundle to it.
That is a mental thing to describe. The C15 instances are bundled to Cloudflare Workers, but they're not deployed. Then that bundle gets bundled into our Next.js application, and the Next.js application sends that to Cloudflare Workers saying, here's the bundle, deploy this.
It's kind of a bit mental, but there's not necessarily a better way right now, and it works. That is the core thing, is that it works. If I could say anything about Cloudflare, the deployment strategies are not necessarily the funnest, but I know they're doing a lot in that area.
But the question of the Redwood SDK, I think it's really, really cool.
[01:20:31] I think there's a lot of questions around the use case: how things are done, how they should be done, where they should be done. It's a very server-side rendered strategy compared to something like Create React App. TanStack Start, I'm excited. I'm excited to see where it goes, and have already played around with it myself. I've seen a demo in person. I think it's really, really interesting.
01:21:08 - Anthony Campolo
Awesome, man. Yeah. I was chatting with Peter about trying to get him on stream to do some stuff. I need to reconnect with him. Yeah, I'm thinking about diving back in.
I haven't been on the Redwood train for almost two years now since I've used Redwood. I think it's cool that they.
01:21:25 - Christopher Burns
Were you? Astro. You're an Astro fan now, aren't you?
01:21:29 - Anthony Campolo
I'm using it. Yeah. I mean, Astro is what I built my blog on, and then it just kind of spun out from there. I don't know. I was using Solid for a bit, some SolidStart, and I was digging that. Now I'm using Astro with Solid, so I get a little bit of the best of both worlds.
I spent a long time just building Node. I spent most of AutoShow, I just built as a Node CLI with no front end whatsoever. That was totally different for me, but that was really great.
I messed around with Fastify for a bit. I had a Fastify backend that Astro was calling out to, and then I eventually got rid of that and built all the Fastify endpoints into Astro API endpoints. So yeah, I've done all sorts of crap now.
[01:22:20] I felt it was good to get away from Redwood just to build up my skill set and really learn how to do things from the ground up. And now I'm like, do I want to go back to this all-in-one, built-in framework kind of thing because Astro does a lot, but it definitely doesn't do as much as Redwood would.
01:22:37 - Christopher Burns
And I think the core to all of this, and I hate to be like a business person when I say this, is: where are the users? It's one of these really interesting questions.
01:22:50 - Anthony Campolo
It's not on Redwood. That's part of the issue.
01:22:53 - Christopher Burns
We see a lot of discussion about Next.js and is Next.js really that good or blah, blah, blah. But a lot of the deployments actually produced right now are Next.js. Why does Netlify push to get feature parity with Next.js? It's because everybody's deploying Next.js. Why are people on Cloudflare Workers doing the same? Because Next.js is the current zeitgeist. It's the current thing. And Gatsby was before that, and it's kind of why we are focusing.
01:23:26 - Anthony Campolo
Isn't that right there the argument not to use Next because they might be the next Gatsby?
01:23:32 - Christopher Burns
Well, yes and no. You could say you can still use Gatsby today if you have a website using it.
01:23:39 - Anthony Campolo
If you have a perfectly fine.
01:23:42 - Christopher Burns
You know, but there's good questions around that, and there's good questions around all frameworks. You know, as we saw Redwood start to wind down Redwood GraphQL. Is that a bad thing? Right. No. Blitz. You know, Bison. Changes are forever.
When we started building out Consent, I said, I want to go as low down as possible, hardly any abstractions. And I actually walked that back to Next.js because I was like, we just know so much more about Next.js. If it errors, everyone knows so much more about it. Everything.
I think all tools have their pros and cons. But for me as a business person, not just a technologist, you have to follow where the market is. And the market is very much in the Next.js corner right now, if we like it or not.
01:24:48 - Anthony Campolo
That's if you're building dev tools, though. If you're just building an app that a user is going to use, I feel like that's less important.
01:24:55 - Christopher Burns
Well, what about a team, you know, finding good Solid developers.
01:25:01 - Anthony Campolo
No. Yeah.
01:25:03 - Christopher Burns
Finding good Solid developers.
01:25:04 - Anthony Campolo
ChatGPT, Claude, Gemini is my team. Yeah. They know every.
01:25:09 - Christopher Burns
Framework. Yeah, yeah, yeah. And I don't know, I think it's really interesting. It's kind of like why we built out the Next.js package and the React package. Fundamentally, React is client-side rendered, but also where it's going is server-side rendering. Redwood, PostCSS, pure server-side rendering. How does the bundle actually make a difference? It's kind of a massive thing, and we're yet to fully see.
I don't know. It's a really interesting question. To be fair, we haven't spoke a lot about CLIs. We quickly brushed over the CLI.
01:25:51 - Anthony Campolo
Yeah. What do.
01:25:51 - Christopher Burns
You use.
[01:25:52] - Anthony Campolo
CLI.
01:25:53 - Christopher Burns
We basically use a lot of custom tooling.
01:25:58 - Anthony Campolo
We're not using Commander. Do you think Commander is where it's at?
01:26:01 - Christopher Burns
We're using Clack. But then... Clack, I don't know. Should I actually show you? Should we actually look through the CLI? I feel like it.
01:26:09 - Anthony Campolo
That's the one thing I've gotten most deep in. I spent a year just building a CLI with Commander.
01:26:16 - Christopher Burns
You spent a year building a CLI, and our CLI is not a side note to me, but it's just one of the things I've spent a lot of time on.
01:26:25 - Anthony Campolo
Well, it's interesting because I used the CLI a lot for AutoShow; that is how I have been kind of building out all the functionality.
But I knew it was never really sustainable in the sense that I needed to build a front end that people could use who are not developers. So I spent too much time building out the CLI, honestly, and apparently Slack.
01:26:50 - Christopher Burns
Yeah, I don't know if I like Clack, I'll be honest with you, but I'll show you. So we use Rslib to build it. That's all. That's already the first controversial point: all of C15 is bundled with Rslib.
We then, how we actually build it out, is we have a context system plus a command system.
01:27:19 - Anthony Campolo
So more built on Clack.
01:27:22 - Christopher Burns
Yeah. So let's just look through this. For example, we basically pass in the arguments. We then build a context. That context adds basically how logging messaging gets done.
So for example, you see here we have logger.debug and then logger.message. Logger.message will put something in the CLI. Logger.debug would as well under a different flag. Same with things like telemetry.
One of the really important things is we wanted to know how the CLI was being used. Not to be creepy, but to be like, oh, are they actually deploying Next.js applications or are they trying to deploy with Svelte applications?
So we created a core context. Next, the real key to our context system, our CLI system, is this file called... not that.
01:28:37 - Anthony Campolo
One.
01:28:38 - Christopher Burns
Yeah. It's actually under utils. It's called logger. This is my favorite file ever because... no, no, no, no... because we're using something called Double Tie logger.
01:28:54 - Anthony Campolo
This is exactly how I set my logging up to this, like, interface with the args and all that.
01:29:00 - Christopher Burns
Yeah. So we used a custom logger. I built a logger called Double Tie. We won't start talking about what Double Tie is because it's a long subject.
01:29:10 - Anthony Campolo
Your own logger. That's ridiculous.
01:29:14 - Christopher Burns
Yeah. But the reason was, why was? So we could basically wrap up things really, really easily, so everything gets logged to a level of like logger.failed will fail it plus exit. logger.success will write a success message. logger will put a border around it. logger.message will just log a message.
This was a way that we could really control how the CLI looks and acts in a unified method, to be like, actually, what happens if the logging system, instead of using console.log, everything was just this custom logger? That's how it really started.
And yeah, we built our own logger called Double Tie logger. That logger also gets used in our back end, as well as some other Double Tie packages we have. They're not in here yet, but we have some other Double Tie packages that we've not pulled out yet. That is a good question as well: what is Double Tie?
01:30:30 - Anthony Campolo
Oh, I was just gonna ask that.
01:30:33 - Christopher Burns
So Double Tie. Double Tie.com. I own many domains for many projects, so Double Tie is an SDK toolkit that we're trying to build out slowly but internally. So really a lot of the logic that runs c15t.
01:30:58 - Anthony Campolo
Is this why you're able to have like three different query builders?
01:31:03 - Christopher Burns
Yeah, yeah, yeah. Oh, and it also makes.
01:31:05 - Anthony Campolo
A lot more sense now.
01:31:07 - Christopher Burns
And also this is basically an ORM as well. I basically built out an ORM as well. We won't talk about that.
But yeah. So the whole point of Double Tie is to try and take a lot of that core functionality that we don't believe is consent management, but it's how we can build a back end and abstract it to a point that anybody can use the tooling, if that makes sense.
So you could technically take the c15t back end, take out all the consent management stuff, and then you would have the core and build it up into a different area. That's the whole premise of Double Tie, doubletie.com. But really it's a slow progress.
So for example, when we go to back end you see that there's this folder called Double Tie. So there's API router, data model, database adapter, migrations, results, types, utils. All of these are going to be Double Tie plugins, packages; we've just not pulled them out of the c15t back end yet.
[01:32:23] But yeah, it's how we can do things like schema. Our schemas are built in this unified way, like when we look at registry, it pulls it from these packages.
So we have like a Double Tie error, then an error system and a type system and a model system. It's pretty complicated.
01:32:55 - Anthony Campolo
But beyond impressive. He thinks it's super cool.
01:32:59 - Christopher Burns
Yeah, and I was gonna say I was showing the wrong tab, but we can see here, like, when we look at back end and we go to src, here packages. These are all these internal Double Tie packages that we've just not abstracted out yet into a unified SDK system.
But there's like a database migration package. There's a API router package. There's a database adapter package. So this is like how we said, how do you support.
01:33:35 - Anthony Campolo
Yeah.
01:33:36 - Christopher Burns
Yeah, yeah. How do you support passing in more.
01:33:40 - Anthony Campolo
This makes much more sense because I was like, why are you supporting three ORMs? That's so crazy. And now I see because you already built a library that does it.
01:33:48 - Christopher Burns
It's not official yet. It's not official. And the reason it's not officially released is because I kind of just want to put it out there and be like, this is some crazy code, like, you can use this.
But also if you start saying, like, this is broken, like, don't ask me to fix it. I don't know, I just kind of was the genius that wrote it and then lost.
01:34:11 - Anthony Campolo
At your own risk. Yeah.
01:34:13 - Christopher Burns
Yeah. Because so much stuff gets pushed in and almost wrong where it's like, how could we do this?
Well, you know, if this is an open source tool, we're not just going to say, oh, you have to use MySQL. We're going to say, oh, you could use Postgres and SQLite. You want to use Prisma? That's okay. We support all of them. Just declare technical bankruptcy and support everything.
Yeah, yeah, yeah, it's open source, not paid.
But it's one of those things where one of the most interesting things about putting things out there is supporting it. I don't really want to put stuff out there if we're not actively going to be using it or supporting it. And that's why some of the packages have sat in the back end longer than others.
For example, like the logger, we're pretty confident on. Sure, there's Pino. There are 20 other loggers out there. But this is one we've built specifically for ourselves.
[01:35:20] I think really that should be Double Tie's package system. This is built for c15t. We've just abstracted it out; if you want to use it, use at your own risk.
01:35:34 - Anthony Campolo
So are you worried about the maintenance burden?
01:35:37 - Christopher Burns
Oh, yeah. The maintenance burden on consent already is massive. You can say, you know, I really appreciate everything that you say. Like, hey, this is impressive. Holy hell. And we're like, yeah, this is like two people.
Like, the maintenance burden on everything is kind of crazy. It's like, if I got hit by a bus tomorrow.
01:36:02 - Anthony Campolo
This code's gone forever.
01:36:05 - Anthony Campolo
Well, it's not that.
01:36:05 - Christopher Burns
The code's gone forever? It's that trying to pass it all into an AI context window to even think about it is pretty big at this point.
01:36:17 - Anthony Campolo
Yeah, you'd have to break it down into pieces. Yeah.
01:36:20 - Christopher Burns
Yeah. But this is all interesting things where so much of everything was built closed source, and you could say not necessarily the best, as in written the best, because it very much had a lot of transformation throughout the whole product from pure JavaScript to TypeScript to structured types. And that evolution costs a lot of time.
So we started on the strictest principles of a really strict biome config and a really strict TypeScript config, and then say we want to work on tools that only allow us to hit that level of quality and high-level maintainability.
And yeah, sometimes it's easier to build a tool yourself than to use another tool. I won't always suggest that.
01:37:17 - Anthony Campolo
Well, it is now. I think that's because of AI to a huge extent. The velocity at which you can ship code now has completely transformed. So it makes more sense now to build your own stuff, even if it does have a higher maintenance burden, because you can.
01:37:30 - Christopher Burns
Get good code. That is the question. Good code is a lie.
01:37:36 - Anthony Campolo
There's no such thing as good code. There's code that works and code that doesn't. I hate this term, good code.
01:37:43 - Christopher Burns
Mm-hmm. Mm-hmm. Yeah. It's been, I don't know, kind of crazy. Does it work? Exactly. Does it work? Yeah. Or does it mold well to other scenarios? And does it have to?
This is why telemetry is a massive part for us as well, to guide things like CLI.
01:38:09 - Anthony Campolo
Give consent to telemetry.
01:38:11 - Christopher Burns
Yes. You know, when the CLI runs it says we are tracking telemetry. You can disable this by passing --no-telemetry. We're very clear that we're tracking telemetry.
But to be fair, telemetry isn't tracked through the consent system. Maybe we're missing a point.
01:38:34 - Anthony Campolo
Oh, well, you do.
01:38:36 - Christopher Burns
Realize I don't know what Ronseal is. To be fair, really?
01:38:41 - Anthony Campolo
That's one of Fuzzy's metrics. Is it like Ronseal? I asked him, what's Ronseal?
01:38:47 - Christopher Burns
What's Ronseal?
01:38:48 - Anthony Campolo
Fuzzy always introduces me to new things. He's hipped all sorts of things I don't know about, so I like him.
01:38:56 - Anthony Campolo
Ronseal does what it says on the tin.
01:39:02 - Christopher Burns
Yeah, yeah. I don't know. It's pretty crazy. There's a lot of technology out there.
01:39:09 - Anthony Campolo
Oh, okay. So this is not a tech thing. It's Ronseal, r-o-n-s-e-a-l, originally back in 1994.
The popular phrase does exactly what it says on the tin. It was developed when Ronseal employed London-based advertising agency HHCL to create a campaign that, without trying too hard, would demystify their products. That's cool.
I have heard does what it says on the tin. I never knew the origin of that phrase. Thanks for the history lesson.
01:39:37 - Christopher Burns
So, I guess the question more than anything is, do you feel that, since speaking to me, you understand consent more and are becoming more educated on it?
01:39:53 - Anthony Campolo
I feel like I'm a lot more educated on your tools specifically. I feel like the question of consent is an almost philosophical question, but.
01:40:05 - Christopher Burns
Yeah.
01:40:05 - Anthony Campolo
I think you're talking about the education thing.
I think if you had more stuff around, like information around how to deal with different jurisdictions, because I know your tool is meant to do that, and I don't know how much of that is [unclear], then clearly I just hit on a big point.
01:40:29 - Christopher Burns
You could go to consent slash regulations. Okay.
01:40:39 - Anthony Campolo
Oh, okay. No, there we go. You should have shown this off. Pull this up on your screen real quick.
01:40:46 - Christopher Burns
Yeah, yeah, yeah. Of course, of course. You could go.
01:40:49 - Christopher Burns
To regulations and see. This is.
01:40:53 - Anthony Campolo
Fantastic. This is exactly what I meant.
01:40:55 - Christopher Burns
And then it breaks.
01:40:57 - Anthony Campolo
And then it breaks.
01:40:57 - Christopher Burns
Breaks.
01:40:58 - Christopher Burns
The reason why is the middleware. It's kind of crazy.
01:41:49 - Christopher Burns
Reason.
01:41:50 - Christopher Burns
Regulations doesn't quite work because of that. But we do have the last thing that we can talk about. Sure.
01:42:02 - Anthony Campolo
Yeah, I'm getting hungry. So let's wrap up in the next five to ten minutes.
01:42:06 - Christopher Burns
Let's just pull it up. This is a little bit old, but I think it's a little bit fun. This is a prototype that we were building out where you could ask it things like, tell me about CCPA, and it would give you the legal documents about CCPA. So not just Google searches, but actually look at the raw legal agreements for it.
01:42:40 - Anthony Campolo
I was actually thinking about this and how you could use AI on your thing. I was thinking how it would be able to summarize all this legalese.
01:42:48 - Christopher Burns
Yeah. So, for example, we could pull up the privacy policy for Consent.io and ask it, oh, good, is this privacy policy good?
01:43:09 - Anthony Campolo
Hella good, obviously.
01:43:11 - Christopher Burns
Wow. It's a good question. Obviously this AI is trained on the legal documentation.
01:43:25 - Anthony Campolo
So did you fine tune a model to do this?
01:43:28 - Christopher Burns
Uh-uh, but this has been sitting on the shelf for a while.
01:43:37 - Anthony Campolo
Yeah, this is the old branding.
01:43:39 - Christopher Burns
This is something that we actually want to build into our dashboard where it's like, not a lawyer, but it can, for example, say the privacy policy is well structured and covers key areas that global data protection laws typically require. It is clear, fair, and competitive, comprehensive and written in accessible language, and it has a high confidence on this. Does that mean it is better than a lawyer? I won't ask that question.
01:44:11 - Anthony Campolo
Certainly cheaper than a lawyer.
01:44:14 - Christopher Burns
Yep. So that is a fun little thing that I think we're probably going to build into our dashboard soon and have behind a flag. And we're going to make you sign an agreement that says, this is not a lawyer, this is not legal advice. Treat everything it says like, you know, copying your competitor's privacy policy and changing the name.
01:44:45 - Anthony Campolo
Yeah.
[01:44:47] - Christopher Burns
So I hope this was a really fun stream. Yeah. I don't know, any feedback? I'm happy to hear it.
01:44:57 - Anthony Campolo
Yeah. No, I think it's great. I'll just reiterate kind of what I said before: just make sure there are ways for people to discover all the things that are here, either one sort of home page that links out to everything or, you know, when you need one thing, make sure it's linked to in another place.
Yeah. You build a ton of stuff here, and it can be hard to get a sense of everything that there is. But I think everything you build is super cool. You got a lot of interesting stuff. You got a lot of wide-ranging stuff that covers a bunch of different kinds of aspects of it.
I think most people, if they heard you're just building something for a cookie banner, they would have no idea of the scope of what you're actually doing. So yeah, I think it's sweet, dude. It's very, very cool. I would love to book another stream in like a month or two and build in the cookie banner to AutoShow.
01:45:48 - Christopher Burns
Yeah, well, it will only take five minutes. Hopefully.
01:45:51 - Anthony Campolo
Allegedly. We'll see.
01:45:53 - Christopher Burns
Well.
01:45:54 - Anthony Campolo
I'm not on Next. I'm on an Astro app we're using.
01:45:57 - Christopher Burns
I think it. Oh. You okay? We might have to build in a custom cookie banner then.
01:46:02 - Anthony Campolo
Exactly.
01:46:03 - Christopher Burns
But we can do that. We can definitely give that demo and work it through. Yeah. It's super. I'm really excited to continue sharing this area with the world, and momentum is only growing.
01:46:20 - Anthony Campolo
Yeah. You're gonna hit the podcast circuit soon.
01:46:23 - Christopher Burns
I don't know. We need to work out if we've got our tools in a place that we're confident enough.
01:46:30 - Anthony Campolo
I can get you on JavaScript Jabber and stuff like that. I got the connect.
01:46:36 - Christopher Burns
So we definitely have, I think, most of the core functionality. We're building out a new marketing website for c15t, but I think some refinement needs to happen on the wording first. Because I think one of the biggest things, if you go to Consent or you go to c15t, you're like, "So what the hell is it?" It doesn't directly say that it's a cookie banner solution.
01:47:02 - Christopher Burns
Yes. It's very.
01:47:04 - Anthony Campolo
Management redefined. Yeah.
01:47:07 - Christopher Burns
And you'd be like, what the hell is consent management? So there's a lot of education to do in that area. We have so much to do. As you see, we've built so much, but it's also like we built the car, but we also need to build the road because no one knows how to drive the car. So it's kind of complicated, but we hope that cookie bench will be a massive opening factor, with unbiasedly made metrics available for different consent solutions out there.
That way people know that, "Oh, I use this solution and they don't do these things that I thought it did," or they do, or don't. And like we said, C15t doesn't tick all the boxes. There's more boxes that it doesn't tick right now than it does tick. And that's what the benchmarking tool is for, to say, "Hey, this is our roadmap."
[01:48:17] We're going to hit all these things as well. So yeah, super happy to have been on, and I can't wait to chat. Anyone, my email address is Kristopher@consent.io. Please reach out to me and I'd be happy to speak.
01:48:37 - Anthony Campolo
Yeah. Your two main domains are C15.com and consent.io, right?
01:48:42 - Christopher Burns
Yes.
01:48:44 - Anthony Campolo
Cool. So check those out.
01:48:46 - Christopher Burns
We'll see how long it will be until we are on consent.com.
01:48:51 - Anthony Campolo
That must be an expensive domain. Oh, it says it's for sale. $500,000. Jesus Christ. Wow. Good luck with that one.
01:49:06 - Christopher Burns
Good luck. Exactly.
01:49:07 - Anthony Campolo
Full funding round.
01:49:10 - Christopher Burns
Look, that's the point, to argue this. This is actually going to be a $1 billion company. How much is consent.com worth? It's true. Yeah, it's a good question. Well, we shall leave it there.
01:49:25 - Anthony Campolo
Cool. Man, this is super fun. We'll schedule another one. Fuzzy, thanks for being here, as always. For anyone else out there watching, hope you check this out. Yeah, hit up Chris if you want to learn more. And with that, we will call it awesome.
01:49:43 - Christopher Burns
Catch everyone.