内容简介:As the founder ofSimple Analytics, I’m running into privacy issues while building our product. Based on those learnings I would like to show you some practical tips to improve the privacy of your visitors. Some of the tips seem very logical but can be hard
As the founder ofSimple Analytics, I’m running into privacy issues while building our product. Based on those learnings I would like to show you some practical tips to improve the privacy of your visitors. Some of the tips seem very logical but can be hard to implement. That’s why I have provided examples with every tip so you or your team can apply them without doing all the research.
Join the discussion on Hacker News and make sure to vote if you love it
Some tips might become a bit technical and if you don’t have any technical background, feel free to skip those and forward them to your technical team.
Third-party services
Most businesses use plenty of other third-party services. They help you with providing a better service to your customers, which is great. But it’s hard to know how privacy-friendly these services are. While you might know them all (it’s required by the GDPR), you don’t know if you can trust them. It’s healthy to always think of third-party services as untrustable and use them in your product like that. There are a few ways you can limit their effect on your visitors.
Load third-party scripts only when needed
Sometimes you need to use external scripts. For example, you could be using a chat service or a payment provider. Solution: Only load those scripts on pages where you use them.
For a chat, it may be load every page but for a payment provider, it certainly wouldn’t be the same. Don’t include those script on every page.
When using a chat that you use on every page you could get a bit creative. For example, you could have a little button that only loads the external script when you click it.
var button = document.querySelector(".chat-button"); button.addEventlistner("click", function() { var script = document.createElement("script"); script.onload = function () { // Do something with the chat script if needed } script.src = "https://chat.example.com/script.js"; document.head.appendChild(script); }
To check if your site uses third-party scripts you can use the Request Map Generator built by Simon Hearne (thanks to Jan Klimo ). ForSimple Analytics it looks like this:
In the diagram above you only see requests going to servers ofSimple Analytics: simpleanalytics.com
, simpleanalyticscdn.com
, and simpleanalytics.io
. The fat pink circle isour home page video which consumes the most bytes. We also use an external payment provider, but we only load the script when the client clicks on the signup, hence in this image you don’t see any external scripts.
Compare that to another SaaS like Intercom:
There are many external scripts loaded from all kinds of different domains. I’m not saying this is good or bad, but it’s a good practice to double-check if all those external parties are needed. Run the Request Map Generator and see what services you don’t need.
Remember that all external parties can access the data being displayed on the page. If your visitors are logged in and see critical data, these external parties can see that as well.
Do not give too much power to your CDN provider
If you use a CDN you are giving them data about your visitors and the power to load a different script then your visitors’ request.
To prevent your CDN provider tempering with the source of your scripts you can use Subresource Integrity (SRI; the integrity
attribute on your scripts). You need to create a hash of the source of the script and include this in the script tag via the integrity
attribute. To generate the integrity hash you can use srihash.org .
<script src="https://cdn.example.com/script.js" integrity="sha384-..."></script>
The crossorigin
content attribute on media elements is a CORS settings attribute. This is needed to load scripts from other domains (a CDN domain for example). The anonymous
keyword means that there will be no exchange of user credentials via cookies and some other data between your website and other domains.
<script src="https://cdn.example.com/script.js" integrity="sha384-..." crossorigin="anonymous" ></script>
To prevent giving the page your visitors are viewing, you can add the referrerpolicy
attribute with a no-referrer
value to your script tags.
<script src="https://cdn.example.com/script.js" integrity="sha384-..." referrerpolicy="no-referrer" ></script>
Although you are not sending the referrer here, the browser does send the origin header with CORS requests. This means that your CDN provider still gets the domain where your visitors land on. If they record IPs they can track the browsing behavior of your visitors. This can only be solved by choosing a CDN provider that anonymizes the IP addresses. The only CDN provider that currently offers IP anonymization is BunnyCDN (we are not affiliated with BunnyCDN) .
<script src="https://cdn.example.com/script.js" integrity="sha384-..." crossorigin="anonymous" referrerpolicy="no-referrer" ></script>
If you add scripts dynamically you can specify the above features as properties. The properties are case sensitive.
crossOrigin
and
referrerPolicy
have one capital letter in them
var script = document.createElement("script"); script.src = "https://cdn.example.com/script.js"; script.integrity = "sha384-..."; script.crossOrigin = "anonymous"; script.referrerPolicy = "no-referrer";
Remove social widgets
Social media companies do not have a very good reputation for collecting data from your visitors. There are many plugins and ways to track users. Your visitors don’t choose to be tracked by those companies, you do.
If you are a visitor it’s recommended to use an ad blocker likeuBlock Origin. It’s a well develop browser extension that removes all trackers and ads from your visits. There is a giant on/off button to disable it for the site you are on. It makes your browsing experience safer.
Your visitors can do something about it themselves, but there will always be people that don’t know about this tracking or don’t know how to prevent it from happening. That’s why the EU came with the GDPR , California with the CCPA , Brazil with LGDP , and the UK with PECR .
Photo by Daria Nepriakhina on Unsplash
On 29 July 2019, the Court of Justice of the European Union (the “CJEU”) ruled that a company embedding on its website a social plugin, such as a Facebook “Like” button, can be considered a data controller […] – fieldfisher.com
Although you are not in control of what those platforms behind your widgets do with the data from your customers, you are still responsible for what happens with this data.
Replace Facebooks share button
When you add a Facebook widget like a share button, Facebook recommends you use their third-party scripts. This is great for them because they can collect more data about your visitors. Luckily they provide another way without the use of any scripts.
Here is an example with custom buttons and a simple share link. I highly recommend using link implementation instead of any script implementation.
The link implementation is a simple link that opens the Facebook share page for your visitors. You can put the link behind a button or text link on your website. For example:
https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fexample.com%2F%3Futm_source%3Dfacebook&src=sdkpreparse
You see a lot of weird characters in that URL (link). That’s because the link is URL encoded. Use urlencoder.io to easily URL encode your website:
Prefix the output of urlencoder.io with https://www.facebook.com/sharer/sharer.php?u=
and append &src=sdkpreparse
behind it and you have your Facebook share link. Without the tracking and privacy-invasive data collection.
Twitter embedded tweets
On the internet you see the Twitter widget being used a lot. But is it needed to send the data from your visitors to Twitter when they just want to see a tweet? A screenshot works just fine:
Don’t trick your visitors
Tricking your visitors into doing something they don’t want to do. Sometimes it’s great to open your website and follow your flow like a new customer. Be aware of things that are not clear and all the popups you see.
Cookie banners
When browsing the internet you will find many examples of websites trying to trick you in an opt-in for allowing to track you.
For example the home page of the New York Times. When you see a cross (X) you normally would close a dialog box without agreeing to what’s being asked. The New York Times just sees it the same as “I agree”:
Please don’t do this.
Emails
It’s related to don’t trick your visitors, but I want to spend a separate section about emails alone.
Marketing emails
If you have a business, there is a great value by using the email address of your customers. Use it wisely to inform them about new features, help them get around your tool, etc. It’s a perk for your business. But if you’re sending marketing emails to your customers, be sure they want to be subscribed. You can ask during signup if it’s okay for you to send them emails about your tool/service, or you ask if they are okay with you sending some setup guides or tips. Be aware that if you specify how you are going to use their email, and make sure you only use their email for that purpose.
Email tracking
It’s harder to disable email tracking than enabling it. That’s why most marketing emails contain trackers. Open rate is considered inaccurate because of client disabling images:
[…] an email is only counted as ‘opened’ if the recipient also receives the images embedded in that message, and a large percentage of your email users likely have image-blocking enabled on their email client. […] – blog.hubspot.com
Email images
When an image-heavy email doesn’t fully download and is viewed by the user, it could end up rendering like this for the subscriber:
Tweet found on a blog by Litmus
When adding images to your emails and not embedding those images in the emails they can look very ugly. More and more email services will stop displaying email trackers and thus images as well. The new HEY.com service blocks the so-called tracking pixels. I guess that more will follow.
WithSimple Analytics we love to share weekly and monthlyemail reports. When customers have enabled it we send them an email with all images embedded. No trackers or any remote images. No need to connect with anything outside their email client. Give them their privacy back that they deserve.
Email reports feature ofSimple Analytics
How to keep a good reputation
Another thing with marketing emails is the unsubscribe header. Make sure you have the header setup as it improves your email reputation. The headers could look like this:
List-Unsubscribe: <https://example.com/unsub/?uuid=14b2-b2a1>, <mailto:unsubscribe@example.com>
In a lot of email clients, the unsubscribe link is placed close to the spam button. You want people to unsubscribe instead of hitting the spam button to prevent damaging your reputation.
Where do you store your data
It’s important to store your data in a country that protects the privacy of its people and the people outside of the country. WithSimple Analytics we moved our servers to Iceland when we figured that was the best country privacy-wise. According to Freedom House Internet Freedom Scores Iceland is still the best option:
We later realized Iceland was not the best option provider-wise.
- The Icelandic Modern Media Initiative was adopted by parliament but didn’t make it into law (so it’s not the internet freedom haven we thought it was).
- Our provider claimed to be the largest in Iceland but it was not as mature as bigger providers in Europe, which risked the security of our servers and infrastructure.
- They had downtime twice this year.
- The internet cables to Iceland are rather slow. Although it’s geographically ideal — located between North America and Europe — in practice, The Netherlands is a faster location for both.
- We don’t want to move to Switzerland because it would be a marketing move only. The EU provides better privacy laws than Switzerland.
- We need to move anyway because our current provider does not offer the powerful servers we need.
- The second-biggest provider in Iceland is legally headquartered in Hong Kong, which is not a preferred location we want to store our data.
Copied from our docs page on locations .
We asked our customers if they would be okay with the move from Iceland to The Netherlands and everybody who voted agreed with our decision.
Be aware of where you put the data from your visitors. Do some research into the hosting provider you are using and the country where it’s hosted. Don’t pick the cheapest option without knowing why it’s cheap.
Do not log or ask PII data when not needed
It still happens you need to enter personal details for a website or app that does not need it.
Don’t ask full names
Unless you really need it. Let people decide for themselves to add their full name. Just ask for a first name if you want to address people in your marketing emails, but don’t ask for a full name.
For people reading that are tired of coming up with fake names: there are plenty of services out there to help create a fake name.
IP anonymization
This part is rather technical so bear with me. If you are a manager please forward this to your developers. IP anonymization is the most logical thing to do on your servers when talking about privacy. Yet, there are not that many examples of how to do it. A lot of processes on your servers log data. For example, NGINX logs data about every request (it’s customizable) that comes in. This is great for debugging but it’s less good for the privacy of your users. With NGNIX you can’t format the error logs so it will always error in the same format. This is very privacy-unfriendly because it contains the full IP address of the user and usually the User-Agent (which can contain unclear identifiers when using the Facebook app).
You can probably guess a few of the elements of this Facebook User-Agent suffix but it’s not all clear to me: [FBAN/FBIOS;FBAV/221.0.0.0.0;FBBV/154514034;FBDV/iPhone9,4;FBMD/iPhone;FBSN/iOS;FBSV/12.3.0;FBSS/3;FBCR/Siminn;FBID/phone;FBLC/en_GB;FBOP/5;FBRV/155138002]
It does not look like they are tracking their users via the User-Agent suffix, but they temper with the User-Agent at least.
Filters in syslog
Simple Analytics uses NGINX which in our case logs to rsyslog , often referred to as syslog . rsyslog is ofter included in Linux distributions ( official website ). Luckily rsyslog comes with a great module that’s called mmanon . This module can be used to filter IP addresses for both v4 and v6 from rsyslog version 7.3.7 .
On your sever you can check which version of rsyslog you have by running rsyslogd -v
.
You can enable IP anonymization by adding the following lines to your rsyslog config file. The config file usually lives in /etc/rsyslog.conf
or /etc/rsyslog.d/50-default.conf
.
module(load="mmanon") action(type="mmanon" mode="zero" ipv4.bits="32" ipv6.bits="128")
After you have changed this file make sure to restart rsyslog with service rsyslog restart
.
Next level syslog
If you want to go indepth you can set up some advanced filters to remove sensitive data within your log files or log services.
You could create a syslog config file in /etc/syslog/...
. I created a file called /etc/rsyslog.d/30-anonymize.conf
containing:
# Specify a custom format to anonymize your logs $template anonymize,"%$year%-%$month%-%$day% %timegenerated:12:19:date-rfc3339% %app-name% %$!new%\n" # This makes the template the default for all logs $ActionFileDefaultTemplate anonymize set $!new = $msg; # Replace user agents if re_match($msg,'(Mozilla\\/[0-9]\\.[0-9] [^"\']+)') then { set $!ext = re_extract($msg,'(Mozilla\\/[0-9]\\.[0-9] [^"\']+)',0,1,""); set $!new = replace($msg, $!ext, "*** (user agent)"); }
You can do way more, in our config we hide IPs, credit cards, and user agents.
Use two-factor authentication
This one is more security-related than privacy, but it’s important either way.
If you want to secure the data of your users and prevent others from accessing their data, use a two-factor authentication system. Don’t use SMS . Use TOTP (Time-based One-time Password) which has lots of apps and integrations. It does not require internet connectivity and can be installed on multiple devices.
Conclusion
While working onSimple Analytics, I’m constantly fighting the status quo by finding privacy-friendly ways of handling visitor data. There are way too few guidelines on how to prevent tracking in your own business.
I hope this post makes the web a bit more privacy-friendly. Please let me know which tips I should add.
Written by Adriaan van Rossum ( follow on Twitter )
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
疯狂科学家大本营
Bei Er Fei Ao Er / 本书翻译组 译、黄晓庆 周宇煜 张为民 审译 / Science Press / 2012-1-5 / 48.00元
美国最棒的创意工场不是贝尔实验室,不是硅谷,也不是麻省理工学院的媒体实验室,而是由五角大楼领导的绝密军事机构DARPA——国防高级研究计划局。DARPA是由美国前总统艾森豪威尔建立的军事部门,创建的目的是为了回应苏联的太空计划。 虽然DARPA属于政府机构,但是没有冷冰 冰的氛围和官僚做派,那里的科学家偏爱牛仔裤和运动鞋。不过他们最爱的还是在各个领域寻找颠覆性创意。从航空航天、IT,到能源领......一起来看看 《疯狂科学家大本营》 这本书的介绍吧!