If you've browsed the web in the last 10 years then you'll have seen more than your fair share of cookie banners!
As I see it, the purpose of the Cookie Law was to stop websites from storing data in your browser unless they absolutely needed to, by requiring them to prompt their visitors for consent. The end goal being to give you more control over your online privacy, stop needless tracking, and make website owners think twice about what they were doing. In short - a good intentioned idea.
However, basically every website in the world took the easier, less introspective approach - prompting for consent - creating an objectively worse web experience for everyone.
Since at Leave Me Alone we're trying to set an example of how to run a privacy friendly company, we decided to figure out how we could remove all the cookies from our landing page without sacrificing anything important. This means no more cookie banner, no more tracking! 🍪
We had three main cookie monsters that will be well known to SaaS companies;
- Web analytics
- Live Chat
- Security (DDOS protection etc)
To track our page views and general visitor behaviour, like most sites, we were using Google Analytics.
Google Analytics sets a little cookie on page load to "remember" what a visitor has done on each page as they navigate around a site. This allows it to create a profile of the visitor so you can figure out exactly what it takes to get a visitor to sign up or convert, or whatever it is that you're trying to measure.
🍪 Cookie Verdict = 5/5, no cookies, no problem.
(It even guesses a load of personal info from the visitors' email address like what company they work for and their job title using something called Crisp Enrich which is apparently impossible to find any info about but sounds shady as hell).
So, this is a top priority since it looks like an absolute privacy and tracking nightmare.
I get that this is a difficult one, but there's literally no service we could find to do this cookieless (or even mildly privacy focused) so we ended up heavily modifying an open-source project called Intergram to do what we wanted. Intergram works like a regular chat widget, but it communicates with the chat app Telegram via a self-hosted server - meaning at least we're in control of the code. Our modified chat widget now looks like this (and the code is open-source);
Unfortunately it still requires some place to store the messages locally so that the visitor has a copy of them, but we still made this work by only storing anything after the chat has been opened. Unlike Crisp that injected it's cookies when it felt like it. We also don't collect any tracking crap like Crisp does, only chat messages!
We sweetened the deal by adding a consent prompt to the chat widget itself like this;
🍪 Cookie Verdict = 3/5 - fewer cookies, more privacy.
This was a tricky one. We use Cloudflare as a security layer to protect the website from denial-of-service attacks. We also use their CDN to cache our assets so that the site loads extra fast, and use their DNS because it's hella convenient.
To perform their protection Cloudflare stores a cookie called
_cfduid, which is used to track each client and somehow figure out if they're a malicious actor or something. I don't really know and their description is clear as mud. Whatever it does, it's got to go.
I didn't really know where to start with this one, so I tweeted about it and got a reply from a systems engineer that works there:
Which is a bit of a non-answer, since the Enterprise plan costs $200/month and I'd end up with fewer features for my trouble.
Since we've never actually had to use Cloudflare protection, my solution was to disable Cloudflare forwarding completely and switch to a proper CDN provider. You can do this by clicking the cloud icon on the DNS settings switching to "DNS only":
This means we are now just using Cloudflare for DNS. But it's possible to hit this button again and re-enable Cloudflare forwarding temporarily if we find ourselves under attack, so I figure this is a good option.
For a CDN provider we decided on recommendation to check out BunnyCDN. I'm actually really impressed by this service, compared to Cloudflare everything feels a bit faster and it's easier to know what's going on, which I like. Also since it's just a file CDN there are zero cookies of course!
🍪 Cookie Verdict = 6/5 - No cookies AND a faster website!
The website now has no cookies on load, with some storage being used if a visitor opens the chat widget, which I think is a pretty successful outcome!
You can check it out here, you'll notice there's no cookie banner to annoy you, it's almost like stepping back in time ;)
If you enjoyed this post then check out my Twitter. I spend my free time tweeting about how much I hate anti-privacy web practices and crappy mailing list emails. See you there!