It seems like every week there is another privacy scandal hitting the news. They have become so common that many don’t even make the front page any more. Whether it’s giants like Facebook selling your data to a political campaign, dating apps like Grindr sharing its users’ medical data, or email tools like Unroll.me harvesting your information for profit, it seems like it’s impossible to protect your information.
In many cases it’s not even the people whom we are authorising to use our data that make the most use of it. It has become commonplace for services and websites to implement various third-party tools for extra functionality, such as analytics or chat. However, each of these is often tracking or slurping your information independently.
You may think that this is limited to free services, as it’s generally accepted that if a service is free then you are the product. But often the full extent of the trade-off is unclear or misleading, and usually buried in the terms and conditions.
If a service is free then you are the product
Therefore, it is not surprising that people are becoming concerned about the prevalence of third-party scripts, and are beginning to block them indiscriminately. While it may be true that some are evil, tools still exist that can provide real benefit and value to your product or business without selling out your users.
So what third-party scripts are friendly?
It’s not all doom and gloom. I use several third-party tools, many of which were chosen because they are open, have good values, and are dedicated to privacy or provide a way to have control over the data. Here are a few;
I recently researched live chat apps such as Intercom, Crisp, and Drift from a privacy and ethics point of view and found that they are collecting and aggregating a lot of information which is unnecessary. I don’t want a customers address, exact location, social media handles, employer information, or gender etc when they have a question about my product, I just need to be able to chat to them (if I’m not asleep).
Intergram is hosted on our servers, the transcripts are stored in the users client (never by us), and the messages are sent to Telegram which is secure and encrypted. As I already use Telegram for messaging this service was a perfect alternative. I highly recommend it, even if you don’t already use it yourself.
I even made some changes to improve privacy so that logged in users’ chat messages would be cleared when they log out, included a typing indicator, and added our Squarecat branding - I will be making this ready to use and customise for other websites soon so let me know if you are interested!
I am not going to pretend that I don’t have analytics on my product websites, because having access to visitor statistics is essential to building a business, but I have ditched Google Analytics and switched to this privacy-focused alternative. I don’t want the IP address of users browsing my website, I just need visitor numbers and page views!
Metomic makes data compliance and managing users consent preferences easy.
Cookie banners are annoying, and since the introduction of GDPR they have become complicated with confusing options and inconsistent ways of asking which information you agree to share.
Metomic provides me with a customisable widget which tells users what data we are asking for access to, with whom we share it, and for what.
I don’t want the IP address of users browsing my website, I just need visitor numbers and page views
For example, a website might ask for several permissions such as remembering the last email you logged in with in a cookie, or loading a chat widget which will share your user ID. Using the Metomic widget these can be disabled and the scripts for these services will not be loaded. Metomic also monitors the website to let me know if any user data is being tracked or shared unlawfully.
I am also taking steps to ensure that the products I build are privacy-focused, open, and transparent in every way possible.
One of these products is Leave Me Alone - a privacy-focused email unsubscription service.
To operate, Leave Me Alone needs third-party access to the users Google or Microsoft email account. We detail exactly which permissions we need, what they are used for, and we provide links to view and revoke access at any time.
We don’t believe in collecting data that we don’t need to operate
We never store the content of any emails on our servers, all email data is streamed to the users client. We do store some anonymous metadata to help make Leave Me Alone better for all users. We are completely open about what data is collected, what it is used for, and users can opt-out at any time.
We don’t believe in collecting data that we don’t need to operate, we share everything we can including how we built the product and revenue stats, and we are always looking for ways to improve our users privacy even more.
That’s all folks
When deciding which tools to use with data security in mind a good place to start is to choose and support products that value privacy and charge for their services. There seems to be a growing trend of users that, when given the option, choose products that are paid rather than free. Paid products have an established revenue stream so you can be fairly sure they will never need to sell your data to keep their lights on.
More and more companies are joining the Open Startup movement. More transparency, especially about how companies are making their money, is a positive shift in a traditionally secretive world, which is making it easier to find ethical and privacy-focused tools.
Next time you are deciding whether to use a product, check if they are an Open Startup or have an open revenue page.
Data security and privacy is a hot topic right now. There are many great privacy-focused alternatives popping up that it’s easier than ever to support the companies putting users first and avoid using a product which is going to be caught up in another scandal.
Originally published at blog.metomic.io on 17 July 2019