Every day, we’re asked to implement certain features or technologies on our client’s websites. Creating web solutions is our bread and butter, so we relish the opportunity to help. Sometimes, the request is for a very specific solution that also comes with some implications our clients might not be aware of, se we like to have a discussion about the knock-on effects of using certain products and services.
The points below are a quick summary of the discussions we have most often, in the hopes that it can help you when considering what ethical technology alternatives to implement on your website.
Free, Open Source Software (FOSS)
A lot of modern websites are based on Content Management Systems (CMS) – a software application that allows users to create, manage, and publish digital content without needing too much technical knowledge.
WordPress is an open-source CMS platform that we love. The base code is available for free and anyone can use, modify, and distribute its source code.
The best part? Using open-source systems like WordPress makes it more likely that you can get exactly what you want out of a website, and that it is secure, flexible, scalable and cost effective. The community mindset also encourages innovation and creativity, as developers can build upon and improve existing code, creating new solutions.
If you asked us to create a new website for you, we’d do it in WordPress using customisations we’ve custom-coded to make life even easier for you. Want to know more?
Analytics
Google Analytics is ubiquitous, even an industry standard. However, few people ever scratch the surface of what is possible with this tool. When you do see the extent of tracking, you can’t help but become aware of concerns about its impact on user privacy and data protection. Google Analytics uses cookies to track user behaviour, collects Personally Identifiable Information (PII) about website visitors, shares data with third parties and many users are still not aware the extent to which their data is being collected and tracked. Google Analytics has also been ruled illegal in several EU countries for alleged breaches of data protection and GDPR legislation.
However, there are alternative web analytics tools that don’t use cookies and respect user privacy – our favourite is Plausible. These tools provide similar data collection and reporting capabilities without compromising user privacy, thereby allowing you to go cookie-free and track the entirety of your user base without fear of contravening GDPR.
Cookies
Cookie notices have become a common sight on websites, with many implementing them to comply with privacy regulations. Despite this, some websites still store cookies to track user behaviour without obtaining their consent, or the tools they use do this independently of the cookie notice. This goes against the principles of transparency and user control that are central to ethical web design.
One effective way to prevent this is by introducing script blockers that prevent tracking scripts from running until users explicitly opt in. This gives users control over their data and ensures that their privacy is respected.
An even better option is to use cookie-free alternatives to tracking, such as the analytics solutions mentioned above. These solutions use alternative methods to track user behaviour without relying on cookies. This not only respects user privacy but also provides more complete data collection since some users may block or delete cookies. By embracing cookie-free alternatives, websites can improve their practices with ethical technology alternatives while still collecting valuable insights into user behaviour.
The only cookies left on our website (for example) are those required for us to administer and edit it, meaning we don’t need a cookie policy or cookie notice.
Email opt-ins
Many marketers still request prominent signup options, to pre-check agreement boxes, or suggest making subscription a condition of certain actions (like submitting a form or making a purchase). Some even straight-up suggest automatically subscribing people.
All of these are very clear breaches of GDPR. Not to mention we’re still yet to meet the people who are all “What’s that, a mailing list? Hell yeah sign me up!”
Your email addresses are valuable, because you can be reached and marketed to. We’re all a little wiser to the idea that an email address has value, and a free service just means the user and their data is the currency. Moreover, major technology suppliers like Apple and Google are introducing privacy features into email designed to prevent the mass-marketing and tracking that we see all too often.
The best approach with newsletter subscriptions is to have a separate checkbox (which must be un-checked as standard) that the user can consciously choose to check and subscribe. If they don’t they should still be able to complete whatever action they were doing.
If you want to make subscriptions even more effective, you should only present a subscription option when you’ve already given the user something valuable or useful, as they are more likely to want to receive further communications if they perceive it as valuable to them.
Self-hosted fonts
Fonts give a website personality, and Google made it really easy to customise your site with Google Fonts – an API that loads fonts remotely into your site, taking some of the hassle out of programming fonts.
However, in January 2020, the French Data Protection Authority (CNIL) [fined Google 50 million euros for violations of the General Data Protection Regulation (GDPR), stating that the company did not provide sufficient information to users about the data they collect and how it is processed.
One of the violations cited by the CNIL was Google Fonts collecting personally identifiable information (PII) from users without obtaining their consent, such as IP addresses, device information, and browsing history.
In response, we are offering our clients help in removing any reliance on Google Fonts and other third-party API services that violate user privacy in favour of self-hosted solutions.
By using self-hosted fonts, websites can ensure that user data is not shared with third-party services and that their privacy is respected.
Captchas
While anti-spam solutions like Google reCAPTCHA are effective in preventing spam and automated bot attacks, it’s important to consider the potential privacy implications. When using free solutions like Google reCAPTCHA, the data collected (such as user behaviour and input) can be used to train artificial intelligence and machine learning algorithms. This means that your users’ data could be used without their consent or knowledge to improve Google’s algorithms and services.
hCaptcha is a privacy-focused alternative to Google reCAPTCHA that prioritises user privacy and data protection. Unlike reCAPTCHA, hCaptcha uses a decentralised system to validate user input and doesn’t collect personally identifiable information (PII) from users. Additionally, hCaptcha can reward website owners with cryptocurrency for using their service, making it a more sustainable and ethical choice. Properly configured, hCaptcha is just as effective at preventing spam and bot attacks as reCAPTCHA, making it a viable alternative for website owners who prioritise privacy and ethical web design.
Amnesic sites
Some websites store analytics, form submissions, emails and all sorts of user data directly on their platform. This can make the site a potentially valuable target for those looking to exploit a company, its’ users or both, by using this data. This is why we recommend the average website be amnesiac by design – it doesn’t store or have any knowledge of this data, and therefore can’t be exploited. This in turn protects you from fines and ongoing issues relating to data protection breaches.
Ultimately, we believe that what goes on your website is up to you, but understanding the ins and outs of technology is what we do best. As such, we are always happy to carefully consider the implications of any new technology or service you want to add to your digital estate, advise on the ethical impact, and suggest better ethical technology alternatives wherever they are available.
