Building Websites That Protect User Privacy

by
Squiggy Rubio
| January 12, 2020
A headshot of Squiggy Rubio with a lock and people icons in the background featuring logos for Kalamuna @ BADCamp

Share

TwitterLinkedinFacebookEmail

Drupal is known for being secure and a good tool for building websites with high privacy standards. However, many websites load third party scripts, which can gather a lot of data about your website visitors with one or more third parties.

We review a browser plugin that disables third-party scripts in the following BADCamp presentation: 

We dive deeper to examine why loading any assets from third party domains can potentially share your website traffic with third parties, even when no third party trackers are present. 

We discuss some server settings such as HTTP Strict Transport Security (HSTS) and Same Origin Policy which can require that assets are loaded over HTTPS and prevent assets from being loaded from third-party domains. We also touch on open-source analytics tools that can be self-hosted, as Google Analytics, is now the most widely used third-party tracker. 

 

Squiggy Rubio headshot

Squiggy Rubio

Former Web Developer

Squiggy Rubio is our very own web development virtuoso. Self-taught and relentless, she constructed her first Drupal website with version 4 and has maintained a fruitful 15-year relationship with the Drupal community since. As a devotee of open-source software, she breathes life into each project, bringing her unique blend of passion and expertise. Not just content with creating digital marvels, she's also an advocate for digital security and privacy.