Drupal is known for being secure and a good tool for building websites with high privacy standards. However, many websites load third party scripts, which can gather a lot of data about your website visitors with one or more third parties.
We review a browser plugin that disables third-party scripts in the following BADCamp presentation:
We dive deeper to examine why loading any assets from third party domains can potentially share your website traffic with third parties, even when no third party trackers are present.
We discuss some server settings such as HTTP Strict Transport Security (HSTS) and Same Origin Policy which can require that assets are loaded over HTTPS and prevent assets from being loaded from third-party domains. We also touch on open-source analytics tools that can be self-hosted, as Google Analytics, is now the most widely used third-party tracker.