Building Websites That Protect User Privacy

By Squiggy Rubio,
A headshot of Squiggy Rubio with a lock and people icons in the background featuring logos for Kalamuna @ BADCamp

Drupal is known for being secure and a good tool for building websites with high privacy standards. However, many websites load third party scripts, which can gather a lot of data about your website visitors with one or more third parties. We review a browser plugin that disables third-party scripts. 

We dive deeper to examine why loading any assets from third party domains can potentially share your website traffic with third parties, even when no third party trackers are present. 

We discuss some server settings such as HTTP Strict Transport Security (HSTS) and Same Origin Policy which can require that assets are loaded over HTTPS and prevent assets from being loaded from third-party domains. We also touch on open-source analytics tools that can be self-hosted, as Google Analytics, is now the most widely used third-party tracker. 

 

Squiggy Rubio

Squiggy can really do it all. As a full-stack web developer, Squiggy can deliver complete site builds in Drupal, Hugo, and WordPress thanks to her extensive 15-year professional career working with an awe-inspiring list of organizations and clients. Don’t let her obsession with CSS fool you. Squiggy’s toolset extends deeper than front-end code. When she's not coding, you may find her talking about worker-owned cooperatives or abundantly sharing small-scale organic farming knowledge.