The web was designed to share information, this openness has led to users unknowingly giving up their privacy in fundamental ways.
If you do examine your choices in the cookie popup to choose which trackers are acceptable the list is often so exhaustive that it could take minutes to simply disable tracking for each of the marketing companies, let alone the hours or days it would take to understand what each tracker is doing.
Every time a company shares browsing history or other personal information with another company it increases the likelihood that information is lost in a breach. Recently, data aggregation companies such as Exactis , the Republican National Committee , River City Media , and more have been the source of many massive data breaches. This means that users were exposed to more risk at no fault of their own. Their data was lost because of aggressive data collection policies and normal internet browsing.
Which of these are real companies that track you around the web and which are companies I just made up:
- Google Analytics
- Baidu Analytics
- Impact Radius
- Facebook Pixel
- YOUTH ID
- Amazon Associates
- Google Ads Conversion Tracking
- LinkedIn Ads
- Facebook Connect
- Facebook Custom Audiences
- Conversion Linker
That was a trick question, those are all trackers. What’s worse, they are all used on a single page for a single site.
A new future
It doesn’t have to be like this. Sales and Marketing can be done with a privacy and security first model. The New York Times recently announced they are phasing out all 3rd party advertising data. This is a great win for the consumer supported news model. More companies, outside of news, can follow suit.
Agree that privacy is important
The first step to take is to understand that privacy is fundamental and important to your customers. Stating this at the onset is important because it sets the stage for the rest of the conversations and discussions. If your team doesn’t first agree that privacy is important to your business and customers the rest of the conversations will not be fruitful.
Set goals for data collection
Data collection doesn’t have to be an all or nothing effort. There are legitimate reasons to collect data. It can help you understand your customers and to help sharpen messaging and content. However, without clear goals, the team may end up adding trackers that don’t help the business. This will add to the customer’s risk with no upside.
Set a high bar for new trackers
Without clear goals and customer protections, it can be tempting to add each tracker and tool to a website each time they’re suggested. Perhaps, one tracks demographics, one tracks history, and another tracks political leanings; ensure that each new tracker will help you with your goals, make sure there are measurable KPIs for each tracker. If they’re not useful, remove them.
Share the data you do collect with interested parties. Many times teams will set up their own trackers and accounts because that’s easier than getting the data from another team. This failure of communication shows other organizational issues that should be addressed before customers are put at additional data-loss risk. Each new tracker should provide new functionality. Make sure you’re not tracking the same data in multiple places.
Gather only necessary data
The data collected must be able to be shown to make a difference for your team and users.
Destroy data as soon as it is no longer useful. If you’re collecting and managing your own user data make sure that data is purged as soon as it is no longer needed. Set a default data expiration that is as short as possible: 6 months is a good default. Create an exception process to hold data longer than the default if necessary.
As mentioned above, much of this information is collected without your consent or knowledge. Even if you examine each cookie consent dialog there are still hundreds of digital trackers and cookies that will remain enabled. To protect yourself I recommend taking additional steps.
1. Install an ad and tracker blocker
A good ad-blocker such as uBlock Origin , Privacy Badger by the EFF, or DuckDuckGo Privacy Essentials . These extensions will block advertising, malware, trackers and more at the request level. The result is that you are protected from tracking, see less advertising, see less visual clutter, and have a faster browsing experience. You can disable or tune your ad blocker for certain sites that you want to support through ad revenue. When browsing to a site like wired.com you will see about 15% of the total requests blocked.
2. Delete Facebook, Replace Google
Facebook and Google are advertising platforms. Their primary source of revenue comes from the tracking and sale of user data. These companies build a complete demographic profile of you based on the information they gather. Because of their significant reach and market penetration they can achieve this goal exceptionally well.. They use this information to sell advertising across the web.
Replace other Google features and products as well. Don’t use Chrome as your default browser, I recommend Firefox or Microsoft Edge. Don’t use Google’s DNS servers, I recommend Cloudflare’s 18.104.22.168 servers. If you can minimize the use of other Google applications such as Gmail, Google Calendar, Drive, Play Store, Android, Groups, Hangouts, Maps, News, and even YouTube.
3. Enable browser based privacy features
Most browsers include good privacy features. Both Microsoft Edge and Firefox have good automatic tracking prevention. Enabling strict tracking prevention will protect your identity the best, but may break some sites and pages.
Enable the “Do Not Track” requests option. This is an optional setting that the browser can send to the server to tell the sever not to track them. Unfortunately there isn’t anything enforcing companies to respect this setting, but it is a good practice to enable it.
The web was designed to be open. The principles that allow for open standards and information discovery are beautiful, lofty, and important. When many of these standards were designed and developed there was no idea of what the internet would become. The very concepts of security, privacy, authentication, authorization, and threats on the internet were so nascent, little to no effort was made to mitigate those risks. Now trillions of dollars flow through internet based companies, many of which anchor their business on tracking users, selling advertising and marketing to every micro-demographic possible. There are massive market forces pushing companies to collect more data than ever before. We must make the active choice as business leaders and consumers to strike a balance between data collection and privacy.