Notes and references from our talk "Building privacy-friendly websites" at WordCamp Europe 2015 in Seville, Spain, on June 27. Plus related things that could be of interest. Also: slides!

Recent reports

2014-06-30: The right to privacy in the digital age [pdf]
Report of the Office of the United Nations High Commissioner for Human Rights
On the importance of privacy and human rights in digital environments.
See also: Background

2014-10-23: Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism
English, Arabic, Chinese, French, Russian, Spanish [pdf]
Privacy is important for freedom of speech, and needs to be established also in digital environment.
See also: Press release

2014-12-08: The Rule of Law on the Internet and in the wider digital world [pdf]
Council of Europe Commissioner for Human Rights
Summaries: French, German, Russian, Serbian, Turkish [pdf]
/States should not force companies to “self-regulate” as a means of circumventing human rights legislation. Privacy is important. Human rights and due process are important./

2015-05-28: Report on encryption, anonymity, and the human rights framework [doc]
UN Special Rapporteur on Freedom of Speech and Freedom of Opinion
Encryption and anonymity are a condition for freedom of speech and the freedom to form an opinion.
See also: Additional documents

Technical

HTTPS

Standard SSL certificates now cost a single-digit amount of dollars/euros.

In September, Let's Encrypt will make them free for all.

If you do use HTTPS, consider turning on HSTS (but really make sure everything is working 100% well first!).

Note that HTTPS doesn't offer perfect privacy - it might still be possible to determine what page you're looking at through traffic analysis. But it's a whole lot better than using HTTP.

Use Qualys' SSL Server Test to check your setup.

Referrers

Use rel="noreferrer" for external links. HTML5 spec, 4.8.4.8:

It indicates that no referrer information is to be leaked when following the link.

If a user agent follows a link defined by an a or area element that
has the noreferrer keyword, the user agent must not include a
Referer (sic) HTTP header (or equivalent for other protocols) in the
request.

Supported by Firefox since version 33 and by WebKit (Chrome, Safari) since November 2009.

<a href="http://www.foo.bar/" rel="noreferrer">Works with Firefox, Chrome, Safari. Not IE.</a>

A newer development is Referrer Policy. This makes it possible apply a certain policy to all links, rather than having to set rel on each of them. It can be set in the HTTP header:

Content-Security-Policy: referrer no-referrer;

...or via a meta tag:

<meta name="referrer" content="no-referrer">

It also offers alternatives like “Origin Only”, “Origin When Cross-Origin”, etc.  Applies to CSS/JS (link, script) requests too! Referrer Policy is still just a draft, but is supported by latest Firefox, Chrome and Safari, as well as Microsoft Edge in Windows 10.

Google Analytics alternative: Piwik

Piwik is a free (GPLv3) analytics platform. PHP + MySQL.

Make sure you anonymize visitor IP addresses and disable cookies. See Configure Privacy Settings in Piwik and How do I disable all cookies for a visitor?.

If you insist on using Google Analytics...

Anonymize the last octet of the user’s IP (what this means):

ga('set', 'anonymizeIp', true);

Use forceSSL to make all requests, even ones from insecure pages, use SSL:

ga('set', 'forceSSL', true);

Implied cookie consent is not cool. Don’t send data until user has given consent (read more):

window['ga-disable-UA-XXXXXX-Y'] = true;

And then, on opt-in: set to false, set a cookie for future reference, and finally track the page view with ga('send', 'pageview');.  See this Stack Overflow answer for more.

You could also load tracking code conditionally depending on the user's DNT setting (although this might be problematic for cached pages):

if ( isset( $_SERVER['HTTP_DNT'] ) && $_SERVER['HTTP_DNT'] == 1 ) { ... }

Fonts

Self-host Google Fonts - use one of the following to get fonts in all formats with proper CSS:

Social media buttons

Official like/share buttons let others track your visitors. Use locally hosted images/fonts, like Font Awesome.

If you need to show number of shares, use a two-click solution (user needs to click to activate) - such as Social Share Privacy - or let your server fetch the data periodically. Same with e.g. embedded Tweets.

Disqus alternatives

Self-hosted with Disqus-style embedded JavaScript:

Forum software that can be integrated and used instead of WordPress' built-in comment system:

Some WordPress-specific ideas

// Don’t store IP addresses of commenters
add_filter( 'pre_comment_user_ip', '__return_zero' );

// Don't set comment author cookies
remove_action( 'set_comment_cookies', 'wp_set_comment_cookies' );

Don’t let WordPress admin load external fonts from Google - use the plugin disable-google-fonts.

Set rel="noreferrer" on external links - use the plugin noreferrer.

Avoid Google Analytics. Switch to Piwik. Helpful WordPress plugin.