Notes and references from our talk "Building privacy-friendly websites" at WordCamp Europe 2015 in Seville, Spain, on June 27. Plus related things that could be of interest. Also: slides!
Recent reports
2014-06-30: The right to privacy in the digital age [pdf]
Report of the Office of the United Nations High Commissioner for Human Rights
On the importance of privacy and human rights in digital environments.
See also: Background
2014-10-23: Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism
English, Arabic, Chinese, French, Russian, Spanish [pdf]
Privacy is important for freedom of speech, and needs to be established also in digital environment.
See also: Press release
2014-12-08: The Rule of Law on the Internet and in the wider digital world [pdf]
Council of Europe Commissioner for Human Rights
Summaries: French, German, Russian, Serbian, Turkish [pdf]
/States should not force companies to “self-regulate” as a means of circumventing human rights legislation. Privacy is important. Human rights and due process are important./
2015-05-28: Report on encryption, anonymity, and the human rights framework [doc]
UN Special Rapporteur on Freedom of Speech and Freedom of Opinion
Encryption and anonymity are a condition for freedom of speech and the freedom to form an opinion.
See also: Additional documents
Technical
HTTPS
Standard SSL certificates now cost a single-digit amount of dollars/euros.
In September, Let's Encrypt will make them free for all.
If you do use HTTPS, consider turning on HSTS (but really make sure everything is working 100% well first!).
Note that HTTPS doesn't offer perfect privacy - it might still be possible to determine what page you're looking at through traffic analysis. But it's a whole lot better than using HTTP.
Use Qualys' SSL Server Test to check your setup.
Referrers
Use rel="noreferrer" for external links. HTML5 spec, 4.8.4.8:
It indicates that no referrer information is to be leaked when following the link.
If a user agent follows a link defined by an
aorareaelement that
has thenoreferrerkeyword, the user agent must not include aReferer(sic) HTTP header (or equivalent for other protocols) in the
request.
Supported by Firefox since version 33 and by WebKit (Chrome, Safari) since November 2009.
<a href="http://www.foo.bar/" rel="noreferrer">Works with Firefox, Chrome, Safari. Not IE.</a>
A newer development is Referrer Policy. This makes it possible apply a certain policy to all links, rather than having to set rel on each of them. It can be set in the HTTP header:
Content-Security-Policy: referrer no-referrer;
...or via a meta tag:
<meta name="referrer" content="no-referrer">
It also offers alternatives like “Origin Only”, “Origin When Cross-Origin”, etc. Applies to CSS/JS (link, script) requests too! Referrer Policy is still just a draft, but is supported by latest Firefox, Chrome and Safari, as well as Microsoft Edge in Windows 10.
Google Analytics alternative: Piwik
Piwik is a free (GPLv3) analytics platform. PHP + MySQL.
Make sure you anonymize visitor IP addresses and disable cookies. See Configure Privacy Settings in Piwik and How do I disable all cookies for a visitor?.
If you insist on using Google Analytics...
Anonymize the last octet of the user’s IP (what this means):
ga('set', 'anonymizeIp', true);Use forceSSL to make all requests, even ones from insecure pages, use SSL:
ga('set', 'forceSSL', true);Implied cookie consent is not cool. Don’t send data until user has given consent (read more):
window['ga-disable-UA-XXXXXX-Y'] = true;
And then, on opt-in: set to false, set a cookie for future reference, and finally track the page view with ga('send', 'pageview');. See this Stack Overflow answer for more.
You could also load tracking code conditionally depending on the user's DNT setting (although this might be problematic for cached pages):
if ( isset( $_SERVER['HTTP_DNT'] ) && $_SERVER['HTTP_DNT'] == 1 ) { ... }Fonts
Self-host Google Fonts - use one of the following to get fonts in all formats with proper CSS:
- google-webfonts-helper (web)
- Clemens Lang's Bash script
Social media buttons
Official like/share buttons let others track your visitors. Use locally hosted images/fonts, like Font Awesome.
If you need to show number of shares, use a two-click solution (user needs to click to activate) - such as Social Share Privacy - or let your server fetch the data periodically. Same with e.g. embedded Tweets.
Disqus alternatives
Self-hosted with Disqus-style embedded JavaScript:
Forum software that can be integrated and used instead of WordPress' built-in comment system:
- Discourse (Ruby, GPLv2) + wp-discourse plugin
- Vanilla Forums (PHP, GPLv2) + WordPress plugin
Some WordPress-specific ideas
// Don’t store IP addresses of commenters add_filter( 'pre_comment_user_ip', '__return_zero' ); // Don't set comment author cookies remove_action( 'set_comment_cookies', 'wp_set_comment_cookies' );
Don’t let WordPress admin load external fonts from Google - use the plugin disable-google-fonts.
Set rel="noreferrer" on external links - use the plugin noreferrer.
Avoid Google Analytics. Switch to Piwik. Helpful WordPress plugin.