We see more and more project and organisations working on privacy focused apps, services, … great!

But sadly this is more and more just marketing. The most famous line "We value your privacy" is telling almost the exact opposite these days.

So let's do a first step: Everyone who really values privacy, get rid of trackers from your websites. All of them. GA as well as Matomo.

If you want to know how to optimize your websites, analyse your logs or do surveys.

As second step, make sure you have a privacy policy and people can find it. It's also about informing people (and it's a legal requirement since GDPR for most services anyway).

Tip: When your privacy policy is longer than 5000 characters you are probably doing something not so private.

I recommend to create a Table that lists all information you process, the places process those data and the implicates by that as well as the reference to the law that makes those things legal.

Show thread

@sheogorath I like to joke that "we value your privacy" literally means "we know exactly how much your privacy, and lack thereof, is worth to us".

@sheogorath Matomo can be configured to both respect DNT, as well as anonymize IPs. GA on the other hand...

@raucao Yes, and that's great, but misses the point.

Matomo as well as GA are not opt-in and therefore not privacy by design. It's definitely legally fine, but if you really value privacy why do you need to know who visits your website and where they came from?

Why do you really need all the data you obtain from tracking? And what of the data you need can't be (roughly) produced by simply analysing your logs?

@sheogorath Matomo is nothing more than a better log analyzer. You need this data to improve your web application for your customers as well as optimize sales to new customers. You gave up this data when you created it by visiting their website. That's your choice and entirely opt-in. If you give them your personal data, then that's even more so your choice and opt-in.

@sheogorath Them giving it to Google on the other hand is not something you anticipate when visiting their site.

@raucao No, I wouldn't say so. When I visit a website, then this happens in order to read the content of the website, not in order to improve their offers. Also most users are unaware of "how talkative" their browsers actually are.

I would argue that, given you want to do privacy by design, you shouldn't collect *any* data that are not required to serve my request.

You can enrich the data you provide me with hints to a survey or an opt-in for tracking, but not take that as granted.

Sign in to participate in the conversation
Sheogorath's Microblog

This is my personal microblog. It's filled with my fun, joy and silliness.