Privacy-aware web design

On January 28, Data Privacy Day encouraged everyone to make protecting privacy and data a greater priority; a good trigger to start a long-planned series on some things I have been working on over the last year. With "Privacy-Aware Design", I aim to create a discussion around privacy as encountered by interaction designers on the UI/UX level. I consider it important to acknowledge that the protection of users' information is not just rooted in the service concept (data collection, sharing, visibility) or purely an engineering challenge in the background (encryption, access control, data storage in general), but that privacy is also deeply affected by design decisions on the user-facing interfaces of internet services. [...]

In late 2005, Google started to provide free access to a web analytics product based on the previously expensive Urchin software suite. In the seven years since, this strategy succeeded to get Google Analytics tracking code included in a stunning share of websites by providing access to a powerful tool at (seemingly) no cost for everyone from big corporations to hobbyist bloggers. "Oh, and we'll of course add Google Analytics to the site" is a common phrase in the context of a web project, by large agencies and teenage family webmasters alike: Google has managed to define their product as an implicit standard for visitor analysis on the web. Adding the tracking code is easy and the data the service provides is of unquestionable quality. Yet, privacy advocates have long pointed out the serious implications of one corporation being able to track users around such a massive slice of the internet [...]

My previous post on Privacy-Aware Design ("Replacing Google Analytics with a decentralized alternative") discussed the inherent privacy issue when a private corporation is able to track users around a large part of the internet. I presented how the provision of a free service with undeniable benefits for website owners has led to a situation where Google is able to track any internet user around half of the web and that it happens without explicit consent of the end-users (who may only protect themselves from being tracked by browser privacy add-ons). Following the same train of thought, the next topic in this series are social media integration practices. [...]

A chain is as strong as its weakest link - if a social network site (SNS) does not enforce the use of a secure protocol for all its communications, a user’s personal data may leak, regardless whether or not they have protected their own connection. For […]

The issue with tracking is not only one of obvious trackers but that, at least in theory, every piece of content loaded from other sites than the originating domain enables some degree of tracking.