With the dangers of surveillance increasingly a concern, now is a great time to talk about how to build websites that protect user privacy, including avoiding sharing website visitor traffic outside of your organization. You have architected a Drupal website to store data securely with Drupal’s robust permissions, access checks and security best practices. However, your website loads third party scripts, which can share your visitor traffic with one or more outside organizations. Why build a highly secure website, while also sharing all your visitors’ traffic outside your organization? Unless your organization’s business model relies on ads, it’s entirely possible to build your website in a way that avoids sharing your website visitor traffic with third parties.
Protecting website visitor privacy can be advanced by starting with the following set of questions:
-
Do you really need all those third party scripts on your website? Can you reproduce the functionality of third party script in house?
-
Do you really need to load fonts from another server? Can you download them and install them on your own server?
-
If analytics is an important requirement for your organization, would it be possible to invest in hosting your analytics tools in house?
-
Are there tools for anonymizing server logging for your particular CMS or server?
-
CDNs are great for improving performance for your website, but would it be possible to host these files on a server you control instead?
What you’ll learn in this session:
-
You’ll come away with a renewed sense of urgency for protecting website user privacy
-
You will learn what third party scripts are, how they share user data outside your organization, and some ways to avoid using them
-
You will learn how to setup HTTP Strict Transport Security (HSTS)
-
You will learn what information Drupal logs from users and options to avoid tracking this information
-
You’ll learn what information servers log about visitors and options to anonymize this information
Presenters
