Ethics February 18, 2020

Let's be Privacy-First

drikerf

We're going in the wrong direction. Big tech companies are growing bigger and bigger and admin processes become harder and harder to manage for small businesses. If we keep this up, everything will soon be owned by a few huge companies like Google, Facebook and Amazon. Wait... Did that already happen? 🤔

It doesn't have to be this way though, and as Indie Hackers we don't have to be a part of the problem. Instead, let's move the needle in the right direction. It doesn't take much to get going, just think a little harder before you add a Big Corp script to your website. You might not even need it, or maybe you could support a small company instead and use their software. It might cost you a few dollars a month. But it's definitely worth it.

These are the things I'm doing with Wobaka.com and that you can consider as well:

  • Drop Big Corp services for analytics/maps/et al and support other alternatives like SimpleAnalytics, OpenStreetMaps etc instead.
  • No re-targeting. It makes me super annoyed, why would I want to do it to anyone else? Removing some scripts will save you a lot of loading time too.
  • Share as little as possible with third parties. For example, don't share user records with your bug tracker when an id is enough.
  • Store only the data you need. It's not cool to keep a record of peoples information "just in case".
  • HTTPS everything. It's 2020. Don't let your users transfer data on insecure networks in plain text.
  • Track nothing as default. Finding a needle in a haystack (your data) only gets harder if you add more hay.

Have you started to think about what companies and values you're supporting with your business? What else can we do to be more privacy-friendly?

  1. 2

    Great advice! I've been doing some of the same things on the sites I control too:

    • removed analytics scripts
    • removed cookies
    • removed all third-party connections
    • removed third-party fonts
      etc.

    Big businesses that don't care about ethics might not want to do this, but people who create their own sites and projects can decide for themselves what to do. And they might help start a bigger change towards a better web for all.

    I wrote a bit on how I think marketing can be done in more ethical ways: https://markosaric.com/ethical-marketing/

    1. 2

      Yes! Let's change it :)!

  2. 2

    A bit of a counter opinion on retargeting.

    60% of web users are neutral to it.
    25% actually like them.
    15% are against.

    43% of web users are more likely to convert and buy from seeing a retargeted advert.

    How much would a 43% conversion rate do for your business?

    1. 1

      Not just benefits though. You still share data about your users with other companies which in turn can often do whatever they want with it. Have you read the tos?

      I get that it can increase conversion but there are trade-offs that I think are important to consider :).

      1. 1

        100 visitors hit the SaaS product, each visitor who buys is worth perhaps $10 a month.

        43 of them get the re-targetted advert and convert, $430 additional monthly revenue leading to $5160 over the year.

        Repeat process monthly for annual revenue of $61920.

        You are asking SaaS founders and makers to forgo a not-insignificant chunk of revenue to support this.

        1. 4

          You’re making an economic argument while OP is making an ethical argument. Of course you can make money selling out your users. The issue isn’t that it hurts your revenue — it’s that it’s wrong.

          1. 1

            Ethics are easy, right until the point, it causes pain.

            Whether that pain is lost customers, revenue or so on. It's unfair to talk about making an ethical stand without highlighting the pain of making that switch to others who might go "retargeting is bad" but then a startup has to resort to even worse measures (layoffs of hard-working people, taking on risky loans that force the business into desperation) -

            The only thing I saw as a red flag is saying no to re-targeting as its gonna hurt a lot of founders in their wallets and in their growth over the next year.

            If they choose to proceed with not using retargeting being fully aware, then full credit to them.

            It would be an immense disservice to them to not provide a warning as to what they are going to sacrifice by not using that method.

            There's nothing else on that list I disagree with, all good points. Let's talk about the cost of certain actions or decisions so that people are fully aware instead of simply saying "This is wrong, don't do it"

            1. 3

              I take exception to the claim that layoffs or going out of business are worse than not selling out customers.

              Companies don't have a "right" to exist at a certain scale — or even at all. If a business can only be kept alive by exploiting people, then that business should close.

              Practitioners of surveillance capitalism are making money while foisting the negative externalities onto society. You're talking only about the cost to the business. Let's talk about the cost to the rest of us.

              • How much data do we use to transfer all the tracking scripts on the web? How much more carbon dioxide do we pump into the atmosphere to transfer that extra data?
              • How much do we self–censor due to fear of being watched?
              • How much effort and ingenuity do we waste on fighting online surveillance, instead of tools that could benefit society?

              To me, this is beyond cost/benefit. The issue really is as simple as saying "this is wrong, don't do it".

              1. 1

                When you have to let go good, hard-working people because of a decision you made as an owner, do you personally feel for the macro harm of society or the micro harm of the person right in front of you?

                If we just say, retargeting is off the table is an option, how are businesses/charities supposed to reach their intended audience instead?

                1. 2

                  You can do sales/marketing without sharing your users data.

                  1. 1

                    Teach me how you do it with a similar ballpark conversion rate.

                2. 1

                  Both. Like you said, ethics is easy until it causes pain. It makes it harder to do the right thing, but it doesn't change what the right thing is. You can use the "think of the hard–working employee!" argument to justify any odious business practice.

                  Businesses and charities reached their audiences just fine before retargeting existed.

    2. 1

      This comment was deleted a month ago.

  3. 2

    Agreed! I just wrote an article about this! https://jake.nyc/words/full-stack-ethics/

    1. 1

      Awesome! Nice article :)!

      1. 1

        Thank you!

  4. 2

    I broke the habit of installing Google Analytics with adsoup.co and went with Fathom Analytics instead. Really happy so far!

    1. 1

      I'm confused, wasn't adsoup dead? http://adsoup.io/ Or there is no connection between those two?

      1. 1

        Indeed, there is no connection between the two.

        1. 1

          Thanks, I signed up to them, sounds interesting. Looks a bit sketchy because all the "adsoup" searches lead to the defunct platform.

          1. 1

            Ah gotcha, thanks!

    2. 1

      🙌

  5. 2

    I work in software and I’m embarrassed to say it has only been in the last year that I have truly understood the scale of the problem. I know that I am not alone in my naivety.

    I have started to implement a lot of these recommendations on my personal projects (where I have complete authority to do so) but I can see some of these issues being a hard-sell for most marketing departments (this is outside the domain of IH, I know). It’s hard to convince someone that Simple Analytics is worth $19/month over Google Analytics.

    I’ve just started reading The Ethical Design Handbook which seems to a cover a lot of these issues, as well as offering suggestions as to how you might sell privacy to your stakeholders or co-founders.

    1. 1

      Absolutely, it's not an easy sell if you work at a larger company.

      I think we are in a good position as IH though. If we start doing more about it we can create a new baseline for what users expect. Just talking about it an mentioning it on landing pages etc is a great way to get the word around :).

      1. 1

        Yes we are, but I have some friends working in marketing and it's a tough sell. Their livelihood is advance usage of Google Analytics so they don't want to give it up...

  6. 1

    Love this post! I wrote this article about How to Build a 'Privacy-First' Startup which you might find interesting :)
    https://medium.com/@richardjvibert/how-to-build-a-privacy-first-startup-9e8f944d7d26

  7. 1

    Agreed. Just started to use Fathom on my blog (I had self-hosted analytics before, not Google) and will use it on all my projects.

    What I would add and what I personally offer at Get Tandem is ONE click cancellation of the account that goes with ALL data deletion immediately.

    Yes, it might be annoying that your conversation partner also looses the conversation, sometimes I think it there is a better middle ground, but I think it's the right step for privacy.

  8. 1

    A couple of quick tips for those of you looking to make some changes to improve privacy:

    • Change search engine to: DuckDuckGo, Qwant, Searx, Startpage
    • Use Firefox instead of Chrome. If you really hate Firefox for some reason - use Ungoogled Chromium.
    • Install uBlock Origin/Ghostery/Privacy Badger, NoScript, HTTPS Everywhere. NoScript WILL break most sites, but that's a good thing, because you can manually tell your browser which domains should be allowed to run JS.
    • Use a self-hosted Bitwarden as a password manager
    • There are many alternatives (like OpenStreetMaps) to Google Maps. Use an alternative.
    • If you use Windows consider switching to Linux unless you really need software that's not available on Linux.

    A bit of a plug for those of you looking for an alternative to Google Analytics for your products - check out https://toastedanalytics.com

    Hope this helps :)

  9. 1

    I'm all for this and feel like I've done a lot to be ethical, I still feel overwhelmed by it all though.

    For my last business:

    • I grew it with no ads or retargetting, I've always been proud of that.
    • We always grew with what we had, never misused data to our advantage.
    • We turned down sponsors that wanted the wrong things from us.
    • We are a good employer, letting people make their own choices of how to work
    • We've had the philosophy of trying to make the right decisions

    More recently on a personal level, I've ditched Google Analytics. I went for SimpleAnalytics instead (Fathom and Plausible look great too).

    I support ethical indie hackers where possible too.

    I still use Amazon :|

    I haven't deleted FB mostly because there are local groups that people use. :|

    I don't use DuckDuckGo. :|

  10. 1

    I agree because I'm a part-time ethical hacker & I know how users data will misuse for anything & that's why I'm using DDG instead of google. 😀