Web design vs privacy

How do these two connect anyway? What does web design have to do with privacy, of all things?

So normally you’d say: nah, it’s in photoshop / sketch / css / browser / boilerplate / framework. Privacy is what you do with the users’ data once they sign up!

Wrong. Here’s why:

I’ve installed Ghostery on Chrome. What it does is it blocks a bunch of scripts that would normally interact with services that gather information about you / your browser. This means no more google analytics, no more new relic, no more facebook like buttons, no more twitter follow / tweet buttons, no more disqus. Right? These are pretty obvious.

But it also means no more Typekit, no more Google fonts. Believe it or not, the simple act of requesting a webfont hosted at either of those services reveals a TON of information about you:

  • where you connect from (has your IP, which can be tied to the specific router you’re using, which means they can know where exactly you are)
  • what browser you’re using (user agent string in the request)
  • what page you’re loading (because Typekit needs to be enabled on domains, and referer in the request)
  • etc... basically they can know the same things as basic google analytics

Which I do not want.

Which brings me to this: if your site’s functionality DEPENDS on any of these services, then you might want to rethink how you make websites.

As someone who blocks Typekit / Google fonts, I am totally okay with sites looking a bit off, but I am not okay not being able to do what the site claims I can without turning all of those back on.