I much like Laura Kalbag’s “I don’t track you” declaration on her blog. She links to that post in the footer of her webpages.

As Laura Kalbag says it’s “as much a fact as a mission statement“. I would definitely like to be able to say the same, because it’s important as a signal, as a statement that the web does not need to be what the silos as advert delivery and manipulation vehicles make it to be. But for this blog it isn’t fully a fact.

I do not track anything anyone does on my site. But others in some instances do. This is the case where I embed material from elsewhere. Although often what I embed is still my own content, such as photos and slides, they are served from the likes of YouTube (Google), Flickr, and Slideshare (LinkedIn). The primary reason for using such services is storage space. Presentations, videos and photo collections tend to be large files, filling up the allocated space in my hosting package quickly. And of course there are occasions where I do want to show content by others (photos and videos). Especially in the case of images, showing other people’s content here is very deliberate, based on an obligation to re-use.

This means that I am an enabler of the tracking that such services do when you visit my blog. To be certain, you have a personal responsibility here too: your browser is your castle, and that Castle Doctrine of browsers means that you should already actively block tracking in your browser. However, I also have a responsibility to not expose visitors to tracking where that can be avoided.

So how to avoid tracking? What alternatives are out there? Here’s a list with the services from which this site over the years has embedded material.

  • YouTube (Google): I did not know this until I looked for it today, prompted by Laura Kalbag’s blogpost, but Google provides a setting with embedded YT videos that disables tracking and serves the video from a different domain (youtube-nocookies.com). This is what I will do from now on, and I will go through my older postings to change the embed code in the same way.
  • Flickr: I use Flickr a lot, it’s both my off-site online photo backup, as well as an easy way to post images here, without taking up hosting space. My tracking detection tool (Ghostery) does not find any trackers of embedded images, provided I strip out some of the scripting that comes with an embed by default. This stripping of superfluous stuff I routinely do, and is in my muscle memory.
  • Slideshare: this I think needs replacing. A Slideshare embed always comes with a Google Analytics tracker and a 3rd party beacon it seems. There is no way I can strip any of that out. It’s a good idea to do without Slideshare anyway, so need to search for an alternative. I might go for my own cloud space, or start making my slides differently, e.g. in HTML5, or find some other tool that I can attach to a private cloud space, and allows easy sharing with others.
  • Scribd: this one definitely needs to go too. Embedding a Scribd document adds Google Analytics and a Facebook tracker, and curiously still a Google+ tracker too, though that service no longer exists. Again, need to search for an alternative. Same as with Slideshare.
  • Vimeo: this video embedding service does not add trackers as far as I can tell from my Ghostery tracking monitoring plugin.
  • 23Video: this platform has pivoted to corporate marketing videos and webinars, and no longer supports casual embeds like in the past. I will need to go through my archive though to clean up the postings where I used 23Video.
  • Qik. This was a live streaming video service I used around 2008. The domain is no longer active, and any embeds no longer work. Will need to clean up some old postings.

So, from this list, Slideshare and Scribd stand out as the ones adding tracking features to this site, and will need to go first. So I’ll focus there on finding replacements. Flickr and Vimeo are ok for now, and Youtube for as long as they respect their own privacy settings. Flickr and Vimeo of course don’t have your data as their business model, whereas YT does, and it shows. Once I’ve removed the tracking functionality from embedded content, what remains is that any call to an outside source results in your IP being logged in that outside server’s logs, and by extension your user agent etc. This is unavoidable as it comes with connecting to any web server. The only way I can avoid such logging is by ensuring I no longer use anything from any outside source, and hosting it myself. For my own content that is possible, as for images I re-use from e.g. Flickr (by serving the image itself from a server I own, and otherwise just linking to the source and creator. As I did with the image below), but hardest for re-using other people’s videos.

Tracks of footprints in the snow, image by Roland Tanglao, license CC BY

8 reactions on “I Don’t Track You Here, But Others Might

  1. This is awesome. Fighting with this so hard on my own blog. Providing no own cookies doesn’t mean there are really none the moment and 3rd party request comes into play. Even getting rid of Gravatar is a PITA.
    https://www.zylstra.org/blog/2020/01/i-dont-track-you-here-but-others-might/ I Don’t Track You Here, But Others Might
    I much like Laura Kalbag’s “I don’t track you” declaration on her blog. She links to that post in the footer of her webpages.
    As Laura Kalbag says it’s “as much a fact as a mission statement“. I would definitely like to be able to say the same, because it’s important as a signal, as …

  2. Here’s how I see it. By using external services you are using their resources. Unless you’ve paid for that service you owe them something. If you truly want to protect your site visitors stop using external services.

    My position is no different than the restaurants in New York City that won’t let you use their bathroom unless you’re patron.

    FYI. I attempt to minimize tracking on my website.

    • True and fair enough, up to a certain point.

      There are 2 issues above that ‘certain point’. One is that where I go to e.g. YT’s site I give it consent to track me (or not), but if I embed a video in my site YT assumes consent from my site’s visitors, and there is no way for visitors on my site to deny or withdraw such consent. Even if they are not at my site interacting with the embedded content, but it happens to be elsewhere on a page they are looking at. It would be more acceptable as a trade (though maybe worse as user experience), that when someone starts interacting with embedded content such consent was sought (and service denied if not given). This is it seems indeed what YT’s no-cookie feature aimed to do at launch in 2009: only track stuff once someone clicks play. Forced and uninformed consent is against the law hereabouts (GDPR), and higly questionable everywhere else.

      And that’s the 2nd issue above the ‘certain point’, the notion of consent. Adtech is not essential to providing the service, given that it is the malignant result of incremental add-ons to squeeze more data from every interaction. It’s growth is thus that meaningful consent, even were it asked, can no longer be given. Most adtech therefore I think is in direct violation of EU law (GDPR) and a wide range of cases are making their way through the national GDPR authorities and courts thereafter, that will make that clear to corporations and consumers.

      Regardless, and waiting for the courts can take a long time, stopping to use external services to stop them tracking my site’s readers is the solution. Which is what I wrote for those services where there is no fair trade-off below the ‘certain point’: Slideshare and Scribd need to go (not just for embedding, but I need to stop using them at all). Vimeo and Flickr can stay for now I think (and I’m a paying customer of both). YT is a ‘maybe’ at the moment. In the long run, all external services will need to be replaced by a more decentral solution though.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.