Misc

Ungoogleing the blog

When you browse around the web you are constantly being monitored. You can protect yourself a bit by using various browser add-ons like uBlock Origin (firefox, chrome), HTTPS Everywhere (firefox, chrome) and NoScript (firefox, chrome). But even by using these you will be still tracked – just calling a URL can be enough the deduct information about your behavior and who you are by using different browser finger printing techniques.

What do I mean with ungoogleing?

This blog post will not discuss these different plug-ins or different online tracking technologies. It will more describe the steps taken to improve your privacy on this blog. The first major step I wanted to do was stop giving away information about my visitors to 3rd parties. And Google is the big one. I still hope I will show up in the Google search results but I guess there is a risk I will get punished by the algorithm. I will see what happens over the next month or so by checking the ranking of my most popular posts.

A tool that really makes me nervous is Google Analytics. It is literally installed on any site on the web and the reason that people is doing this is not to track it’s visitors. It is to measure what the visitors are doing and what they like on the page. By using Google Analytics you give Google the possibility to track what people is doing on your site but also what different sites they are visiting and what the patterns look like. I don’t think this is fair so I decided that it was time to stop giving this data away.

Matomo makes an entrance

Even if I don’t want to give data away to 3rd parties I still want to know what my visitors read and what type of technology they use. This so that I can write more of the type of content that people enjoy to read and less of what they don’t read. I will however always continue to write about subjects I enjoy. I am interested in the browser and resolution and device type to make sure that the blog work well for my visitors. By looking at the logging I have found issues that I have fixed in the past.

I chooseed to start using a self hosted Matomo instance that gives me all the information I need. Using this tool I can still get the insight to improve this blog but still not share any data with 3rd parties. This information is literally for my eyes only – no one else has access. If you inspect the network traffic you will see that a call to matomo.mbh.se is done – this is the matomo-tracking and if you resolve the hostname you will see that it is even hosted on the same server as the blog.

Showing the network traffic caused by visiting the martinhaagen.se blog
Loading the blog causes traffic to 3rd party sites

Do not ping big brother

When I inspected the network traffic generated when visiting my blog I found that I still pinged Google by loading in fonts from their CDN. This would give away information about my visitors since the browser will at least give away your IP but likely also other information that can be used for fingerprinting. The risk that Google is doing this is pretty low but why provide the opportunity if you don’t have to?

I spent some time to stop loading the font from Googles CDN but instead serving them locally from my own server. This will probably increase loading time slightly since Google’s servers are really fast and distributed over the world – also adding that the chance for the font being cached in the visitors browser is high when using the CDN. I measured before and after the change and the load time differs with less than 100ms – the total load time of the whole blog with all media assets is around 1 – 1.2s. Totally okay!

There is multiple approaches to host the fonts locally. My first attempt was to download the font, convert them from ttf to woff and then replace the call to Google with a reference to the local fonts instead. But this turned out to be quite the project. The main reason being how wordpress and my theme (Candice) worked. I ended up to install and use the CAOS for Webfonts extension and simply remove two lines from the php-files of the theme. A pretty good guide for this can be found over at wplift.com. End result; no ping to Google.

Other changes

In the past I have been using Active Campaign on this site as well. This is mainly a mailing list tool with some additional functionality, quite powerful actually, to do marketing automation. This tool use a tracking script to follow people around the site to be able to do different automated actions and automations. I decided some time back to stop using this for two reasons – too few people signed up for the newsletter and I cannot guarantee what Active Campaign is doing with the data they collect.

If, in the future, I want to start working with these type of technologies. I will probably use a self-hosted Mautic instead. It is powerful and can do the automations needed without the need of sharing data with a third party.

End result

When I started to make my site more privacy friendly I took a look at all the network traffic that my browser did while loading my blog. There where multiple external sites involved. Now there is no external calls at all done. And this without me or my visitors loosing any needed functionality or comfort. My wish is that other sites also take a look at what they are doing to their visitors and what they do with their privacy.

Finger print in blue and yellow like the Swedish flag.