Skip to content

Whenever I open a website and get the inevitable ugly cookie popup gleefully declaring “We value your privacy”, my response is normally “I bet you do, my personal data must be worth top dollar to your advertising partners!”.

Trying to browse a website without your personal data being flogged to the highest bidder has become such a chore, you may wonder how we ever got to this stage. However did the big tech companies get their fingers into ever nook and cranny of the Internet?

The short answer is that us website owners did it for them.

For years, companies such as Google, Facebook and Amazon have been dishing out free software for people to use on their websites.

From analytics to video embeds to maps, these third-party scripts provide website owners with a host of amazing functionality, often with a single line of code.

It’s only over the past few years that web developers (myself included) started waking up to the real cost of all these free tools: the unmitigated harvesting of personal data across the internet which is bad news for all of us living in an increasingly algorithm-driven world.

Not only do many of these scripts pass your users’ private data back to the third-party companies, they also slow down your website considerably. This is bad for your customers, bad for SEO and bad for the environment.

Before we start…

I want to emphasise that despite the rather clickbaity title of this article, it is not intended to make you feel bad for having any of these on your website. In fact, many things listed can still be considered as ‘industry standard’.

My intention is to provide you with information about how to do things in a better way. As always, remember that it’s about progress, not perfection. Small improvements all add up to positive change.

If you can make even one of the positive changes listed below, that’s a great achievement!

Intrusive Analytics

Measuring how people use your website is really useful to help you understand how you can improve your website and marketing.

Google Analytics has long been considered the go-to for measurement. While it’s an incredibly powerful tool, it’s also very intrusive for tracking your visitors way beyond what is useful to you as a website owner (such as demographic data, personal interests and affinity categories).

In 2020 I switched to using Fathom Analytics, a privacy-focussed, ethical alternative to Google Analytics which tracks page views without all the extra personal data.

You can read more about my (very positive) experience so far in my article Fathom Analytics vs Google Analytics

Facebook Pixel works in similar ways, and so the same applies. Consider how useful the data collected is to you as a business against the cost of also passing all of this and more to Facebook.

Recommendation: has plenty of suggestions for ethical alternatives to Google Analytics.

Vicious video embeds

Uploading videos to a website such as YouTube and embedding them on your site is super easy way to host videos without having to worry about things such as compression or saving into different formats. Unfortunately, as you may have guessed, this does come at a cost.

Embedding a single Youtube video to my test page added over 10 different cookies (and other local storage files), as well as 16 different files, totaling 2.2 MB.

Actually playing the video then rapidly increased this to over 70 files and 3.5mb!!

Do you know how many files it should normally take to play a video? Just one, the video itself.

Interestingly, when you generate a YouTube embed code it does have a checkbox to ‘Enable privacy-enhanced mode’, which promises “not to store information about visitors on your website [i.e. with cookies] unless they play the video”. Which is great news, unless they want to watch the video.

Recommendation: Host your own videos and add them directly to your page without an embed code. Or simply link out to the YouTube video from your website.

Crappy Captchas

As we all know, robots love filling in our contact forms to tell us all about offers on sunglasses and handbags in far-off lands.

As a countermeasure to bot spam via contact forms, many of us have relied on Google reCAPTCHA for years to help us prove that “You are not a robot” through the use of clicking on pictures of buses and traffic lights.

For reCAPTCHA v3, Google did away with this in favour of using a new tracking script that RECORDS YOUR EVERY MOVE when using a website and then employing an algorithm to determine whether you are acting like a human or not.

If you see one of these badges in the bottom right of a website you are being tracked, sorry ‘protected’, by Google reCAPTCHA.

This hideously intrusive piece of software is effectively like voluntarily putting up CCTV cameras in your office – except all the footage goes straight to Google and their advertising AI. Just the other day I was doing a website review of a site that was saving 46 different Google cookies! Yuck!

Recommendation: reCAPTCHAs are baaaaaad. If you’re really worried about spam, use a honey pot technique or a service such as Akismet instead.

Social share buttons

A throwback to the days when using social media was remotely enjoyable, link sharing plugins such as AddThis are handy for sharing pages when you can’t be bothered to click copy and paste the URL.

As well as providing this very useful service, it also uses a particularly nasty tracking technique called Canvas fingerprinting to pass your website visitors’ data back to the parent company of AddThis, the Oracle Corporation.

Even though most modern mobile browsers have built-in sharing functionality, AddThis can still be found on over 15 million websites (side note: going on the AddThis website to get that figure, I hit ‘Accept all cookies’ to see what would happen and it added 60 cookies to my computer).

Recommendation: Get rid, pronto! If people want to share, they will just copy and paste!

Map embeds

Google Maps is cool and all, but most times I see it implemented on someone’s website it’s stuck in a small box where all the complex interactive elements are pretty much unusable. That really is not worth it for the amount of extra scripts (12 if you’re interested) you have to load in alongside the map!

Recommendation: Ditch the interactive map and replace it with an image that links out to your Google Business profile.

Review widgets

Last year I was doing some website optimisation work for someone whose site was loading slowly, and was shocked to find that an embedded widget for displaying reviews was adding an entire 1.5 seconds to the page load speed!

Not only this, the widget was also outputting a whole bunch of nasty tracking cookies.

Of course displaying customer reviews is an excellent way to promote your business and show that you can be trusted, but there are better ways of doing this.

Recommendation: Display key testimonials as normal text, with no bad stuff that comes with pulling them in from an external source.

Ads, Ads, Ads

And so we come to the reason cookies became a problem and the GDPR law was introduced in the first place: personalised ads.

As a double whammy, websites that present personalised adverts based on your browsing history and behaviour also need even more cookies to track if they are effective!

To test this, I went on the website of my local newspaper (which was presumably designed to a ratio of 90% ads, 10% journalism) which saved way over 200 cookies/local storage items to my machine. Every single one of these can be used to identify and target me in some way.

Combined with increasing research to suggest personalised ads aren’t even that effective, is it any wonder people use ad blockers?

Recommendation: The presence of the ads will undoubtedly repel people and you’ll lose potential customers. Unless your ad revenue is enough to sustain your business, get rid.

Wait… so this stuff is all over the internet?

Unfortunately, yes. Researching this article I really was shocked just how bad the state of web tracking is.

If you’re not sure what third-party scripts are loading on your own website you can use a tool such as Blacklight to see if there’s anything nasty lurking in your code!

In terms of better protecting yourself, the first step you can take is to say no when a website asks: “Do you want to accept cookies?” Better yet, you can protect yourself from all this crap by using a privacy-focussed browser such as Brave, which blocks third-party cookies and adverts.

You can also read more of my tips on protecting your digital privacy as well as watch The Social Dilemma, which shines a rather terrifying light on how all this data gets used.

If you would like some help or advice in improving the privacy of your website, you can get in touch.