Combined, Facebook's Terms of Service and Privacy Policy contain more words than the Constitution of the country in which it is based. That's 6,143 words for a social network, 4,608 for the founding of the USA. I use Facebook as an example because it has had no shortage of press over its policies.

I find these kinds of things fascinating because we accept them without second thought. We sign up to websites mailing lists, social networks and apps without thinking about what could be in those terms of service. We don't read them - why would we, we don't have time - we just tick the little 'I agree' box, and move on. I am guilty of it. You are too.

What people sometimes forget is that when we click 'agree', we're entering into a legally binding contract. As of the second quarter of 2016, Facebook had 1.71 billion 'monthly active users'. With the world population standing at something like 7.4 billion people, that means over 22% of the entire world uses Facebook at least once a month. 22+% of the planet has entered into a legal contract with a company that started out in a university bedroom in 2004. Single user to multi-million dollar company.

The other day I received an email from a company who creates Terms of Service templates for individuals and companies to adapt. 'Is your website covered?', it asked. No, it's not. If you're an online business or deal with people's data, I can understand. I'm just a lonely little blog floating around in cyberspace. Ain't nobody got time 'fo 'dat.

Lots of websites track whole hosts of information about you. Analytics - which can tell where you're from, what browser and operating system you're using, where you've visited from and your 'path' through the website - and advertising trackers - which collect data and behavioural analysis - are the most common.

BBC News has two trackers, the Guardian website has nine, seven of which are advertising related. The Daily Mail website - Mail Online - is one of the worst offenders. 24 trackers on their website, 2 of which are analytics, fifteen of which are advertising. It slows their website down and is ultimately pointless. You do know people block advertisements, right? Right?

In using their websites, you're consenting to the application these trackers. Facebook has a handful - here's the bit covering that in the Data Policy you didn't read:

We collect information from or about the computers, phones, or other devices where you install or access our Services (...) Here are some examples of the information we collect: Attributes such as the operating system, hardware version, device settings, file and software names and types, battery and signal strength, and device identifiers. Device locations, including specific geographic locations, such as through GPS, Bluetooth, or WiFi signals. Connection information such as the name of your mobile operator or ISP, browser type, language and time zone, mobile phone number and IP address.

Even if you haven't explicitly clicked 'I agree' anywhere, websites can still use your info. Here's something from the BBC's Privacy Policy that you didn't have to click 'I agree' to:

The BBC also uses cookies and similar technologies (...) and collects IP addresses (an IP address is a number that can uniquely identify a specific computer or other network device on the internet) and other information about devices from visitors to BBC websites, users of its mobile device and TV Apps, and through other BBC content online

Seen the 'This site uses cookies' alert anywhere? That is your acceptance. No 'I agree' button, no opt-out: No chance to. The law, which came into effect in 2011, stems from the EU’s 'Privacy and Electronic Communications Directive', which applies to all websites based in the EU.

The law affects any website which uses ‘non essential’ cookies, such as visitor tracking code or advertising.

It doesn't stop there.

In an article released yesterday in the Guardian, Olivia Solon explains that Google's ad tracking just got a whole lot creepier.

An analysis of the changes conducted by Propublica details how [Google] had previously pledged to keep [two sets of data separate in order to] to protect individuals’ privacy, but updated its privacy settings in June to delete a clause that said “we will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent”.

For clarification, 'personally identifiable information' includes content from Gmail, YouTube, and other accounts that have been merged with people's browsing records from across the web. DoubleClick is a Google-owned advertising and tracking company. Olivia writes that, in practice, 'this means that Google can now (...) build up even richer profiles of named individuals’ online activity.'

Online privacy is something I'm very passionate about. I'm also obsessed with speed - with making my website as fast as I can, even if it's by trimming a millisecond off the load time here-and-there. It's all about the end product: your experience. I don't believe companies who bloat their website with analytics and tracking care much about you. They just care about what you're worth. They care about data-mining and serving advertisements, the content is just a glossy distraction to do so.

According to online privacy company Abine, 26.3% of what your browser does when it loads a website is respond to requests for your personal information. That means less than three-quarters are things you actually want your browser doing, like loading articles, videos, and photos...

Companies use cookies - they track you around the web - because they claim it 'helps improve our service'. Maybe my website - with its cutting-edge back-end and minimalistic design - will be shitty forever, then. I may be overly confident, but I doubt it. Either way, I really don't care much for spying on you.

I thought I'd close with a manifesto of sorts. Feel free to use this for your own website if you agree with the premise. It would also be great to hear your thoughts, so please do get in touch!

The Privacy Manifesto

  1. I’m never going to take any information from you that you didn’t knowingly and willingly provide. I do not run analytics software, I am not secretly checking where your IP address is from, what browser you’re using or how long you spend here. I don't know how many people are visiting this blog (and I really do not care, either - I do this for me, not you. Sorry.)
  2. I will turn on 'Privacy Mode' for embedded content if the option is available to me. YouTube has this feature for embedded videos meaning they won't store information your visit unless you play the video.
  3. I will serve the blog over SSL where possible and appropriate.

With love,
Your paranoid friend.


I'm going to write an entire blog post about internet advertising in the future and more about privacy and encryption online, so keep an eye out for those. Follow me, if you like. Also, if you're interested, Ghostery is a fantastic browser extension that helps block internet trackers and improve your privacy on the web. I also recommend running some kind of AdBlock software. Take control of your browser autonomy!