Protecting the privacy of people visiting your website
How can I protect the privacy of someone visiting my website?
With news about people being criminalized for having abortions, many of us want to balance providing important information to abortion seekers who go online to find out more, while also making sure our websites don’t increase their risk.
The bad news is that there is no way to operate a completely anonymous website that is also accessible by the general public who are accessing the Internet from their cell phone browsers.[1]
The good news is twofold:
We can limit what we collect about website visitors and how long we store it for.
We are not aware of any cases where visiting a website was the reason someone was criminalized for an abortion.[2]
Whether you want to protect your website’s visitors’ privacy to give them privacy about their abortion, or just because you want to opt out of the creepy personalized ad ecosystem constantly demanding more data from us, you can take action!
Why do I have to collect some data about my website visitors?
When someone visits your website, they are reaching your website through physical cables that transmit their request to servers that host your site. In order for your site to show up on their device, data has to travel between your site. This data includes the IP address of their device and of your website, which is how the request is routed to the right place. This process leaves traces in your site’s logs and on their browser, device, and router. Some of these logs are deleted quickly or even instantaneously, but others, like browser history in most common browsers, persist until we delete them.
You can’t control whether your website visitors delete their browser history, or whether they protect their own IP address by using the Tor browser or a no-logs VPN.[3] As the person who runs the website, all you can control whether or not you collect additional data beyond IP address from your website visitors, and how long you keep the logs with IP addresses or any other data you collect.
Data Retention: Deleting or Redacting Logs
Depending on where your website is hosted, you may be able to adjust the server log data retention settings. If someone else manages your website, reach out to them for support. If you manage your own website, search your hosting provider’s documentation for help articles about server log or IP address data retention options, and submit a help ticket if you can’t find that information.
If you’re just building a website, or want to move to a new hosting provider, make sure to ask about server log retention customization options before you decide on a hosting provider.
Learn more about server log data retention here.
Limiting Trackers, Cookies, & Pixels
Many websites use tracking technology like cookies and pixels to learn about their visitors and even track their activity on other websites. You can use tools like Markup’s Blacklight, or extensions like Privacy Badger or uBlock Origin, to see what trackers are on sites you visit, including your own site. A lot of websites use these tools for analytics, to learn more about their visitors and try to reach a larger audience. Some of them use them for targeted advertising. For advertising, data is often shared with third parties, like data aggregators that then sell user data to other companies. This can lead to scary headlines about creepy tracking and advertising practices, like menstrual tracker apps sharing data with Facebook. Creepy as it is, this data is extremely unlikely to be used to criminalize anyone. However, it can be unsettling and more and more people are opting out of this type of data collection by using cookie- and ad-blockers.
Only collecting the information you need is a sign of respect for your users. And you may decide you need some information for analytics to inform your search engine optimization strategy, for example, or to block spammers. We always have to balance privacy and security against accessibility. If you do need to collect analytics information, you can choose tools that respect user privacy and don’t share data with third parties. Some options for website analytics include Matomo and Plausible.
Depending on where your site is hosted, you may have more or less control over what trackers you use. For example, all Squarespace sites have a minimal cookie that cannot be turned off.
If you manage your own website:
Log into your website hosting account and look for settings related to user privacy or cookies. See where you can minimize tracking or turn it off.
If Blacklight shows that your website has third party trackers, find out how those were added to your site and remove them.
For example, you may have added a Facebook pixel to your website’s header in order to access targeted advertising on Facebook. If you decide you no longer want to share your website’s visitors’ data with Facebook, you can remove the code from your header and also disable the pixel and targeted advertising in your Meta Business account. Learn more about minimizing Facebook pixel data collection here!
If someone else manages your website:
Schedule a meeting to talk to them about user privacy. Gather data about your site from the Markup Blacklight tool, and ask them to remove trackers that you aren’t using. If you want to switch to a more privacy-focused analytics tool like Matomo or Plausible, get a quote for replacing analytics you’re currently using, like Google Analytics, with your new preferred company.
Learn more about protecting your users’ privacy at https://www.eff.org/pages/online-privacy-nonprofits.
What can my website’s visitors do to protect their own privacy?
When someone visits your website, they leave traces of their activity on their own phone as well as your site’s hosting infrastructure. Those traces include: logs on their own wifi router; their Internet Service Provider’s logs; and their device’s browser history. They also leave their IP address in your website’s server logs, as discussed above.
If your website visitors want to hide their IP address from you and their website browsing activity from their Internet Service Provider, the easiest solution is for them to download the Tor Browser. When someone uses Tor, the websites they are visiting are obscured from their Internet Service Provider and their wifi router, and their IP address is hidden from the websites they visit as well. Tor also automatically deletes the browsing history when a window is closed. However, using Tor can greatly slow down one’s interest speed because of how it reroutes one’s internet traffic to provide anonymity.
If people don’t want to download a new browser, they either use an incognito or private browsing window that will automatically delete their history once they close it. You can give your website visitors instructions on how to use an incognito or private browser window in Safari, Chrome, and Firefox.
Most likely though, people are already on your site using their normal browser, most likely Safari or Chrome. That’s fine!! They can manually delete your site from their browser history in Safari, Chrome, or Firefox.
People may also be familiar with Virtual Private Network apps (VPNs), which hide their IP address from the websites they are visiting. If people use a VPN, it’s important to pick one that does not collect logs, a.k.a. a no-logs VPN. Using a VPN also doesn’t prevent the browsing data from being stored in the browser history, so it’s important to follow the above steps and either browse in an incognito or private browsing window or manually delete the browser history.
Keep in mind that digital security is not the main factor in abortion criminalization. By the time someone’s browser history comes up in an abortion criminalization case, something else has already gone wrong. Based on research from If/When/How, the ways that people are criminalized start most commonly with a report from a care provider, such as a healthcare professional or social worker, or a family member or friend who thinks someone’s pregnancy loss is suspicious. Know that no one ever has to report anyone else’s pregnancy loss, including healthcare professionals. Learn more about ways to prevent self-managed abortion criminalization with Pregnancy Justice’s “Confronting Pregnancy Criminalization” Guide!
Have questions that this article don’t answer? We recommend reading EFF’s Online Privacy for Nonprofits: A Guide to Better Practices for additional information!
[1] You can create a website that is only accessible via the Tor browser, called an “onion” site (named after the many layers that Tor uses to provide anonymity), which would mean all your visitors would be anonymous, but also force all your users to download Tor to visit your site.
[2] While people’s search histories, text messages, and private messages have been used as evidence in cases that criminalize self-managed abortion, searching online for abortion information is not the greatest risk factor in criminalization. It’s also important to note that people seeking abortions at legal clinics or via legal telemedicine in their state have not yet been criminalized. In their report “Self-Care, Criminalized”, If/When/How found that the factors that increase risk of criminalization are self-managing an abortion in the second or third trimester (87% of the cases that If/When/How analyzed), as well as being part of a community already disproportionately criminalized in our carceral system. People of color and people living in poverty were disproportionately criminalized for self-managed abortion. The biggest threat to their security was other people: partners and family members, including abusers, and healthcare professionals who reported what they deemed suspicious pregnancy losses to the police. When police opened investigations, they focused on proving that the pregnancy loss was an induced abortion rather than a miscarriage. In a few cases, prosecutors used evidence from cell phones and iPads including search history, text messages, and emails, and in one known case, police sent a subpoena to Meta for Facebook messages.
[3] See footnote [1] about onion sites on the Tor browser being the exception to this rule.