Be fair to potential customers (Privacy / Google Analytics on the FP website)

Hi there,

I’m new here, so a few words of introduction

I’m a privacy and anti-malware guy, and trying to be “fair” is part of my job, ever since I started a well known anti-malware sofhware about 15 years ago. We still give it away for free to private users because we believe in the right
for privacy.

Well, I’ve been watching the first FairPhone, and came back here after the news spoke about the second generation, and noticed that you’re being unfair even to people who simply visit your website.

You’re tracking visitors using Google Analytics, sharing their habits with Google. You’re not even using the {‘anonymizeIp’: true} option! If you really need to track users to “improve your website”, please use e.g. Piwik and keep the data to yourself!

Then, I’ve seen Facebook Social Graph integrated. Why do you allow Facebook to track me on your pages as well? There are great alternatives out there that allow integration of social media without tracking, like for example:

I’ve looked at your privacy policy, which speaks alot about privacy, but downplays Google Analytics to cookies, hiding that it’s also about PII (visitors IP address, independent of cookies), and not speaking about sharing PII with Facebook at all.

To sum it up: I’m not feeling treated fair, you’re not even par with the standards required by European law, when it comes to my PII.

Interesting opinion, but I suggest, you directly direct it to Fairphone. This is a community led forum and we have nothing to do with the website settings.

Well, kind of take it as an open letter then

Avira (on Windows desktop) gives me the option to block Google Analytics. Does this work, in your opinion?

On Firefox-based browsers I use a great extension: RequestPolicy it blocks all requests a site do to other domains but the one you’re asking, and it works very well.

I know how to navigate around these - see above, this is my job. Our own anti-malware software blocks it, and within my Firefox, I use Ghostery to block these. On the iPhone, I use Firewall iP to do the same task, and for Android, there are firewall tipps here on this forum as well.

The point is: the Fairphone website should at least adhere to the Europian privacy law. And once they do, if they want to be regarded as “fair”, they shouldn’t require the user to install additional security software before visiting their website, when they can reach the same goals on their side without more effort (alternatives are mentioned above).

I don’t care about this on the average website, but from someone putting a “fair” label on their brand, I really expected this.

Still appreciate the suggestions, thanks

I have the impression a lot of people on this forum use the word “fair” in different ways. Mostly to pose the FairPhone isn’t fair.

Personally, I get a bit tired by it.

Yes, FairPhone (the phone and the company) is not perfect. And yes, you should be able to voice concerns, give your opinion and advice. But please, think about two points:

1. FairPhone doesn’t claim to be perfect. But at least they try. Keep in mind it’s only a small and young organization. It’s almost unbelievable to see what they did reach, even when keeping in mind all things they didn’t reach. So don’t ask them to be perfect. Or to provide services even big companies don’t provide.
2. Don’t start about FairPhone not being fair because (enter your specific point of interest/specialization) is not completely present. FairPhone started to raise awareness about conflict minerals. The interest was already enlarged (workers rights, social entrepreneurship, environment, …). Try to understand what “fair” means in this specific context. Sometimes, it feels like e.g. complaining the “Fair Trade”-label doesn’t fight against obesity. It’s just a whole other fight, a whole other field of expertise.

@PepiMK, please don’t take this personal. It’s just a remark I’ve wanted to make for a longer time.
I have the feeling a lot of people on this forum are concerned about open source and privacy. And they are right: these are very important issues! But I bought a FairPhone because of the FairPhone-definition of “fair”: the conflict minerals, workers rights etc. Not because I expected a “fair” phone to be completely Google-free (it was my first smartphone, I’m glad they choose an existing, easy-to-learn OS…), open source or without any privacy issues. These topics where not really addressed in the announcement of the FairPhone project, so I just didn’t consider “fair” including these themes.

Hi,

I believe this is because “fair” can mean many different thinks. I think the company Fairphone means something like “trying to be better than the average and become even better”. Thats why I embrace every hint to them. Ofcause they are not perfect and nobody suspects them to be, but by naming problems you give them the chance to become fairer. And as I understand the company that is what they want.

regards,
Shiny

I don’t use the links from FP newsletters either. FP uses tracking everywhere.

@danielsjohan: I understand what you mean Nothing taken personal. I’ve defended the FairPhone against complaints about not being perfect myself when it came out, might even have bought one if I had felt the necessity to buy a new phone, and alternate OS would be available. If I can believe the press, they’re at least looking into the later now, so all the better.

So trust me, while I was complaining loudly here, I still do have a lot of respect for them for what they did, not just with their own phone, but with all the raising awareness that surrounds the whole process.

And I probably have tons of bad experience of privacy complaints by email. Or even letters to the responsible authorities, where I can expect an answer some years later (not due to laziness, but simply insufficient resources), at least in my country. Voicing privacy concerns in the public simply is the most effective method. Granted, I could have assumed FairPhone is better than the average and could have tried by mail first…

Stefan, being a mod here, to the newcomer you somehow do represent Fairphone…

That’s why I am clarifying the situation and said that this critique should go directly to the FP team. I just told @PepiMK, that the FP team probably won’t read this here on the forum. Still I think, it is good that the FP community gets aware about these issues and it is good that @PepiMK brought the topic up so it can be discussed here on the forum.

Hi guys,

Chiming in here as a Fairphone team member and the guy who may have insight into website privacy settings.

I’d like to turn this around and ask you what you would advise is the best way to go - to ensure the privacy of users of the Fairphone website.

The reality is that we use Google analytics or analytics in our newsletter mail client so that we can improve our communications. If we see a surge of people coming from France, then this could influence what content we create for a French-speaking audience, like delivering a website landing page in French. Another example is that it’s really helpful to see which blog posts are most-read: is our community more interested in reading about mining or software?

Turning these tools off would really limit our ability to improve the work we do.

So if you can think of ways to improve these tools (Google Analytics) and make them more private/anonymous, let me know. I don’t install these tools myself, but off the top of my head, all these analytics are anonymous. The example of Facebook Social Graph, is one I can research, can you give more information on what you see as the problem?

Thanks for your reply and for taking my comments seriously
I tried to mention the alternatives in my first post, but will gladly summarize them.

Upfront: in the European Union, IP addresses are ususally regarded as PII, so even if a website just contacts another website, that’s regarded as sharing PII with them.

Now, lets start with Google Analytics. The {‘anonymizeIp’: true} option would be a start, it allows to anonymize the IP. More documentation here, just a minor change in one line. But it still depends on Google, still forwards information to Google. Well, I understand what you are using it for, and never suggested you give that up We were at the same point when we re-launched our website a few years ago. One solution is Piwik. Piwik allows about the same functionality, but is installed locally on your server (one of your servers). That way, you don’t share your visitors information with anyone else.

Now on to the social media issue. Your social media buttons are automatically contacting these service, including Facebook. So Facebook can easily track the users that visit your website. There’s a very simple workaround used by more and more pages: a panel that connects only once the user clicks it. The first version of this is called SocialSharePrivacy and is widely spread. The new version eliminates the additional click, is called Shariff, and available here. It’s really just a few minutes to set up, but eliminates the tracking of all website visitors by Facebook etc., while maintaining the same functionality for those that want to use it.

Besides the issue with Facebook etc., A very simple server log will do. Your server sees our IPs, just log the country and the URL. There is no need for any imbedded tools at all.

@PepiMK thanks for starting that software by the way, I used it to clean up a lot of malware infected computers in my friends and family circles

And great that you took the time to write down you concerns surrounding Fairphones website!

//edit: was indeed talking about Spybot Search & Destroy, see link further below in this post.

Which software would that be?

I believe it’s Spybot – Search & Destroy

Thanks, @PepiMK, for the detailed response.

I will definitely pass this on to our website developers, and see what we can do with your feedback. Some of the changes seem quite feasible, but don’t know the implementation timeline yet. Thanks again.

News about privacy on the FP-Homepage:

[quote]With online communications, nowadays it’s assumed there’s a tool out there to measure the impact of your campaign. How did advertising execs know that their billboard led to x number of sales that week? So we’re pretty lucky to have tools like Google Analytics (anonymizing IPs of course) and analytics dashboards from Facebook and Twitter to see which posts lead to engagement with our website and our shop. At Fairphone we’re conscious that people may be concerned about privacy, so we do hope to use these tools not in a creepy-tracking way, but to improve the way people find information on our website and see what our community thinks is interesting content. If we work really hard on a new project page on “Improving working conditions at manufacturer x”, we can’t assume everyone is reading straight from the landing page, we need to look at the analytics and see how it sizes up to the other pages on the site so we can improve and iterate.

In a way, there are so many tools and insights out there, the key is to have focused research questions to make sure you’re looking for the right thing. As community manager, on Facebook I look for engagement (likes, shares, comments) to track what kind of posts work or need to be improved, reach to try and crack the strange Facebook algorithm that sometimes has a huge reach and sometimes has a tiny reach, and new likes which could correlate to a popular post or if we were in a big news article that week. For Twitter, it’s interesting to measure our new followers (influencers), favorites/retweets for certain posts to see if our content was successful, and reach to see how followers can spread our message through their networks.[/quote]

The whole interview with @anon90052001 can be found here.