Most of us want to be good online citizens. That includes developing websites that have their visitors’ best interests at heart. Yet there are so many ways to get that wrong. Even a slight misstep could put visitors’ privacy or security at risk, or exclude people that might be less able than others. How can you know if you’re doing it right?
Enter European Digital Rights (EDRi), a collection of human rights groups across Europe, which has published a set of guidelines for ethical website development. It explains:
The goal of the project, which started more than a year ago, was to provide guidance to developers on how to move away from third-party infected, data-leaking, unethical and unsafe practices.
The document lists recommendations covering areas including security and privacy while listing alternatives to free online services that slurp up users’ data.
The document adds:
It calls out large tech firms as companies offering services that ethical web developers should avoid, and provides a list of alternatives in areas including analytics, video players, and online maps. It points readers to Prism Break, a list of alternative online services that don’t track their users.
When it comes to security, a site can use DNSSEC to authenticate DNS queries, says the doc, also recommending HTTPS. It also asks website owners to provide a Tor-compatible version of their site using the Tor publishing tool Onionshare.
<noscript> tags, it adds.
Following a lot of these guidelines would make it challenging to support some advertising business models on a site. But then, the document doesn’t want its readers to support tracker-based models, which some say are out of control. Instead of condemning advertising altogether, it points to alternatives, specifically ReadTheDocs’ ethical advertising model (which is a low-tech approach that eschews trackers).
There are some other aspects of this ethical web development guideline that developers might find difficult to follow to the letter. If your website accesses a JQuery library online to always ensure you’re using the latest version, that would seem to be a fail under these rules. One way around it could be to use Subresource Integrity (SRI), says the document. This uses a cryptographic hash that the downloader specifies to ensure the integrity of a file.
One notable omission from EDRi is the matter of dark patterns, which are user interface and language constructs that force users down a certain path. Lawmakers have called for tech firms to ban these tricks, which in the wrong hands can persuade website visitors to give up privacy rights, make purchases, or avoid cancelling subscriptions. While they make an appearance on websites, they’re especially common on mobile apps, which is a category that could also benefit from a set of ethical guidelines like this one.