
Ask HN: What are some security and privacy tips when creating a website? - wobbly_bush
I will be starting with mainly blog-like content. Perhaps some stories with interactive elements.<p>As the website owner, how do I ensure my own privacy? Also, how do I minimize tracking of visitors while getting some form of analytics? Any security tips are welcome too.
======
jiveturkey
> As the website owner, how do I ensure my own privacy?

Don't attract any lawsuits. (These can unmask the site registration.)

Don't use tools that might embed PII (eg your name, or some software ID
traceable to you) into the rendered html.

Don't write in an idiosyncratic style.

Don't post content in the same "working hours" all the time. Spread it out
widely.

etc.

> Also, how do I minimize tracking of visitors while getting some form of
> analytics?

1\. Google Analytics does not track users across unrelated sites.

2\. Use netlify.

3\. Host the server yourself.

#1 and #2 compromise your privacy as google or netlify will know who you are.
#3, to do it right, you have to use fringe providers that accept payment in
bitcoin.

> Any security tips are welcome too.

Hire a consultant for security & privacy. We're past the age of amateur DIY.

~~~
Nextgrid
> Google Analytics does not track users across unrelated sites.

Do you really think that creepy Google will just say no to the free data? Why
would they even give out GA for free to begin with then?

It's like trusting an alcoholic with guarding a warehouse full of bottles at
night. Actually it's worse, because at least with the bottles you can count
them all given enough time, where as creepy G can use the data in a plausibly-
deniable way you wouldn't be able to confirm for sure without looking at their
code.

------
leksak
> Also, how do I minimize tracking of visitors while getting some form of
> analytics?

[https://matomo.org/](https://matomo.org/)

------
Nextgrid
What's your threat model? Are you looking to hide from average people or
governments? What's the worst that can happen if you are discovered?

> how do I minimize tracking of visitors while getting some form of analytics

Server logs.

------
GrumpyNl
Dont use any plugins from FB, google etc.

