Can you believe we used to willingly tell Google about every single visitor to basecamp.com by way of Google Analytics? Letting them collect every last byte of information possible through the spying eye of their tracking pixel. Ugh.
But 2020 isn’t 2010. Our naiveté around data, who captures it, and what they do with it has collectively been brought to shame. Most people now sit with basic understanding that using the internet leaves behind a data trail, and quite a few people have begun to question just how deep that trail should be, and who should have the right to follow it.
In this new world, it feels like an obligation to make sure we’re not aiding and abetting those who seek to exploit our data. Those who hoard every little clue in order to piece of together a puzzle that’ll ultimately reveal all our weakest points and moments, then sell that picture to the highest bidder.
The internet needs to know less about us, not more. Just because it’s possible to track someone doesn’t mean we should.
That’s the ethos we’re trying to live at Basecamp. It’s not a straight path. Two decades of just doing as you did takes a while to unwind. But we’re here for that work.
Last year we stopped using pixel trackers in our Basecamp emails. This year we’re celebrating the start of a new decade by dropping the last third-party tracking pixel on basecamp.com. Now when you visit our marketing page, you only have to trust that we won’t abuse that data – not a laundry list of third parties you have no reasonable chance of vetting.
We still track that someone visited our page, but it’s really only the basics that interest us. How many people visited the page? Did a new pitch work better than the old? How many people signed up? Basic stuff like that. And basic stuff doesn’t require overly sophisticated tooling, so it’s fine that our homegrown package isn’t nearly as fancy or as piercing as offerings like Google Analytics. It doesn’t need to be.
We still aren’t entirely free of Google’s long data arm, though. You can still sign-in with Google, though we’d encourage you to switch to our new two-factor authenticated, WebAuth-capable in-house system. We’ll be deprecating the Sign-In With Google path entirely soon enough.
We also still use a variety of other data processors, like Customer.io, for onboarding emails. But going forward, the analysis for when that makes sense has absolutely changed. It’s no longer enough for something to be slightly more convenient or slightly cheaper for us to send data out of the house. Fewer dependencies, fewer processors, fewer eyes on our data and that of our customers is a powerful consideration all of its own.
Untangling yourself from the old paradigm of data is neither quick, easy, nor free. But it’s worth doing, even if you can only do it one step at the time. Think about what steps you could take in 2020.
I’m very happy to read this and I would love to do the same thing for our app. Looking forward to an article describing more of that in-house analytic.
I’m interested to understand how you’ve weighed the benefits of deprecating Google Auth vs the security implications for customers who use Google? By losing that feature, those customers will have an app outside their single sign on environment and yet another password for their users to secure.
I’ve dropped Google and Facebook auth completely after the many scandals involving my data. It’s far less secure, gain access to Google or Facebook and you gain access to everything. Using a password manager works the same as SSO.
This was my exact concern. I’m looking at Basecamp for the staff of our school district, and using Google logins is a plus.
On the other hand, this could be the push we need to roll out something like Lastpass. 🙂
Deprecating Google Sign-In means that we will no longer promote that to new customers. We have no plans to remove the option for people who are currently on it.
But the path to security isn’t to give Google all your keys. It’s to use a password manager.
I’m sad to hear you dropped click.com
They are a great service provider who’s very under rated.
>> “ Untangling yourself from the old paradigm of data is neither quick, easy, nor free.”
@dhh
Given you’re ripping out: 3rd party analytics, emailing sending services, etc … have you thought about having Basecamp create your own competing services and selling it as a service. Eg Basecamp Analytics, Basecamp Mail, etc?
We’ve thought about building almost everything we use ourselves. But there’s only so much we can do 😄
David –
How far do you plan to go to remove 3rd parties?
Basecamp today uses (just to name a few): StatusPage, MailChimp, Customer.io, HelpScout, Sentry, Twilio, TaxJar, AWS, and more…
https://basecamp.com/about/policies/privacy/subprocessors
We will continue to whittle down the list of 3rd-party processors, as it makes sense. And we’ll continue to restrict our usage of those tools as well. For example, MailChimp by default will track open rates through a tracking pixel. But you can turn that off. So we did.
Did you roll your own analytics stuff or use something that is readily available for others to include in their Rails apps?
Any advice on a self hosted analytics solution that doesn’t send data to a third party provider?
Angelfish Software is what we use:
https://analytics.angelfishstats.com
What’s your opinion regarding product analytics tools then? Should they also be removed?
What about Basecamp classic? That version is still being tracked by Google Analytics, though. Just a heads-up…
Hmm… I interpret blogs on a analogous issue, however i never visited your blog. I added it to populars also i’ll be your faithful primer.
http://www.hkseosolution.com
How are you protecting form submissions? Google reCaptcha is so effective and popular. We use the hidden version (v3) on Tipalink.com. I’d be interested in learning about alternatives.
Mixed feelings when I read this concept. I love the ideal of not sharing data with the big guys but at what cost?
I think it’s easy to go this way when you’re a company that has been around and is successful – like Basecamp.
Newer, smaller companies might need tools to help know where to spend money on marketing, test their products and so on.
I’d be careful to weigh up the cost before taking this sort of action.