Website - Improve privacy for visitors at e.foundation
Summary
Third party calls made when visiting e.foundation should be removed/minimized to preserve the visitor's privacy. This issue only relates to the main landing page. It's still possible that there exist other calls on subpages.
I understand that the website is not in the main project focus but it is still important to meet the standards of /e/ also on the project's online presence. The principle of being fully ungoogled should apply to all parts of the project and not only to the OS itself.
This improvement concerns
-
UI -
Behavior -
Privacy
Description
What is the current behavior? Following third-party calls are made when visiting the homepage:
- ajax.googleapis.com (jQuery 3.4.1)
- cdn.jsdelivr.net (Font Awesome 4.7)
- stackpath.bootstrapcdn.com (Font Awesome 4.7)
- fonts.googleapis.com (Roboto Webfont)
These calls probably come from Avada, Elementor or a third-party plugin and not from the Wordpress core itself. I'm running a few WP installations in a similar setup and I was not able to identify any third party calls there. Maybe related to a misconfiguration?
What is the improved behavior?
Locally host dependencies/fonts where possible and remove double-calls. It would be ideal that no calls to external servers are made when visiting the page.
Also, the use of Google Fonts is highly controversial in terms of GDPR compliance.
What does it bring?
Increases privacy for visitors and makes the website comply with /e/-values. Increases performance by removing double-calls. Makes the website more legally watertight as no visitor data is transferred without actual user consent.
Validation
Check outgoing calls with the DevTools of your browser.