Ethical Web Development ‑ Part I

Hero image for Ethical Web Development ‑ Part I. Image by Erik Mclean.
Hero image for 'Ethical Web Development ‑ Part I.' Image by Erik Mclean.

It is fair to say that the web has been encroaching into everybody's lives for several years now, and continues to encroach just a little more every single day. As this infiltration into our daily lives continues, attitudes towards development, web apps, and websites from users as well as from within the development community are changing.

While a lot of attitudes (and style choices thank goodness for the end of marquee!) are changing for the better, there are a few more insidious ideas and practices that are becoming more commonplace as everyone has more complete digital profiles and spends greater portions of their lives 'logged on'.

Photograph of WhatsApp privacy advert in newspaper by Tushar Mahajan on Unsplash.

Of Particular Concern is Privacy

Over recent years, we've seen some serious online privacy issues making the headlines. With the Cambridge Analytica scandal in 2016, in which an outdated Facebook app was used to gain access to tens of millions of Facebook users' data.

This data was then sold to political campaigns in the USA and (allegedly) in the UK, and then used to target, manipulate and influence countless numbers of voters, right through Facebook's internal systems, amongst and alongside other advertisers. The fallout from huge scandals like this is regularly alltoo benign for the monolithic corporations and people involved at the top; fines that scrape the top off of their profits and wallets, and at times barely even make a dent in the money they can earn from the user data that they mine, sell, steal or exploit, coupled with very occasionally short stints in upmarket whitecollar jails.

Do you have Siri or Alexa in your home, phone, car, or Bluetooth earbuds? If so, do you know when it's listening and what it's listening for? You don't even need to have a smart assistant for this kind of thing to happen to you, though, because it's not just the big companies that are in the market for your personal data.

When it comes to web development, especially when developing something like an online store, there's money in data. Being able to grab customer information means that you can show them relevant advertising, use retargeting more effectively, track and trace your marketing efforts and open them up to direct marketing via their inbox if you manage to get their email address.

I'm sure we've all seen the popups that tout a small (five to ten percent) discount in exchange for unlimited access to your inbox or checkouts that pretick the "Yes, sign me up!" box. Web developers should be questioning themselves when developing these, and sometimes, it's more important to develop for the customer than for the client.

The latter of these examples, preticking the signup box, is a clear breach of GDPR, which could be a big deal if you're in the EU or the UK, but there are questions to be raised about the former too. The GDPR is a series of regulations designed to protect the data of internet users from bad actors. The GDPR specifically says that consent should be "freely given", and there's potentially a grey area about how "free" that access was if there was a real, tangible, and financial incentive to hand it over.

Don't Be Clingy

Another big part of the GDPR is that withdrawal of that consent should be as easy as giving that consent was. In real terms for developers, this concerns your unsubscribe functionality, and how you handle people deleting their accounts with you if you even allow them to be deleted. There are some stunning examples of awful user experience out there when it comes to getting away from a website things like the Shaw Academy, which has a cancellation process that feels more like a breakup with a particularly clingy partner rather than a simple "delete my account" function.

The problems start as soon as you begin the process, with a convoluted, multiplescreen interrogation (which, for added frustration, switch the positions of the "Yes, proceed" and "No, take me back" buttons seemingly at random), leading to a screen that simply asks you to call them to cancel anyway. You call, and are told to call back within business hours, so with the clock ticking until your next membership payment you wait until tomorrow and give them a call.

This is where the sales pitch begins, and after you finally get this sorted and your account "deactivated", you go through a grace period during which you get texts and emails asking you to come back. If you're a developer or a business owner, this is unethical development, and frankly, it's embarrassing.

There is Hope

Companies and foundations like Mozilla have been active and vocal about your privacy for years. They advocate transparency, honesty, and an ethical approach to the web, from both developers and their employers. Mozilla has also developed the "privacy not included" buyer's guide, in an effort to arm customers with the ability to make informed decisions ahead of time when it comes to their privacy. There are some products on here that might surprise you including a "smart" WiFi coffee machine that might not allow users to delete the data it collects on them.

In addition to Mozilla's great work, Tim BernersLee the man credited with inventing the web has also successfully petitioned Google and Facebook to commit to a set of ethical principles.

Developers and the Customer

To develop ethically, you should be thinking about your customers or your users. Are there any tricks that you're being asked to implement that could be considered manipulative? Things like the "30 people just bought this item" popup that has become synonymous with fake Facebook sales websites, or "ONLY X OF THIS ITEM REMAINING" in blinking red text, or the "somebody just bought this in your area" messages that show up. These are all highly manipulative, intended to put the potential buyer under pressure to hit the 'buy' button and could (and probably should) be considered unethical.

In an ideal world, you need to be developing things that you really believe in both to enjoy your job and to be making the internet a better place. It's not always easy or possible everyone needs to earn money but ethical development benefits everyone.

Photograph of two bullet surveillance cameras attached to a wall by Scott Webb on Unsplash.

Are You Developing Securely?

An important piece in the process of ethical web development is making sure that anything you develop (especially when it handles or stores personal information) is securely built. There's a pretty good principle that you should generally stick to when dealing with forms or any kind of user input: you should assume that anything a user could enter into your site is malicious.

This goes for file uploads, text fields, number fields anything at all that allows a user to send information or files to your server (or the shared server you host on). Most of the big CMS platforms (WordPress, for instance), have provisions already in place deep in the architecture to help protect against things like XSS (CrossSite Scripting) attacks, SQL injection, or malicious file uploads, but if you're building a bespoke plugin or adding a piece of functionality with code you're finding online or writing yourself you might be unintentionally opening security holes in that preexisting architecture.

Of course, if you're building a meatier piece of functionality (like a whole app, or a custom CMS), you're potentially going to be responsible for the key parts of the entire architecture yourself. In this situation, you definitely need to keep your wits about you while you're building and make sure everything is tightened up.

The risks of building an insecure application or website are pretty big. You could lose user data (or go through a personal data breach), which would damage not only your reputation but potentially even your wallet if it's serious enough. You could end up with a spoofed site, spreading viruses or malware to your users, and missing out on sales or legitimate traffic. You could even potentially open your server up to further hacking and damage, which would be especially bad if you're hosted on a shared server solution because bad actors could leverage their access to your site to access other sites on that server.

Stay up‑To‑Date

It's not just building new functionality that opens you up to vulnerabilities, though. If you're working with WordPress or any of the countless other options out there, you have a responsibility as a developer or an agency to ensure that your clients' sites are kept uptodate with the latest security patches. You also need to keep any plugins that you're using updated and at their latest versions.

This is also true of dependencies you're brought into your project via NPM or Yarn. Make sure you periodically check for available updates or use an auditing tool like yarn audit or npmaudit.

This is a topic I've been working on putting into a written article for quite some time, and there is still much more I would like to say! It has become so big and convoluted that I've eventually had to split it into two sections.

In the next instalment, we will discuss what your responsibilities (both legally and morally) are as a developer to ensure your product is inclusive to every user, everywhere, and why that's so important. I also hope to talk about how you can keep the internet open, free, and encourage a better developer community.

The next article won't go live for a while, but try here for part two: Ethical Web Development Part II.

Categories:

  1. Accessibility
  2. Development
  3. Guides

Related Articles

All articles