DiveGearExpress
Contributor
Technical divers often refer to themselves as a bit ‘paranoid’ when it comes to their style of diving. A misuse of the term, but there is benefit to planning for the worst when trusting dive equipment. As an online retailer, DGX often applies the same concepts to managing technology that supports us and the privacy of your interactions with us. As the result of a lengthy project, DGX has finished removing all third-party analytics data gathering scripts, tracking cookies and web beacons from our website including those of Google, Microsoft, and Facebook.
We actually started on this project over a year ago, naively thinking it would be relatively straightforward to remove all this stuff. It actually turned out to be extremely challenging and surprisingly turned out to be very expensive and disruptive as well. Dive Gear Express relies upon a popular ecommerce platform, which has a lot of this stuff "built-in" and various software extensions to the platform we used were adding even more of it. It's almost impossible to effectively manage a significant ecommerce site without analytics, and Google Analytics (GA) is the "gorilla" in the marketplace... essentially a 'de facto' standard.
We tried just 'disabling' the built-in stuff only to discover that some popular extensions we used simply expected it to be present... that necessitated replacing or updating a massive amount of software (using GDPR compliant versions). But even that was not entirely satisfactory, because mostly the way these GDPR compliant versions work is by simply asking your permission to track you and if you don't give permission then the site functionality is seriously impaired. We also had to forego some of the marketing tools prospective customers often expect to see embedded in websites such as company reviews and what I call "merit badges" - simply no way to know how much their absence is costing us. Our Adwords management company had no experience managing without using GA. Ultimately it will require a completely different approach to marketing for 2022 that necessitated a change in agencies (keep in mind the usual pitch from agencies includes saying how good they are at data mining the analytics.)
But our goal has been accomplished, we turned off the last major piece of third-party analytics yesterday. Take a look at what the website of another dive equipment retailer connects to when browsing their home page.... using WebPageTest - Website Performance and Optimization Test and viewing the domain connection list for their home page URL...
Amazon tracking, Google Analytics and Tag Manager, Doubleclick, Facebook tracking, Microsoft tracking (clarity, bing), Trustpilot, Clickagy (Zoominfo!!!), Bugsnag, are the obvious data gathering, tracking and marketing engines I recognize from my research, probably a few more of those are capturing analytics data and not admitting to it.
Now take a look at the divegearepress.com results for the domains connected to by our home page using the same tool, nothing but our own website.
That's not to say we are completely clean, we use our own secure cookies in order to function, but in so far as I can detect we are rid of all the obvious and known third-party analytics data scrapers. Our own privacy page now provides an opt-out option for some of our internal data gathering, but even that little bit of data is not being shared. We sometimes have to temporarily enable Google reCaptcha when under attack by the hackers (an hCaptcha solution is not yet available for our e-commerce platform) and our Checkout flow out of necessity needs to capture some information in order to protect our customers, safely accept payment and detect fraud. We also request a company review using a dialog box from Google Customer Reviews on the checkout success page following checkout, but nothing goes to Google if you opt out of the request. It is doubtful we'll ever be able to entirely eliminate analytics data capture from checkout.
We did decide to turn off Amazon Pay, which was a very popular payment method on our website but it was sending a enormous amount of tracking and purchase information to Amazon. We discovered AmazonPay was literally 'phoning home' from every single page of our website, even though it technically only needed to communicate with Amazon during checkout. We later learned Amazon was extensively data mining the information to compete against not just us but all the scuba retailers. To a much lesser extent the other 3rd party payment methods also collect some information when you select them as a payment method but then if you are checking out with PayPal, ApplePay, Gpay, or Venmo you know you already made a deal with them for your data and at least they aren't direct competitors. If you want to keep the tracking to a minimum, make payment by entering your card or use Zelle.
Just to be clear, 'they' are still watching you but we are no longer helping 'them'.
The research to figure out what these things were actually doing, and how to eliminate them from the DiveGearExpress.com website, was an eye opener in to the very real concerns some experts express about data privacy.
We actually started on this project over a year ago, naively thinking it would be relatively straightforward to remove all this stuff. It actually turned out to be extremely challenging and surprisingly turned out to be very expensive and disruptive as well. Dive Gear Express relies upon a popular ecommerce platform, which has a lot of this stuff "built-in" and various software extensions to the platform we used were adding even more of it. It's almost impossible to effectively manage a significant ecommerce site without analytics, and Google Analytics (GA) is the "gorilla" in the marketplace... essentially a 'de facto' standard.
We tried just 'disabling' the built-in stuff only to discover that some popular extensions we used simply expected it to be present... that necessitated replacing or updating a massive amount of software (using GDPR compliant versions). But even that was not entirely satisfactory, because mostly the way these GDPR compliant versions work is by simply asking your permission to track you and if you don't give permission then the site functionality is seriously impaired. We also had to forego some of the marketing tools prospective customers often expect to see embedded in websites such as company reviews and what I call "merit badges" - simply no way to know how much their absence is costing us. Our Adwords management company had no experience managing without using GA. Ultimately it will require a completely different approach to marketing for 2022 that necessitated a change in agencies (keep in mind the usual pitch from agencies includes saying how good they are at data mining the analytics.)
But our goal has been accomplished, we turned off the last major piece of third-party analytics yesterday. Take a look at what the website of another dive equipment retailer connects to when browsing their home page.... using WebPageTest - Website Performance and Optimization Test and viewing the domain connection list for their home page URL...
Amazon tracking, Google Analytics and Tag Manager, Doubleclick, Facebook tracking, Microsoft tracking (clarity, bing), Trustpilot, Clickagy (Zoominfo!!!), Bugsnag, are the obvious data gathering, tracking and marketing engines I recognize from my research, probably a few more of those are capturing analytics data and not admitting to it.
Now take a look at the divegearepress.com results for the domains connected to by our home page using the same tool, nothing but our own website.
That's not to say we are completely clean, we use our own secure cookies in order to function, but in so far as I can detect we are rid of all the obvious and known third-party analytics data scrapers. Our own privacy page now provides an opt-out option for some of our internal data gathering, but even that little bit of data is not being shared. We sometimes have to temporarily enable Google reCaptcha when under attack by the hackers (an hCaptcha solution is not yet available for our e-commerce platform) and our Checkout flow out of necessity needs to capture some information in order to protect our customers, safely accept payment and detect fraud. We also request a company review using a dialog box from Google Customer Reviews on the checkout success page following checkout, but nothing goes to Google if you opt out of the request. It is doubtful we'll ever be able to entirely eliminate analytics data capture from checkout.
We did decide to turn off Amazon Pay, which was a very popular payment method on our website but it was sending a enormous amount of tracking and purchase information to Amazon. We discovered AmazonPay was literally 'phoning home' from every single page of our website, even though it technically only needed to communicate with Amazon during checkout. We later learned Amazon was extensively data mining the information to compete against not just us but all the scuba retailers. To a much lesser extent the other 3rd party payment methods also collect some information when you select them as a payment method but then if you are checking out with PayPal, ApplePay, Gpay, or Venmo you know you already made a deal with them for your data and at least they aren't direct competitors. If you want to keep the tracking to a minimum, make payment by entering your card or use Zelle.
Just to be clear, 'they' are still watching you but we are no longer helping 'them'.
The research to figure out what these things were actually doing, and how to eliminate them from the DiveGearExpress.com website, was an eye opener in to the very real concerns some experts express about data privacy. 
