DiveGearExpress.com has removed third-party analytics data gathering and tracking

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

Technical divers often refer to themselves as a bit ‘paranoid’ when it comes to their style of diving. A misuse of the term, but there is benefit to planning for the worst when trusting dive equipment. As an online retailer, DGX often applies the same concepts to managing technology that supports us and the privacy of your interactions with us. As the result of a lengthy project, DGX has finished removing all third-party analytics data gathering scripts, tracking cookies and web beacons from our website including those of Google, Microsoft, and Facebook.


Just to be clear, 'they' are still watching you but we are no longer helping 'them'. :cool: The research to figure out what these things were actually doing, and how to eliminate them from the DiveGearExpress.com website, was an eye opener in to the very real concerns some experts express about data privacy. :oops:

That's terrific.

You will be my first choice for on-line shopping.
 
We were reminded earlier today of a 'hidden' benefit to removing all this 3rd party stuff... it makes the site much more secure. They were right, it's nearly impossible to fully secure a site that has no option but to 'trust' the security of stuff being loaded in that same site from other sites... some of which have some questionable security and code quality themselves. It forces the site security to be more lax than it needs to be. It prompted me to check our site security compared to the example site in my previous post using the hardenize.com tool....

compare-hardenize.jpg


In particular note the difference in XSS protection and Content Type Options. Don't misunderstand, this is far from suggesting our site is bulletproof... but if it was unable to tick off the boxes on some of the basic stuff then it's gonna be impossible to reach best practice on many other things.
 
Have been a fan of DGX, now more reason to be a fan of DGX. Typically my first stop when shopping for online gear. I'll be ordering up some new Oxygen cells here pretty soon. And a few other trinkets.
 
Thank you DGEx.

10 years ago, we would call these trackers spies. And most would be mad. Now it's become normal for a significant amount of the population. Same thing can be said about devices at home that listen to us (names will not be mentioned). No shame.
 
As a follow-on, today I was reviewing the logs generated by browser enforcement of our now greatly simplified Content Security Policy. For those of you unfamiliar with CSP: our website 'publishes' a list of servers our webpages are authorized to receive data from (such as images and scripts) as well as servers the pages are allowed to post information to (such as payment information). Modern browsers will report back to us anytime our webpages attempt to connect to something not on the authorized list. (It's optional and less than 10% of the top 1 million websites have a CSP.) The purpose is to enhance the security of our website, and minimize the risk of certain types of common malware being indirectly served by our website; in particular to reduce the risk of 'credit card scraping' that has become endemic to small (and occasionally very large) e-commerce websites that are often lax about security in general.

Content Security Policy - Wikipedia

Our webpages should not at this point be routinely connecting to anything analytics related. But we are still logging a few hundred violations of our CSP a day! After a bit of research, it turns out that a lot of "browser extensions" for various dubious functionality such as finding coupons, shopping 'rewards', price comparisons, performance and security monitoring are actually "injecting" tracking code into the local copy of our webpages displayed on your PC. This code is not malware per se, but it is reporting analytics on your browsing behavior even though our website is not doing the tracking. Ironically, it some cases it seems to be coming from some of the 3rd party open VPN's people are using to "protect" the privacy of their browsing. Our CSP is configured to "enforce" our blocks on reporting to google-analytics.com, facebook.net, and pagespeed-mod.com, et.al. but it's still surprising to see how much data about what you are doing on your local desktop is still being reported to unknown third parties.
 
DGE, I salute your decision to remove tracking.
I almost made my first purchase with you, my DGE branded item had free shipping, then when I went back to finish the order, it no longer did. My Tech Instr. told me to only buy from you guys and anything you sell is GTG. At some point, I will make an order and thanks for being a contributor here and making that announcement. I don't suppose you would consider a S.B. group buy for Shearwater computers and Swift Transmitters, hahaha, I know the Canadians would blow an O ring if you did that.
All the best.
 
Yes, but you missed my point in my thread about ScubaBoard. The site crashes every single time I visit it due to Google not playing well with SB and a browser that blocks trackers. This results in me feeling less inclined to visit. Not good when we are the product ScubaBoard is selling.

Also, tracking users and search engine crawlers should be unrelated.

For me SB shows 2 blocked sites in brave: google ads and google analytics. It's the content that we post, links to ZuckerBuch CDN in particular, that mess things up. Which is not a problem DGX would have as long as they don't let the unwashed us post stuff on their site.
 

Back
Top Bottom