Your Digital Privacy Is Important To WVC – Here’s What We’re Doing About It

by Anne Tara Szostek

When the Women’s Visionary Congress was founded 10 years ago things were very different for people who use psychedelics for healing and consciousness exploration. The War on Drugs was in full force, and so relatively few people felt comfortable speaking publicly about their use of psychedelic substances designated Schedule I by the U.S. Government. As a result, WVC’s first website, which many of you will remember, was remarkably secure. It was a static HTML website hosted on a private server that could only be updated by a select few people. While this did make it a little more difficult to share information about our organization and events online, this was a small price to pay for the extremely high level of privacy that it afforded our visitors. No information about visitors was ever tracked or stored, so it would have been impossible for any person or organization to gather a list of individuals who had visited our website. We started out with this level of website security in order to protect the women in our community. WVC has always recognized that women are more vulnerable to legal action when they speak publicly about psychedelics because they usually have less money to defend themselves than men and because they could be pressured by authorities who threaten to take their children.

As public knowledge about the safety and efficacy of psychedelic medicines has grown, people have become comfortable speaking publicly about their psychedelic explorations, WVC staff and board members included. The board of WVC felt that it was time to expand their online outreach, and so, in 2013 we began actively spreading the word about our work through a popular and (apparently) free mail service called MailChimp and through social media (Facebook, Twitter, Tumblr, Pinterest, and Reddit) in an effort to reach a broader audience. In late 2014 we launched a new website on WordPress, an open source content management system (CMS) which allowed us to become much more flexible and open with our digital communications, providing rapid updates about events, speakers, and projects to a rapidly growing network of psychonauts around the world.

However, a WVC member named John Gilmore, who is a co-founder of the Electronic Frontier Foundation, had concerns about the privacy of our website. He pointed out to us that our ‘Forever Free Pricing’ plan with Mailchimp, which promised us free email blasts to up to 2000 subscribers, actually came with a cost. Each free e-mail we sent out of Mailchimp included a 1×1 tracking pixel, which tracked information about the e-mail addresses and IP addresses (a number assigned to every device that connects to the internet) of people who opened and clicked on links in our emails. For the average internet user an IP address will provide information about the location of the devic

See this button on a website? You’re being tracked!

See this button on a website? You’re being tracked!

And we discovered that Mailchimp wasn’t the only provider offering ‘free’ services with a hidden tracking cost. We learned that Paypal includes 1×1 tracking pixels in their payment buttons.

Common social sharing buttons such as Facebook ‘Like’ buttons, also track information about which websites their users visit.

See something like this? Includes tracking, even if you never click!

See something like this? Includes tracking, even if you never click!

Many websites track users through Google’s ‘Free’ Analytics, Webmaster Tools, and even Google Fonts! In other words, when you visit any website with that little Facebook ‘Like’ or ‘Share’ button displayed, Facebook immediately receives information that you have visited the site, even if you never click ‘Like’. Similarly, when you visit any website with a Paypal button on it, Paypal knows that you’ve visited it – regardless of whether you click the button. Don’t see either of those things? If the site is using any of the thousands of ‘Free’ Google Fonts, Google has a record of your visit.

You can get a sense of whether you are being tracked online by viewing the page source of any website – in most browsers you can do this by right clicking or control clicking and selecting ‘View Page Source.’ Then click Command-F or Control-F to search for the word ‘Pixel‘. If you see a .gif file with a Width and Height of 1, you’re being tracked! Here are examples of what this looks like:

<img style="“position: absolute;" src="“Tracking">
<img style="“display: none”;" src="“Tracking">
<img src="“Tracking" width="“0”" height="“0”">

When you see one of these pixels you can feel confident that your browsing history and IP address are being tracked.

Curious to see how this works during an online browsing session? Those of us with the Firefox browser can get a good idea of who is tracking us online and what this looks like using Firefox’s Lightbeam app, which displays a handy graph of websites you’ve visited and third party sites that receive data about you. At this time, my Lightbeam shows me that though I’ve only visited 75 websites between May 24th and May 27th, 2016, my information has been shared with 259 third party websites – meaning that 259 entities may now be storing data about my location, search history, and web browsing activity.

What benefit could be so large that companies would offer us services for free, anyways? Google, Facebook, Mailchimp, etc. primarily use the data they gather to tailor ads to you – which is why you’ll probably notice ads for outdoor gear arriving on your Facebook feed immediately after you purchase that pair of trekking poles online. While many find this invasive and creepy, many others wonder why they should care at all.

Even if you’re not creeped out by personalized ads, keep in mind that information about your browsing history is stored indefinitely by the companies in question – so all of the information that Facebook gathers about your personal browsing history is stored by Facebook, and they have no legal responsibility to protect or erase it. As multiple high profile cases have shown us, the US Government is not shy about strong arming tech companies into giving up their data – often without a warrant.

WVC values our ability to communicate with a widening audience of psychonauts, and we also value privacy of our community very highly. While this type of tracking technology is currently primarily used for advertising, we recognize that we cannot predict the actions of those who may hold this data in future. And we want to ensure that the data of those people who visit our website does not fall into the hands of the wrong people in the case of a power shift. We recommend reading IBM and the Holocaust if you want to understand more about how this can happen.

So, in December of 2015 we began to take action:

  • Our first step was to turn off Mailchimp tracking so that those people who open emails from us do so without any record kept. To do this, we had to start PAYING Mailchimp a monthly fee – that’s right, to get Mailchimp to stop tracking our users we had to pay them. In other words, that Free account isn’t free – they were getting quantifiable value out of our use of their service.

  • We removed all of the Paypal buttons on our website and replaced them with custom made buttons that link to Paypal – so we can still use our Paypal account to take donations. Click here to easily make your own buttons.

  • Our website was built using Google Fonts, so a volunteer web developer created a plugin which loads the fonts directly from our server, rather than from Google – so they can’t track visitors using our fonts.

  • We removed all social sharing buttons from our website.

  • We have never, and are committed to never using Google Analytics or Webmaster Tools, Bing Webmaster, or similar to gather data about users who visit our website. If we decide that user tracking is important for our organization we will implement a tool like Piwik which gives us 100% ownership over the data gathered.

We take these actions out of a deep respect and love for the courageous members of our community. In addition, we felt it was important to share the surprising information we learned about online privacy through this process. We hope that doing this will provide other organizations with the tools to be aware when they are allowing outside groups to track their site visitor’s information. They should consider only allowing this to happen intentionally, ideally with a clearly worded privacy policy public on the website so that visitors understand the privacies they are giving up on visiting.

Want to enhance your online privacy? Here’s some great information from the Electronic Freedom Foundation to get you started:

EFF’S Survelliance Self Defense – Comprehensive guides for protecting your privacy online

Privacy Badger – a browser plugin from the Electronic Freedom Foundation (EFF) that blocks spying ads and invisible trackers