Last updated on Jan 01 2023
Privacy checklist
As a developer, it's important to consider the security and privacy of your users when designing and implementing your software. In this article, we'll go over a few best practices to keep in mind when it comes to user identification, document referrers, password reveal functionality, page titles, and user-uploaded images.
-
Use userIds, not email addresses, for identification. An email address is a globally personally identifying piece of information, meaning that it can be used to uniquely identify a person. On the other hand, a userId is meaningless on its own without further context. Using userIds instead of email addresses can help protect your users' privacy.
-
Disable document referrers. A document referrer is the URL of the previous web page from which a link was followed. This information is often sent along with HTTP requests, and it can contain authentication query parameters such as password reset tokens, email verification tokens, and SSO tokens. By disabling document referrers, you can prevent sensitive information from being leaked through the referrer header.
-
Ensure password reveal functionality is censored by your vendors. Some vendors, such as session replay providers, may record user input without realizing that it came from a password field. This means that if a user accidentally reveals their password while using your software, it could be recorded and potentially exposed. To prevent this, make sure that your vendors censor password reveal functionality.
-
Ensure page titles do not contain sensitive or personally identifying information. Nearly all vendors will store page titles as part of their analytics and tracking efforts. If a page title contains sensitive or personally identifying information, it could be accessed by unauthorized parties. To prevent this, make sure that your page titles do not contain sensitive information.
-
Ensure user-uploaded images are censored by all vendors. User-generated content, such as images, can contain sensitive or personally identifying information. To prevent this information from being exposed, make sure that all vendors censor user-uploaded images.
In conclusion, it's important to consider the security and privacy of your users when designing and implementing your software. By following the best practices outlined in this article, you can help protect your users' personal information and keep their data safe.