I'd have done the same, and have done before when I've found myself on client projects related to online gambling (the business model is to milk addicts for everything they have and more, don't listen to anyone who says otherwise).
I know if I don't do it someone else will so it doesn't really make a difference - but at least I can retain some sense that I'm not the kind of person who does bad things, and that's worth something.
With web tracking you can at least be 'careless' in your implementation and 'accidentally' make it not work very well because most of the time nobody will ever test it properly. No way to get away with that with this "Bossware" stuff, it'll be in active use all the time.
> With web tracking you can at least be 'careless' in your implementation and 'accidentally' make it not work very well because most of the time nobody will ever test it properly.
And users can normally install tracking blockers, either in browser or DNS-based (in your home's router), to at least prevent some thirdparty stuff from loading, so that's some defense against it.
Of course it's not always possible. But the chances that a user can do something against a web service tracking them are still better when compared to an employer's in-device tracking.
PIhole + Brave + uBlock Origin + Privacy Badger ... I'll deal with the occasional web app not working. More app/site developers should really test to make sure their app works with the ads blocked. When I've worked on public sites, I always tried to make the app degrade gracefully (depending on hidden/reserved element spaces).
I also block this stuff, personally - but I'm not sure I completely buy the argument that it's OK to work on something because technically competent people can circumvent it. For example I wouldn't work on China's Great Firewall (not that they'd ask me to) - even though those with sufficient skill and bravery can penetrate it.
I didn't suggest, or mean to suggest as much... I mean that when I worked on a public site with ads, I made sure that the site continued to look right and operate when analytics and ads were blocked. Unless you're asserting that every website with ads or any kind of analytics/tracking is evil?
Oh, absolutely - sorry if I implied that, I sensed the suggestion of it in the parent comment and clumsily followed on from your response to that part.
I completely agree with making sure things work as much as possible and look OK when stuff like that is blocked and even when JS is disabled.
Analytics can be useful and ads are a necessary evil for the prevalent web business model. Tracking is, ugh, I guess in theory acceptable with informed consent - though I've tested a couple of those "consent frameworks" that popped up after GDPR etc and even ignoring the dark UI patterns let's just say they didn't stand up well to scrutiny regarding doing what they say they do.
> I sensed the suggestion of it in the parent comment and clumsily followed on from your response to that part.
Nah it wasn't my intention to give that kind of impression[0]. I was just trying to add to the part I quoted from your comment (also the keywords from my first comment (not the one with the quote) were "barely" and "reluctantly").
It's not that I think it's okay, but I probably should have used the word "tolerate"[1] instead of "accept".
So basically I agree with you. I wouldn't work on something like GFW[2], or ad[3]/gambling/porn/blockchain/dating companies, or "VPN" services (in the diluted sense of the word), or Discord, or smart TVs, or software for IoT, stuff like that.
But I also know that if I want to get a remote job, I'll have to compromise somewhere.
---
[0]: Mic and cam recordings can be trivially circumvented by anyone who knows how to turn on a computer, for example, but even if I have permission/access to them, I won't touch those things unless it's to do something the end user wants to do.
[1]: There's probably a word that better captures the nuance tho. English is not my first language.
[2]: Or anything from countries who don't even try to appear like they follow the GDPR.
[3]: Where the ads are the product/service being sold. Or in other words, if a company uses adsense it's a maybe-work-for-them-but-try-to-find-something-else; if the company is adsense, it's a straight no.
Yeah... I'm in the US, mostly having worked on local sites, so hadn't had to deal with that. At most, the tracking I've added is Google Analytics, but have also used other types of tracking in bursts to get usage flows, or ui heat maps on what is moused over/to, etc.
> With web tracking you can at least be 'careless' in your implementation and 'accidentally' make it not work very well because most of the time nobody will ever test it properly.
I recently struggled with this. My situation was likely different given the outcome. I was able to prevail on both the sense of decency in the client and their marketing firm by explaining the PII ramifications of what they asked for, and was also able to prevail on how their customers would perceive it.
Not everyone has the luxury of clients and marketing agencies like that. I wasn’t sure whether or not I did until I tried it. I can’t know for sure until it’s needed whether I would have simply refused. I really wrestled with the idea of not doing my level best work as a technical implementer.
I found Kevin Burke’s “Ethics” to be a really great way of working [1]. He based it on an earlier piece by Kyle Kingsbury [2].
I know if I don't do it someone else will so it doesn't really make a difference - but at least I can retain some sense that I'm not the kind of person who does bad things, and that's worth something.
With web tracking you can at least be 'careless' in your implementation and 'accidentally' make it not work very well because most of the time nobody will ever test it properly. No way to get away with that with this "Bossware" stuff, it'll be in active use all the time.
Hope you find something better soon.