Even before migrating, I noticed some things that made even more self conscious of how small was the control I had over my blog: as someone that is actively dedicated on pursuing privacy, I realized I was doing a terrible job for my readers. Even though my blog was a static site, it had several trackers included that were related to different services I used. While migrating I realized that was even worse: some of the third party petitions where completely unnecessary and if someone was blocking from loading them (which is an entirely reasonable thing to do in a blog) it was probably finding some breaking errors. I just intended to share some of the things I learned, so I found most of these services not needed or easy enough to substitute. Here is the full list of sacrifices and improved services in this migration.

Using Google Analytics was simply a not well-thought decision. My hugo theme offered a simple way to include a Google Analytics token, so I chipped in just to try. What I found was an ubiquitous and thorough analysis of the visitors to my page: the perfect ego-trip tool. I never really though that it would include also giving Google tons of information about my readers in exchange for a few chart pies that are not of much use to me. That's why I decided to simply discard this service: if I need it in the future I will simply look for a better alternative.

The worst decision was to use Disqus. One day, while checking one of my posts on my phone, I discovered that Disqus was not only loading a lot of resources, but also was injecting ads into my posts. It was also miserably failing at its only purpose: centralising the discussion of the post. Instead, the discussion was scattered across Reddit, Lobsters, HackerNews and some other aggregators. Disqus asks to create an account to leave a comment, which is enough to dissuade most users to even try to do it. It is also owned by Zeta Global, a marketing agency that is most likely tracking their users across the internet a la Google. Therefore, I decided to simply not include a comment section any more, and let the readers join the discussion they prefer.

The last step was to get rid of the final tracker: Google Fonts. Although it was the last one, it actually was one of the easiest. Simply by downloading the fonts and uploading them to the repository, and creating all the @font-face tags to be used, it is possible to discard the trackers used by Google because of the typography of your blog (which is, actually, one of the weirdest reasons to include actually two trackers).

Now that there were no more third-party requests, its only left to add a proper HTTPS configuration. Although some people may argue its importance for a simple blog, I like to ensure my readers that they are reading the blog they are intended to. In GitHub Pages, after a four-year-old struggle, it is now possible to automatically generate an HTTPS certificate for a custom domain (plus, it is automatically renewed, which is something I messed up a couple of times when I had a Let's Encrypt / GitLab setup).