Please don’t flame me too bad, I understand that although privacy and libre software are important to many in the Linux community, my opinions may be outside the scope of consideration for some and I respect that.
Personally, conscientious consumerism and privacy are some of the primary reasons I use Linux. I prefer community>private business>corporate when I am choosing products and services.
-System76
About 8 years ago I purchased a laptop from System76, the customer service was incredible and the machine exceeded my expectations in build quality and performance.
Recently I’ve been in the market for a smaller machine, like a Thinkpad X1, StarBook 14 or System76 Lemur.
Last week, when I visited the System76 website they used Plausible’s open source analytics on the home page (which is a great alternative to Google’s proprietary hardware fingerprinting algorithm), but once I added the laptop to my cart to checkout, I noticed the third-party trackers, apis.google and ajax.googleapis load on the webpage. Google’s reCAPTCHA was also required to complete the purchase. Hell, even Discord has switched to hCaptcha at this point citing their laughable “Gamer Privacy First” policy.
IMHO, I find it hypocritical that System76 does so much great work disabling Intel’s IME and contributing to coreboot, but chooses to embed proprietary tracking software on their website when open source alternatives are readily available.
- Reaching out to System 76
After completing 14 reCAPTCHA’s I was finally able to get a dialogue with Stetson at System 76. He said that “System 76 takes user data privacy and security extremely seriously, but they would continue to use Google services.” His recommended solution was placing the order over the phone if I wasn’t comfortable having third-party tracking during checkout.
This is not a solution for me because I don’t want to do business with a company that monetizes user data for profit. In my experience, companies that monetize data (Alphabet, Meta, etc…) offer web services cheaper than competitors that don’t, in exchange for access to user data. So, if you’re getting a commercial service cheaper from a company that sells your user’s data, you’re also profiting from the sale by paying a lower premium for those services.
Personally, I do not think you’re taking user privacy “extremely” seriously if you’re running third party trackers and choosing reCAPTCHA (not a privacy respecting service) over hCaptcha on your website.
I really like System 76 and I want to support them with my next purchase, but presently I feel like they are saying one thing and doing another and choosing privacy respecting libre software some of the time when it suits their marketing, but proprietary anti-consumer tracking services when it’s more profitable.
There’s still a business, and they need to be profitable, so they’re doing things a business does to stay profitable. But they’ve stayed very true to their philosophy.
Is the use of these APIs during the checkout process enough to make you go to a different company? What company would you go to that doesn’t use any trackers?
Yes, as I stated in the beginning of my post, personally I value privacy and ethical business practices and imo, if you sell hardware, make money on hardware while not additionally monetizing your customer’s data through discounted web services. So the fact that they use services monetizing user as a way to increase profit margins is enough to make me choose another company. The only company I know of that sells a Linux Laptop not partaking in this sort of thing is Purism and they have very little selection. I’m open to other suggestions if someone knows of another company?
You might also consider the saying “perfect is the enemy of good”. If you can find something perfect, that’s great, but if not… Don’t go with the worst option.
They themselves are almost certainly not getting paid for the user data. Rather they might use Google analytics and such to know who the target audience for their products is. So they could pay for better ads.
They’re using Stripe, and they require it if you have any sort of carding attack, or other fraud attempts. They’ll disable your account otherwise. And, this isn’t just Stripe, I’ve encountered it with all payment providers I’ve implemented.
Ecommerce pretty much requires it these days, and yes, most gateways require Google’s as it’s the “industry standard” at the moment.
Purism also requires Google services because of the payment processor they use.