Dave Smyth 2020-10-17T00:00:00+00:00 <![CDATA[Balancing privacy & marketing]]> Dave Smyth 2020-10-17T00:00:00+00:00 What does it mean to run a privacy-focused business? What does that look like and involve? Is it just GDPR – cue eye-rolls – or is there more to it than that?

These are some of the questions I’ve been thinking about recently.

The introduction of GDPR in 2018 created mass panic as businesses raced to meet the deadline. To many, compliance was – and in some cases still is – seen as needless hassle.

I’d guess that’s in no small part due to the nature of the topic and its role as regulation. But it’s also a complex area with plenty of nuance, something borne out by the number of larger companies that either don’t understand or choose to ignore the legislation.

Privacy is a much bigger topic than GDPR.

The Wild West of the Web

We’re emerging from somewhat of a wild west of data collection.

For years, websites and internet services have been collecting anything and everything they can about users. Often without user consent or awareness.

This is frequently justified as ‘essential analytics’ or ‘optimising advertising’. But the real reasons businesses do it is because collecting this data is easy and cheap/free. And because they can.

Marketing > privacy

It’s easier to pitch the benefits of marketing (money) against user privacy (expense, hassle, legal). And business owners have been told they need to collect All The Data to optimise their sales and increase margins.

A classic example would be email marketing. Most mailing list platforms allow marketers to track:

  • When a recipient opens an email
  • How often they’ve read an email
  • Where they are when they read it

This is often possible even after a user unsubscribes. Some mailing list providers will even opt-out users who they don’t think have read emails in a while (i.e. recipients who block these trackers).

Many recipients will have no idea they’re being tracked in these ways. They’re certainly not made aware of this when they sign up.

Running a privacy-focused business

Here’s the rub: many of us don’t like the idea of our data being harvested, yet we’re happy to track users because money.

It would seem that if we want to effectively market to users and respect their privacy, that creates a tension. Is that the case or does it just require a change in thinking?

Let’s say we turn off email tracking and don’t send data to Google or Facebook. Perhaps – instead of a ‘loss of insight’ – we can view it as an opportunity to build better relationships with audiences and customer bases, rather than relying on spying on their habits.

The privacy scale

I’m no expert in this field and – at a micro scale – I’ve used some of these privacy-invasive tools in the past. Things like:

  • Aggregated data on open rates, clicks and audience locations in mailing lists
  • Subscriber tagging for email sequences
  • Demographically targeted Facebook and Google ads
  • Session recording (with tools like FullStory)

These things are daily practice in marketing world but in hindsight they feel pretty icky, even at the tiny scale I used them.

Of course, tools that offer analytics encourage users to use them. As a small business, it’s easy to think using them has little bearing on privacy matters: it’s the big advertisers that are doing the really nasty stuff, right?

I’d guess that the combination of all small businesses who use these services inadvertently contribute significant amounts of data to these big tech firms.

I’m also conscious that there’s a sliding scale. It would be difficult – reckless even – for a business to stop advertising on Facebook or Instagram if that produces a significant portion of its revenue.

That might present an opportunity to build alternative and privacy-focused marketing streams, with a view to reducing the need to advertise on those platforms. But that’s not going to happen overnight.

Stepping away from the data

Moving away from these tools takes time, effort and money. It’s work.

That’s assuming we’re aware of what the problems are and how we can resolve them: whether that’s changing settings or using alternative services.

There might be clear alternatives to services like Gmail or Google Analytics. But what are the options for businesses who rely on retargeting or other data-reliant techniques?

I’ve started to pull together lists of resources and articles that have helped change my thinking on these topics. For now, it’s mainly a series of connected and unconnected thoughts.

I’ll share these in my mailing list – there’s a signup below – but I’d also be interested to hear from freelancers and small business owners who are thinking similar things.

]]> <![CDATA[Cookies]]> Dave Smyth 2020-07-19T00:00:00+00:00 Cookies present issues for website owners and users alike, and they’re nothing new. While the GDPR and PECR legislation have encouraged companies to proactively consider user privacy, the basic cookie requirements are neglected on a large number of sites.

Cookies fall into two categories: essential and non-essential. The Information Commissioner’s Office (ICO) describes essential cookies as:

...strictly necessary to provide an ‘information society service’ (eg a service over the internet) requested by the subscriber or user. Note that it must be essential to fulfil their request – cookies that are helpful or convenient but not essential, or that are only essential for your own purposes, will still require consent.

Good examples of this would be cookies that determine whether a user is logged in or not, remembering the items in a user’s shopping basket, etc.

Everything else is a non-essential cookie.

That might include cookies that:

  • Improve a user’s experience
  • Provide marketing data (e.g. Facebook Pixels)
  • Track users around the internet

The same cookie might be classified differently on two sites depending on the functionality that a site requires.

One of the key points around cookies in the PECR is that websites must seek consent before setting non-essential cookies:

Just because users may be unlikely to select a particular non-essential cookie when given the choice, or because the cookie is not privacy intrusive, is not a valid reason to pre-enable it.

Crucially, analytics cookies are not classed as essential, therefore permission should be sought before these are set.

The ICO article goes on to further explain – in clear terms – what is considered valid consent. Valid consent does not include cookie banners that:

  • State “by continuing to use this site you accept our use of cookies”
  • Over-emphasise “Agree” or “Accept all” buttons
  • Don’t allow users to make a choice

I don’t have data on this, but almost every website I’ve checked that uses a service like Google Analytics sets the cookie before the user accepts/rejects permissions. Many of these don’t give users the choice to turn non-essential cookies off.

These breaches aren’t limited to small companies that may not have the resources or time to fully explore/understand these laws.

Here’s a screenshot of the cookie permissions page from Channel 4’s All 4 app:

The All 4 app’s settings don’t let users turn off analytics cookies.

It’s impossible for users to turn off analytics cookies. Channel 4 explains their rationale for requiring this as follows:

The policy states, “We can’t fix or improve what we can’t measure. We receive information about the programmes you watch, the parts of our service that aren’t working well, and which version of a page works best. We access descriptive information about your device, such as model and manufacturer, and use a first part cookie to recognise it. We use viewing information to serve more relevant advertising. We never access personal information from your device such as your name or email address”.

In short, they justify the use of requiring these cookies on the grounds that:

  1. They want to ‘improve’ the service
  2. They need to know what device you’re using
  3. They want to serve more ‘relevant’ ads to you

Apparently, that’s all ok because they ‘never access personal information from your device such as your name or email address’.

That seems reasonable, right? Yes, except for two points:

  1. Using the app requires a user to be logged in. That means the information is already associated with the user (irrespective of accessing a name and email address).
  2. Setting these cookies is explicitly prohibited.

This is an organisation that clearly have the resources to be clued up on this stuff. And they’re not the only ones to ignore these regulations: I’ve seen many companies take a similar approach.

Why don’t they comply?

The underlying issue is that if sites fully complied with these laws, their current methods of collecting analytics data would mean their data is seriously inaccurate. Every user who didn’t specifically allow statistics cookies would not be counted and their movements around a site wouldn’t be tracked.

There are privacy-focused alternatives, like Fathom (that’s an affiliate link) or Simple Analytics, but the technical limitations of not setting a cookie limits the available data. To truly comply with the regulations would require companies to take a different approach to collecting and interpreting the available statistics.

That may also mean a change to online advertising models, too.

These are not bad things.

But while companies feel free to flout the regulations, analytics data is cheap and easy to come by: “cheap” if you’re not the user, that is.

Future solutions

Banners and notification overload are one of the difficult things about this whole malarkey. Even if a website uses a cookie wall, many users will accept all cookies because:

  • They just want to get rid of the banner
  • It might be the highlighted option
  • The microcopy might be confusing (e.g. “Accept all”, “Accept”, “Save” or “Save all”)

Or they may even be happy to have their data collected.

We already know that users don’t like waiting a long time for a website to load. The last thing they want is to wade through a load of complicated – and technical – options to decide on cookie use.

One solution would be for this to be tackled at the browser level. Browsers could define a way for websites to declare essential and non-essential cookies: the latter could be further divided into common subcategories (“Marketing”, “Analytics”, etc).

Website owners could then hook their cookies into these and users could set their default preferences for all sites, with exceptions as they want.

A widespread approach like this would encourage companies to finally take note of the cookie requirements, but it’s difficult to see this happening.

Google develop Chromium which powers Google Chrome, Microsoft Edge, Brave and others – possibly as much as ~60% of internet browsers. They almost certainly benefit from the data collected through Google Analytics and Google Ads – both services that need cookies to work best.

For general internet users concerned about online privacy and whether companies should be rewarded for ignoring regulation, now would be a great time to consider using Firefox as their main browser. It’s an excellent browser with a privacy-focus, demonstrated by their recent rollout of Facebook containers that stop Facebook tracking users around the web.

Browser diversity is important for all users if the web isn’t going to become a monopoly. If there is only one browser – and that browser happens to be controlled by a company who benefit greatly from the collection of ‘free’ data - the future for user privacy looks bleak.

]]> <![CDATA[Gumroad vs Payhip]]> Dave Smyth 2020-07-06T00:00:00+00:00 Gumroad is one of the most well-known platforms for selling digital products. I’ve used it to sell on both Work Notes and CSS For Designers.

After some recommendations and exploring the features, I switched both sites over to Payhip. About a month later, I switched CSS For Designers back.

The two platforms offer similar functionality. Integrating the services is similar but not the same and even the design of the dashboards is similar.

So, why the change and why the change back?


One of the most obvious differences between the services is pricing. Gumroad offers:

  • A free tier where the transaction fee is 8.5% + 30¢
  • $10/month tier (for fewer than 1,000 customers) with a reduced fee (3.5% + 30¢) and some other benefits

Payhip’s free tier is a little more generous. There are no feature upgrades, just lower fees:

  • Free tier: 5%
  • $29/month: 2%
  • $99/month: no transaction fee

Despite this, cost wasn’t really a consideration for me. Both services have free tiers with an option to upgrade when sales volumes justify it.


There were a few key features that attracted me to switch both of my sites to Payhip.


Payhip can charge customers in GBP. Gumroad can display prices in GBP, but customers are always charged in USD.

This caused some friction in the payment process as customers:

  1. Weren’t sure they were charged in USD
  2. Might be charged conversion fees by their bank
  3. Were confused why a UK-based site would charge in dollars

These concerns are understandable and cause needless friction.

EU Digital VAT

One of the main benefits of both of these services is that they totally relieve sellers of dealing with EU Digital VAT.

Payhip even allows sellers to choose whether EU Digital VAT is added on top of the list price, or to absorbed into the price. That’s a really nice feature.

Integration similarities

The integration for Gumroad and Payhip is remarkably similar. Payhip’s is a little more cumbersome, but there’s barely any difference.

Even Payhip’s Webhooks are remarkably similar to Gumroad’s Ping. This made the switch fairly straightforward.


One other difference is how payouts are handled. Gumroad holds all payments for a week before issuing payouts through Stripe on Fridays. On Payhip, payouts are made one week after each purchase.

This is a plus and a minus. On one hand, Payhip pays out quicker, but that can mean a significant increase in bookkeeping.

It also seems that Payhip’s refunds need to be handled through Stripe, rather than Payhip dashboard. On Gumroad, this is handled through the account.

Payhip’s missing features

Switching to Payhip was remarkably easy, but after some time, I found some subtle differences and feature limitations. Ultimately, these caused me to switch CSS For Designers back to Gumroad.

Gumroad have developed lots of new features for variable products and subscriptions. A particularly useful subscription feature is the ability to automatically suspend a subscription after a specified period.

This isn’t possible on Payhip yet. Depending on your use case, that could be a dealbreaker.

Another longstanding feature on Gumroad is the ability to set suggested prices on pay-what-you-want (PWYW) products. Payhip offers PWYW pricing, but there isn’t an option to set a suggested fee.

That might not seem like a big deal, but if customers can pay anything, it’s useful to given a suggested value (i.e. $5).

Lastly – and this is a big ’un – Payhip requires users to opt-in to mailing list integrations. When I contacted their support, I was told this is for GDPR reasons, but there are lots of legitimate GDPR-compliant reasons that a seller might want to add users to a list (e.g. transactional emails).

Gumroad lets sellers automatically add users to mailing lists, which is useful for follow-ups and other things. If transactional emails are important, this is a big consideration.

It’s also worth mentioning Gumroad’s workflows. These allow sellers to send automated follow-ups through the Gumroad interface, which is a nice feature not available through Payhip.

Wrapping up

As ever, the Devil’s in the details. Many of these differences aren’t clear from the feature descriptions on either Gumroad or Payhip.

Both platforms have some great features, though neither are perfect. Ultimately, it made sense to move CSS For Designers back to Gumroad, but I’ve kept Work Notes with Payhip.

]]> <![CDATA[Thoughts on HEY]]> Dave Smyth 2020-06-27T00:00:00+00:00 The launch of HEY has been pretty divisive. That might be expected given the founders have created such an opinionated product for a fundamental internet function.

I’m coming to the end of my trial and it’s been a positive experience. It’s not a perfect product, but it’s already improving my email workflow and I’m interested to see what happens next.


Like many people, I use email as a to-do list, and not a particularly functional one. Unread messages needed to be actioned, and I’d be hoping not to accidentally leave a message ‘read’ or archive it.

For years, I used the native Gmail app. This worked ok, but switching between email services was a bit of a hassle, especially as I had six email accounts to check:

Things improved when I started using Spark. I particularly liked the calendar integration and how pinned emails displayed, but some ongoing sync issues forced me to rely on backup email apps.

Using HEY

A few things stood out to me as attractive HEY features:

  • Screening emails
  • Bunching emails from a single sender
  • Focus & Reply
  • Separation of Reply Later and Set Aside
  • Renaming email subjects
  • Privacy-focus

A couple of years ago, I looked into the possibility of blocking all incoming emails except for specific senders. This is possible with Boomerrang, but only on their $15/month plan.

Though HEY doesn’t offer this exact functionality, I thought the combination of services might help to achieve the same effect: reducing day-to-day email clutter and everything that brings.

Email workflow improvements

Here are the benefits I’ve found:

  1. Screening emails forces me to make a decision about a sender. That might mean accepting but unsubscribing, sending all emails to The Feed or something else.
  2. Bunching emails from a single sender is incredibly useful for some clients who might send several emails a day.
  3. Reply Later, and specifically the Focus & Reply mode, is a great productivity hack. Previously, I’d have replied to things immediately, but I now bunch up emails that might take a few minutes and crank through them in a much more efficient manner.
  4. The Feed is a neat way to browse newsletters and other promotional stuff. As the emails are already open, I actually look at the content: something I never did in Gmail’s Promotions/Updates/Forums folders.
  5. As someone who uses email as a to-do list, Set Aside (pinning) is a useful separation from Reply Later.

The combined effect has been a much calmer email experience. Even though I usually have emails to respond to, the Imbox is regularly empty: something that almost never happened before.


A few things I’d like to see:

  • The ability to automatically filter emails by subject/body content as well as the sender. This is already possible on a per-email basis, but it would be nice to automate this.
  • Calendar integration.
  • Schedule send – I can reply later, but I don’t necessarily want the emails to go out then.
  • Easier mark read/unread in the Imbox and Feed.

Custom domains will rollout soon. That will be another good thing as “business” accounts/custom domains will bolt-on to personal accounts: no account switching.

It’s been encouraging to see how the founders have responded to feedback, so it will be interesting to see where they take the product next.

Summing up

One of the main attractions about this product is that it’s privacy-focused. For me, that alone justifies the price (as it does with services like ProtonMail).

There’s no doubt competitors will copy features that prove useful. But the privacy aspect is something HEY will always have over much of the free competition.

It’s true that HEY might not be completely revolutionary: I could have replicated some of the features and sorted out a much better email system with filters and blocklists. But even after all these years, I hadn’t done this.

For me, that’s where such an opinionated service is handy. I don’t want to have to make decisions about how to sort out my email: for now, I’m quite happy to use HEY’s system.

That won’t be the case for everyone. If you’ve got a good system in place and like how your email works, HEY might not be an improvement for you.

For me, the UI and email workflow has forced me to change the way I manage email. So far, that’s been a good thing.

]]> <![CDATA[Leaving Facebook]]> Dave Smyth 2020-06-05T00:00:00+00:00 After fourteen years of Facebook activity, I’m finally deleting my account.

I’ve barely used Facebook in a personal capacity for a few years. More recently, it’s been useful to keep in touch with friends and family, but there’s always email or phone.

I’ve also benefitted incredibly from the freelance groups I’ve been a part of:

For any freelancers on Facebook, I’d heartily recommend checking these groups out.

Now feels like the right time to cut ties with Facebook. I recognise that being tech-agnostic is somewhat of a privilege, but I don’t think sticking around for my own convenience is justifiable any longer.

Why now?

I’ve been uncomfortable with Facebook for a long time. Since the Cambridge Analytica scandal, Facebook haven’t done anything to improve the quality of – or ban – political adverts.

Twitter is hardly a perfect, but at least it banned political ads.

Facebook isn’t free

I’ve been listening to “Oversubscribed” by Daniel Priestley recently. In one chapter, he describes how companies that don’t heavily target their ads are at a serious competitive disadvantage.

He goes as far as to say they’ll be run out of business.

An overdramatisation perhaps, but it’s pretty stomach-churning to think about the data profile we let these companies collect. For free.

In my fourteen years as a Facebook user, they’ve collected over 700MB of data about me. Images and videos make up 200MB of that, leaving over 500MB of messages and profile-building data.

To put that into context, the text in this post adds up to 4kb. Facebook’s collected 125,000 times that data in 14 years.

That’s roughly 35MB of text/profile data per year. Or 3MB per month.

All the time this data profits Facebook’s advertising model. Whether that’s companies targeting users for products or political parties during a campaign.

Targeted advertising and unethical user tracking have to end.

Facebook is not neutral

Twitter stirred up news when it started moderating Donald Trump’s tweets. This is no love letter to Twitter: the Will they suspend me? account demonstrates beautifully that not all tweets are treated equally.

But Facebook refuses to do anything. At some point, we have to decide whether we want to be associated with – and fund – a platform that chooses silence over action.

Instagram & WhatsApp

These Facebook-owned platforms are trickier to leave. WhatsApp might be easier as there’s a direct competitor in Telegram – I’ll need to convince family to move to that.

I mainly use Instagram that to support freelancers and small business owners through Work Notes. For now, it feels more important to continue that work than to leave – at some point that might change.

]]> <![CDATA[Using video for design feedback]]> Dave Smyth 2020-05-22T00:00:00+00:00 Getting design feedback can be tricky.

Everyone knows you shouldn’t just send a mockup and ask what do you think? But in an age of online meetings, Sketch, Figma, Invision and whatever else, how do you get away from that?

Introducing video

On the Boagworld podcast, Leigh Howells talks about presenting designs through video. He says this tackles a few common issues:

  1. Anyone watching the video can’t see the design without hearing the commentary. Though this is technically possible, they’re more likely to listen to commentary than read a long email.
  2. This extends to comps passed on to people outside the project team. Even if you take the time to explain a comp to someone, there’s nothing to stop a client forwarding that onto someone with a no context “whaddya think?”
  3. If there’s anything demonstrated in a browser, it lets you present quick code mockups in a browser that you know works. This reduces the chance of a key decision maker loading your demo in IE5 and asking why it doesn’t work.

First attempts

I’ve been experimenting with this idea on-and-off for a while.

Initially, I was recording my screen and uploading to Vimeo.

Don’t do this unless you like dealing with:

  • Huge file sizes, likely requiring reformatting
  • Bad aspect ratios
  • Long upload times


I now use Loom and it’s brilliant:

  • You can choose whether to record the whole screen or a single window
  • The app can include a video of you in the corner, which makes the recordings more personal
  • There’s no upload time and links are instantly shareable
  • Loom can tell you when a client has viewed the video...if you need that...

Presenting initial ideas

Taking the lead from Howells’ method, I’ve started using video to present all initial design ideas.

Starting with wireframes, I’ll send a video that talks through the decisions I’ve made and the considerations behind them. I might also discuss ideas that didn’t make the cut and why. Demonstrating this through video is really straightforward.

Introducing video so early in the process gets the client used to receiving design ideas in that format. When we move to higher fidelity mockups, video really comes into its own.


At this stage, I’ll start by covering everything we’ve done so far:

  • Research
  • Project goals
  • Moodboards/references
  • Wireframes

Going over this helps clients to understand how the mockups have come about. The designs shouldn’t be a huge surprise.

The video format lets me discuss colour, type, layout and other design ideas in context. That can be difficult in other formats.

It also allows me to address potential objections before they’re raised. Demonstrating why the logo isn’t bigger, possibly by resizing it on-screen in the video, can be incredibly powerful.

Addressing feedback

It can be difficult to describe usability or accessibility issues in an easily understood manner. I find that using video helps clients understand much more easily, and it reduces any feeling that it’s just an excuse.

If you’ve ever had clients ask you to centre/justify paragraphs of text, or use illegibly light grey text, you’ll know that these can be difficult arguments to win. Even if video doesn’t change the result, it can help clients understand in a way they couldn’t before.

Other benefits

Once a client has seen a demonstration, I’ll send them a link to the Balsamiq/Invision project. These apps are great for feedback, but there is still a (small) learning curve.

The video format lets me quickly explain how these interfaces work, helping clients feel confident to add feedback in the app.

Another side effect of video is that the service feels much more personal. Every client I’ve done this with has loved receiving the videos, being talked through the process and the decision making.

In turn, that helps to get clients on board and become advocates for the work you’re doing. In my experience, at least.

None of these things are exclusive to presenting through video, but I’ve found it to be an incredibly effective way to communicate with clients.

]]> <![CDATA[Launching a personal site]]> Dave Smyth 2020-05-21T00:00:00+00:00 As I launch this site, I maintain several projects:

Each of these has a blog. I write about CSS on CSS For Designers, freelancing at Work Notes and design/website things at Websmyth, so why another one?

There are still things I want to write about and document, that don’t fit neatly into those categories:

  • Thoughts about design process
  • Short posts/articles
  • Things I’ve learned
  • Unfinished thoughts/ideas

That’s the plan. Let’s see what happens.