Category Archives: Wider Internet Issues

General Interenet observations not related specifically to websites or SEO.

General Data Protection Regulations (GDPR)

GDPR Ticklists to Help You if You Missed the May 25 Deadline

the word privacy in a sort of google fontWant to go straight to the ticklists?

Or straight to the sole trader bit?

I wonder how many businesses have deleted 75% of their hard-won contacts with “essential you opt back in” email campaigns? And they will lose them, because of this knee-jerk reaction to GDPR.

  1. everyone receives so many they’re ignoring them
  2. they’re probably not necessary
  3. they may be illegal under other regulations

You do need to act, but there’s no need to panic, even if you missed the deadline. This myth-busting piece in The Guardian may help put your mind at rest.

Like most of you guys, we’re a very small business, and this is our take on how it apples to us. This is what we’ve done, and what we’ll be doing in future. This post covers,

BlueTree GDPR Promise

We promise to treat all personal data with respect, and we’ll never knowingly share it with anyone else, nor use it for any purpose other than that for which it was collected.

GDPR Tasks to do Before May 25th

GDPR seems common sense, and we don’t have to change much anyway. Our compliance is based on this understanding:

  1. Make a list of all the places you hold personal data. We have one in a Word document.
  2. Be clear about what data you collect and why. For marketing, we hold email addresses, phone numbers and, for accounting, postal addresses.
  3. Write and Publish your Data Protection Strategy, optionally on your website. Here’s ours.
  4. Draw up plans to implement your strategy; you might not finish implementing them it before 25 May.

Before or After May 25th

  1. Only use personal data for the purpose you collected it and don’t share it with anyone else. We don’t.
  2. Hold personal data securely. We use networked, personal computers, with strong passwords. We store some in “the Cloud,” where it’s held securely by reliable, global corporations, namely Google, Dropbox and MailChimp. We don’t think we’re liable for breaches they may make, though we may need to contact people affected.
  3. Add people to your marketing list only if they opt-in; we use sign-up forms.
  4. Avoid collecting data from minors. We’ll do our best to identify them.
  5. Respond promptly to requests for copies of personal data you hold. We’ll do so for anyone who requests it on this form (it’s our usual contact form).
  6. Allow people to amend or delete their data. We’ll do this if they request it on the same form.
  7. Add an unsubscribe link in marketing emails and delete unsubscribed people. No need for us, MailChimp does this anyway.
  8. Tell the Information Commissioner, and people affected, if you get hacked. We can do this if it ever comes to our notice.

Simple GDPR for Sole Traders and Micro-Businesses

BBC Radio 4’s Money Programme (20 May) had some advice for sole traders and small organisations. You can download the podcast here. The bit about GDPR starts 21 minutes in. The example they used was a small allotment society, and the advice covers micro-businesses (like sole traders and partnerships) too. This is what we so.

  1. GDPR applies to business contacts, not to personal contacts, though if you do business with a friend or relative, that contact is affected.
  2. Existing contacts. There’s no need to stop mailing people already on our list:
    1. It’s fine keep personal data we have already, if we have a good reason to do so, e.g. they owe us money, or we do work for them sometimes. This is called a “legitimate interest”, apparently.
    2. It’s also fine to keep it if they gave us consent when we collected it; we won’t be asking anyone to opt in again unless we’re sure they didn’t consent.
    3. If we want to use personal data for anything other than why we collected it, we’ll ask for consent.
  3. New contacts, people whose data we want to store. We’ll ask their permission, tell them why, and that we’ll change or delete it if they ask you to.
  4. Security. We’re sure the paces we store it are secure. These include phones, computers and “cloud” storage; they’re protected with a PIN or password.
  5. Website. We collect personal data on our website with a sign-up or contact form; it’s encrypted, secured with an SSL certificate (HTTPS) – more on our blog here, and protected from web spiders with a reCAPTCHA,
  6. Updates. We promise to supply, change or delete their personal data if anyone asks.

You’re also supposed to have procedures in place, but sole traders and tiny businesses don’t do this formally, as a rule. Here at BlueTree, we have a list of places where we store personal data (MS Word document) and a short GDPR policy statement, published on our website.

Free GDPR Tick List Templates

We like tick-lists: lists of things to do, expressed as 1-liners. They’re terse task reminders, in sequence if that’s important. Print them out, tick off the jobs as you do them, then file the completed list as evidence of completion.

There are two GDPR template tick-lists in this document: start-up and on-going. Yours to use as they are, or modify, so long as you don’t blame us if anything goes wrong. Here’s your link.

Disclaimer and Where to Find GDPR Advice

We’re neither legal eagles, nor GDPR experts, and we’ve decided what to do after researching the subject. You’re welcome to copy what we do, but please don’t hold us responsible if anything bad happens.

By all means, copy our policy and put it on your website, but please don’t copy / paste it. We explain this here, help for new web page authors, “Golden Rule”.

If you search for “GDPR” using your favourite search engine, you’ll find masses of information. This is a problem: there’s too much, so how do you know which is correct?

We’ve found these pages both credible and informative.

  1. Information Commissioner’s advice on GDPR
  2. Federation of Small Business’s GDPR Preparation Checklist
  3. Myth-busting explainer article in The Guardian

Best of luck!

PS: If you think we got anything wrong, or have a question, please leave a comment here. It’ll help others reading this post as well as us.

how google chrome identifies a secure website

Encryption: Improve Your Search Position Step 2

Step 2 is About Encryption

digital encryption padlock on green screenThis time we’ll discuss website security, what it is, why it’s important, and what you need to do about it.

This is a long post, so I’ll summarise it.

The Internet is becoming more security conscious. Some web browsers now issue warnings when you visit a website that isn’t secure. The others will follow. Warnings put visitors off. If you don’t want to lose visitors to your site, you need to encrypt it.

The next post in this series will explain how we are encrypting all BlueTree CMS user sites.

Meanwhile, in this post:

But first, a story.

A Website Encryption Story

We just finished a new website for a client. Stuart was very happy with the design and content, but there was a problem. He checked it on his phone, only to be told that the site was not secure! His SSL certificate doesn’t match his website.

browser pop-up that shows when an SSL certificate is invalidNow, he doesn’t have an SSL certificate, neither does he need one – any more than anyone else, that is.

We traced the problem to his phone’s over-zealous software. Our servers host many websites, some of them encrypted. The phone software wrongly assumed that, because one of the sites has a security certificate, it must apply to his as well.

No website owner wants to see something like this when visitors go to their website. So we installed a correct, temporary certificate for him.

Why Encryption Matters

Clandestine forces are eroding the Internet ideals of free speech and openness. Internet freedom is under threat from wealthy individuals, corporations, hackers, even government agencies, with

  • fake news designed to mislead
  • trackers that collect personal details
  • algorithms that control the news we read
  • data collection to support identity theft and secret government snooping

Encryption is one way the good guys are fighting back. They’re persuading us to encrypt our websites. As one encouragement, search engines are starting to reward encrypted websites with better rankings.

Here are two more reasons:

  1. The GDPR Data Protection Regulation: if you collect any personal information on your website, it should be secured to reduce your risk of compromising it.
  2. My antivirus software, Webroot, puts a big green tick next to search results it deems safe. So do many others. You’ll notice that the search result below has HTTPS:// in front of our web address. This means the website connects securely with your browser. The “S” stands for “Secure”.search result with green checkmark showing it is safe to visit

Back to top.

Benefits for You

Here are four reasons to encrypt your website:

  1. Your visitors won’t be put off by dire warning messages, like Stuart was
  2. Visitors will see at a glance your how google chrome identifies a secure websitewebsite is safe, because their browsers will display a closed padlock in the address bar; this is Google’s Chrome browser making it obvious
  3. Hackers won’t be able to snoop on your visitors
  4. Google will rank your website higher, some say as much as 5%

Many internet users are not tech savvy, so may not notice. Don’t expect this to last, however. How long ago was it that nobody understood the cookie message you now see on every website?

firefox insecure login warningWorse, if you’re asking for feedback, or collecting an email address, they’ll certainly notice something like this.

Chances are they’ll move away and you’ll lose their input or a valuable lead.

Back to top

Secure Websites Are Encrypted

My browser talks to your website using text messages. They’re structured formally, but you can read them using Windows Notepad or Apple TextEdit. Anybody can read them, including hackers.

you accessing our website over the internet cloudThese messages run over the Internet, AKA The Cloud. On the way, they pass through many servers. Servers are computers and can be hacked, exposing your messages to hijack.

Encryption converts the messages into gibberish using a cypher, possibly the oldest form of secret writing. Julius Caesar used a simple “Shift Cypher” in his correpondence. With a shift cypher, you swap each letter of the alphabet for another. “A” becomes “F”, for example, “B” becomes “G”, “C” becomes “H”, and so on. Each letter is shifted six along in this example. So BLUETREE becomes VFOYMLYY.

It’s fairly easy to crack. “E” is the most commonly-used letter in the English language…

Digital encryption is much more sophisticated, as you can imagine. It’s so secure that the US Government has tried to ban it – for some reason :-).

Back to top

Digital Certificates

Your website needs a Digital Certificate to make encryption work. Issued by a trusted authority, the certificate must be installed on your web server. The certificate provider verifies your website is owned by your company, and the certificate is proof that all was OK.

Once the certificate is installed, “HTTPS” will appear before your domain name in the address bar of each visitor’s web browser, and all communication will be encrypted. The S after HTTP stands for “Secure”.

When you look at a secure site, your browser will examine the certificate and establish that,

  1. a trusted party issued it
  2. it’s current and valid
  3. it’s related to the site you’re looking at (this is where Stuart’s phone software went wrong in the story above)

When it’s happy, your browser and the server will swap encryption keys, and you’ll be able to see the web page content. The keys are discarded at the end of your session.

There’s a complete explanation here that’s nicely written and easy to understand.

Back to top

In Conclusion

Encryption matters. All websites will be encrypted eventually. Steal a march on your competitors by encrypting yours now.

The time is right. The world moves on, the Internet world faster than most.

  • Our certificate cost over £100 a year ago and you can now get one free
  • Anti-virus software and web brosers are starting to identify non-secure sites, which they call “unsafe”

As the software evolves, some make mistakes, as Stuart discovered. Recent developments mean we can avoid this happening to your website.

In a later post, we’ll explain what we’re going to do about it, and how our plans will affect you.

Christmas E-cards with a Difference

 What’s The Difference?

Many people give to charity instead of sending paper Christmas cards. We do it too.

What if we could find a very special charity? One that:

  • treats the causes of poverty, not the symptoms
  • has transparent overheads, not taken from donations
  • has none of its money trousered by warlords or corrupt politicians
  • helps people work their way out of hardship
  • uses your donation over, and over, again

mmalemna-ayamThis charity is a crowd-funded bank that lends money to African entrepreneurs. Ten people donate £10 each and the charity lends £100 to start a business. £100 goes a long way in Africa.

This is Mmalemna Ayam. She wants a loan to grow and sell more onions to help feed her family.

When she repays our loan, we can lend it again to someone else.

Deki is Our Charity at Christmas 2016

deki logoRead all about it on their website. Tap “Play Video” and take just one minute to find out how it works. Then tap “Make a Loan” or “Donate” and help change somebody’s life :o)

And you can buy gift vouchers, so your family, friends, and important acquaintances can help more entrepreneurs work their way out of poverty.


When you’ve visited Deki’s site and made your investment (or even if you haven’t), come back and leave a comment on this page. Comments increase the authority of a page like this. The more comments, the greater the authority.

That increases the value of our link to Deki.

A Search Engine That Doesn’t Track your Every Move

What’s This All About?

Well, from time to time I Google, “search engines” just to see what comes up. There are quite a few. More than you might imagine.

Though it may take a while, the influence of mighty companies always wanes. It only takes one new upstart to grab the world’s attention and the market leader starts to make mistakes. Maybe this is Google’s nemesis, maybe not.

What if there were a new search engine that doesn’t harvest my on-line life for commercial gain? One that’s simple, clean, and it doesn’t tell me I’m missing out by not being logged in to my account? Just like Google used to be, in fact.

So What’s New?

Top of my search results was an engine called DuckDuckGo.

That’s impressive too, as it proves Google really does try to give users the best results it can. DuckDuckGo is, after all, Google’s competitor, albeit a small one.

What’s Special About DuckDuckGo?Duck duck go search engine logo

DuckDuckGo’s most obvious feature is that it doesn’t recognise you, remember you, store information about you, nor tailor search results for you. Every user making the same query gets the same results. Google delivers different search results depending on location, device you’re using, and whether you’re logged in to your Google account.

Next is the way it works. DuckDuckGo doesn’t crawl the entire worldwide web in the way other search engines do. Instead, it uses developers’ interfaces to other search engines, along with publicly available information from sites like Wikipedia. Altogether it has around 50 sources, which it filters and sorts using its own algorithms.

It’s a bit simpler than Google and it seems to work quite well.

Read all about DuckDuckGo on Wikipedia.

It’s in the news right now because Apple iOS 8 now offers DuckDuckGo as an alternative search engine.

Quick Search Test

To compare its results with Google, I tried a couple of searches. Not a great test, but since I wanted to do these searches anyway it seemed a good idea. I used the Firefox web browser, so they were both on the same footing.

Search 1: Buy a Kettle

Our electric kettle at home has broken and we need a new one. The best buy in Which? is the Dualit 72400, so I searched for that. This product is available worldwide and its has a relatively long lifespan.

Here are the top four results from Google, plus some ads:search results for kettle using google

As you can see, Google displayed three ads at the top this time, then the real search results. It doesn’t display the same ads, nor even the same number, every time. I used, so it knows I want to buy my kettle in the UK, even though I’m not logged into my Google account. It’s just given me UK-based web pages.

Here are the DuckDuckGo results for kettle using duckduckgo

Two ads from DuckDuckGo and then the first result is the same as Google’s. Both also have the Which? website at position four. However, DuckDuckGo included some .com results, which aren’t much use to me.

Google does this quite often, too, which is irritating, and it’s easier to convince DuckDuckGo that you want to search UK sites only.regional search selection on DuckDuckGo

Top right on DuckDuckGo’s search results page is a region selector button. One click sets it. This takes three clicks on Google and it doesn’t always offer the option, so then you’re forced to add “UK” to your search query – too many keystrokes :-(.

How to convince Google you only want to see UK sites.
Click Search tools > Any country > Country: the UK.change region method on google

They used to let you do this before searching. Can’t imagine why they changed it.

Search 2: Local Entertainment

I want to buy some tickets for what promises to be a very entertaining show at the Tobacco Factory in Bristol, “Elizabeth I: Virgin on the Ridiculous”, performed by “Living Spit”. We saw another of their productions in Portishead in June and it was very funny indeed.

This seems a good test because I’m looking for something that is a) local, and b) has a short lifespan. Here are the top four results from Google.

search for show using googleAnd here’s DuckDuckGo’s effort: much the same…show search using duckduckgo

They both have the Tobacco Factory website first and one other in common: Visit Bristol. The other results from both are equally useful.

Conclusion and Next Steps

Fom this very limited test, it looks as though DuckDuckGo may be a usable search engine, despite being relatively new. Its ethos is quite different from Google’s: it’s not out to make lots of money. It’s worthy of further investigation.

I’m going to continue using Google in my Chrome browser, which is permanently logged into my Google account. This always tailors search results specifically for me: it knows my age and gender, where I live, what I search for, my favourite travel destinations, the things I buy, my circle of friends and same things about them. Think how Google can influence my search results – and the way those very results influence what I do.

Interesting! Useful too, until (if ever) that influence is misused.

I use Firefox for development and research and I’m switching to DuckDuckGo for that. And I’ll definitely use it in Avast SafeZone, when I search for websites where I’m going to enter credit card or bank details.

If you’ve tried DuckDuckGo, we’d really like to know what you think of it!

How to Recognise an Internet Rip-off

Ripped off on the Internet

My Cousin was Ripped Off

Today my young cousin, Sarah, nearly 17, applied for a provisional driving licence via This site looks official, and invites you to “APPLY NOW” for your new or replacement licence. She checked “First Provisional Licence (with a view to passing a test)” and pressed the NEXT button.

Panel accepting fee from non-DVLA driving licence websiteThe site then made it very clear that she would have to agree to the £50 fee before going any further. This page shows the Visa and MasterCard logos and “guarantees” that “Your information is 100% secure.”

Now, £50 is what your first provisional licence costs, so that all look fine. Let’s get on with it!

Trouble is, when you’ve finished this process, you still have to pay another £50 to the DVLA for your licence. The “service” this website provides is simply to collect your details and pass them on to the DVLA. You can avoid the extra £50 charge by going directly to the DVLA’s own website, at Note the “.gov” in the website address, or URL.

Sarah’s mum was incensed, naturally! “How,” she said, “Can we get the money back?”

Sadly, the answer is, “With great difficulty, and you’re unlikely to succeed.” It’s just possible you might win a prosecution in the Small Claims Court. After all, one could argue that the panel above is misleading. It does imply that the £50 you’ll pay them is the “Application Fee” for your provisional licence. Sarah believed so; they’ll say you’re applying for their service.

Is it Legal?

Probably yes. It may be morally wrong, but it is probably legal. The website makes it very clear that it has nothing to do with the DVLA, which issues driving licences. It is also very clear that the service will cost you £50, that their (very long and likely to remain unread) terms and conditions apply, and if you continue then you’re committed to the fee.

To be fair, Google does try to encourage sensible website choices. The relevant .gov websites appear before (and others – yes, there are others) in many search results. And there are plenty of discussion forums that warn against scams like this. Check Mumsnet and Money Saving Expert

So What Should We Tell Our Kids?

dot gov logo

“Look for dot guv, love!”

If you’re looking for any service provided by the government, make sure you can see “” in your browser’s address bar. Most have this government website logo, too.

Where to Look for .gov

Here are some examples (at the time of writing) in Google Chrome, Firefox and Internet Explorer. Also look for a little padlock and the code, https:// to the left of the web page address.

a dot gov web page example in Google ChromeGoogle

a dot gov web page example in FirefoxMozilla

Microsoft’s Internet Explorer is different in that the padlock appears to the right of the address.

a dot gov web page example in IEMicrosoft


Portishead Picture Quiz Results

Child having fun with Portishead Christmas Picture QuizThanks to All Who Entered the Picture Quiz

Well, thanks to everyone who entered our quiz. It appears that, for every entry we received, there was at least one who started it but didn’t finish. From the feed-back we received (so far) everyone seemed to have had a good time.

Sorry, you can’t do the quiz again. We might decide to rerun it :o)

Picture Quiz Winners

We enjoyed meeting up with our two winners. They are, in a way, opposites.

First Prize PresentationThe first belongs to one of Portishead’s oldest families. With 29 points out of a possible 32, the winner was David Gale, retired auto engineer who has lived in Portishead since he was one week old. He knew some of the answers and solved those he didn’t by cycling around. “The trickiest one was the Seafarer’s Sculpture,” he said, “but once I worked out the most Easterly stone, I knew te answer. A school friend of mine had worked there, all those years ago!”

David’s was also the first entry received, making it an even more formidable achievement. Since there was no under-18’s winner, he chose the cash prize rather than the champagne.

Second prize winnersSecond prize, for scoring 27 points, goes to Paul Black, a new resident. This was a team effort from Paul, his partner Lynda French, and their Golden Retriever, Oscar. Paul moved to Portishead in 2005. He is a Homeopath and Bowen Therapist, who works in Portishead and Weston-super-Mare, and Lynda is an Acupuncturist. Visit Total Health Homeopathy to find out more.

Paul and Lynda are keen cyclists, run with the Portishead Running Club, and Paul is treasurer of the Portishead Yacht & Sailing Club. He said, “Oscar really enjoyed exploring different places in Portishead to find the answers. So did we!”

Lin Lawrence was one whose entry never made it. She emailed, “Loved the quiz. Lovely to know more about the place we live. Think I go around with my eyes closed. We are going to take it with us on a Devon weekend with the gang; it will make for an interesting evening.”

How We Calculated the Results

Since the “Judges’ decision is final,” we created a Master Result. You could have seen it here at one time, by clicking a link, but we’ve removed it in case we run the quiz again.

Next, we compared every entry with the master and scored it this way:

  • Wrong scored zero;
  • 100% correct answer, 2;
  • Satisfactory answer, 1.

In the case of a tie, we would add a bonus point for answers that go the extra mile.

Make an E-Christmas Card

E-Christmas Card Reasoning

E-cards seem like a cop-out to traditionalists, fine for a later generation. This can be true if you send the same card to everyone on your mailing list.

However, by sending a personal message with each card, you find a little time in your busy life to keep in touch with people you like and respect.  It’s the same as sending a physical card by post, except that:

  • it’s kinder to the environment, using less paper and fuel;
  • it saves you money, in cards and postage;
  • it saves time and fuel, as you don’t need to go buy and post them.

Now you can donate the money you’ve saved to your favourite charity!

BlueTree E-card

Our e-Christmas card is personal, one for each recipient. We send individual emails, with a link to a single page containing a general message for all recipients. We personalise it using a “to=” parameter. If you click this link, you’ll see an example.

We can change some of the text on the web page using our Content Management System, or CMS, but it changes for everyone. The individual message is in the email and the parameter.

Make Your Own

The “to=” parameter is too complex for the CMS. However, you can easily make an on-line e-card of your own, and keep the personal message for the email.

We’ll post more on how to do this later.

Another Email with Links

This Spam Email is from Fedex – NOT!

Here is another example. Read about the first here.

There’s usually a flurry of mails like this around Christmas. People can be taken in more easily if they’re expecting a delivery, as many do at this time of year.

Example of spam from Fedex

How to Spot It As Spam

There are two give-aways in this mail, on top of the time of year, which should make us all more vigilant:

  1. The word, “postrider”, which looks like a word made up by someone who couldn’t translate it from another language;
  2. The format of the “Get Postal Receipt” button, which looks very unprofessional.

What to Do Next

Our advice is always the same,

  • Don’t click any links, nor open any attachments;
  • Delete it or mark it as spam;
  • If you feel public-spirited, and it claims to be from an organisation, search for what they want you to do about spam.

Fedex has a whole micro-site about spam, which makes useful reading. It contains examples of common spam emails.

Finally, here’s a page with how to report spam to lots of major organisations. Thank you Marjolein Katsma.

Beware of Emails Containing Links

An Email from Facebook – Not!

Yesterday I received this spam email, “Here’s some activity you may have missed on Facebook.”

Example of a suspicious email which should be reported to Facebook


It looks quite Kosher, but I always check mails that want me to click on a link to a website. Just as well! It wasn’t going to send me to Facebook al all, but to somewhere else entirely. Actually is the web site of a holiday villa, but not the page in question. A hacker has hijacked their site, or their DNS.

This happened to a small business in Portishead earlier this year. Read about it here.

Don’t Click a Link

CHECK BEFORE YOU CLICK – even if you recognise the sender. It may be too late afterwards. Remember, the better-known the sender, the more likely they are to be imitated.

  1. Check the From address, in this case it’s, Facebook [agroinfo@pub….rect] agroinfo? Isn’t that enough on its own?
  2. In Outlook, hover on a link to see the targetHover on the link, DON’T CLICK, and check the target web page address. In Outlook, example right, it appears in a small window, but Thunderbird displays it in the status bar at the bottom.
  3. Is the link plausible? In this case, NO – it’s nothing like Facebook!
  4. Still not sure? Check all the links. If they all go to the same web page then get suspicious.

When in doubt, leave it out.

What to do next

If you’re happy, click that link.

If you’re not, mark it as Junk or delete it NOW. If it’s from someone famous, as this one is, search for what to do. In this case, I searched for facebook notify suspicious email. I found this page on the Facebook site, which asked me to forward the mail to

So that’s what I did.

Another Example

Another example arrived today, apparently from Fedex. Read our post here.

Portishead Christmas Picture Quiz

Santa's hat, picture, question mark: Portishead Christmas Picture QuizAbout the Quiz

Have some local fun, out and about on the Internet!
Maybe even win a prize!

Sixteen photographs, all taken in Portishead, sit on a web page. All you have to do, is wander round the town with a print-out, smart-phone or tablet, and answer a question about each picture.

The main thing is to explore parts of the town that you maybe haven’t seen before. The quiz runs for the whole of December, so there’s plenty of time.

Couch potatoes may be able to get some of the answers on the Internet, but not all of them … we hope!


The idea came to us when my wife and I were looking out to sea from Battery Point. We overheard someone say, “D’you know, I’ve lived in Portishead for over two years and I never knew this place existed!”

Perhaps there are long-time residents like us who have never walked around the Marina, too.

So, we thought it might be nice to encourage new residents to look around the old parts of town, and old Possett people to pluck up the courage and enter the new.

Hope you like it.