Hi all. If this is the wrong category, please move it :-).
For some some now I am intrigued by Hugo, and that intrigue has made me want to use Hugo for one of our corporate websites (instead of only using it for my personal websites). The problem is: I can’t seem to find people with Hugo experience in my country (The Netherlands). And the people that I can find don’t respond on GitHub/e-mail.
So my question is: do some people here have tips on how to get in touch with devs that have experience with Hugo?
A bit more information to give some context about our background:
In contrast to most websites/organizations these days we are a very security and privacy focused organization (as a side thing we try to stimulate/improve privacy and security in the world also) so we won’t use crappy frameworks, will minimize javascript, , won’t use css files where only 25% gets used, won’t do tracking (so also no CDN’s) etc. etc. This also changes the expertise we need a bit. With this exception, the rest is quite straight forward/simple html/css/go/md/a bit of js.
We are really looking for some pointers on where to look for a match :-). If you have interest yourself, sent me a PM and I will sent you more information (functional design and stuff).
Try Tomango.co.uk web design agency, they even made it to Hugo Showcase page twice. Hearwell Insurance is their client that also got on Hugo showcases. Let us know how much they’ll quote you, I’m quite curious to know, haha.
We are a Web & Mobile Apps development company located at New Delhi, India. Besides, other technologies, we have good command on Hugo and have completed 2 sites using Hugo.
@Luna - First, just to let you know I’ve posted a link to this in our Slack where a bunch of developers hang out (not all Hugo folks, but people who are focused on static sites, etc).
If you don’t mind me asking, what does this mean?
Is there something inherent about CDNs that do tracking? We’re very security, etc. conscious, but I’m not familiar with any CDNs tracking people involuntarily. Again, just curious.
@Luna Yea I think you misunderstand what a CDN does. A CDN just puts a copy of your website’s static assets on servers all around the world, which speeds up how quickly your website will load to visitors regardless of their location. With Hugo the whole website will be static so the whole thing will be on the CDN.
It is primarily a performance optimization and it protects you from traffic surges. I don’t know any CDN’s that are tracking people. The only way this would happen is if you add a tracking script to your website, but that would be something you did not the CDN.
I was reading yesterday about some discussion at FOSDEM regarding public DNS (8.8.8.8, 1.1.1.1, 9.9.9.9) being able to track users, and as I was looking into it, came across some statement regarding CDNs themselves tracking users.
Looking into that, I came across this:
Not sure if this is just run-of-the-mill paranoia or not, but I thought I would put it out there. Even so, until yesterday I never even considered it…
I certainly am aware of what CDNs do . As mentioned briefly by RickCogley, a lot of CDNs unfortunately track users and some of them even sell the user data to others. Of course that’s bad from a privacy perspective, but it’s worse: loading external resources to your website (think of externally loaded css, javascript, fonts etc.) also isn’t desirable from a security perspective. And even if you think that you only host your own files on a CDN (instead of framework stuff), that’s not always the case: some CDN providers add their own code to you source before serving it to others. Tracking wise I would even argue that you have to mention these CDNs in your privacy statement (and if they profile/track users possibly even ask for consent before sending their data to third profiling parties) if you would like to conform to the GDPR.
Of course it al depends on your use case in combination with the attack surface you want to have, but since we are very privacy en security conscience we choose to not use these ‘free’ services . When in need of CDNs for performance reasons (which is very rare), we just host it ourselves on secure/hardened servers that don’t track users.
Also, as mentioned: you really shouldn’t use DNS providers that track (not all, but a lot of them track users). Having people use your DNS servers is the holy grail of user tracking and profiling based profits.
Thanks all for the suggestions! I’ll have a look at them later today.
Since I just found out about this yesterday, in my mind the jury is still out.
If anyone has any solid, trustable info about this topic, I would like to read it to learn more.
If you google or ddg “cdn gdpr” you can see a lot of statements from CDN players regarding this. So I imagine it is indeed “a thing”. For instance KeyCDN says they are not collecting individual info, yadayada.
I have not checked every CDN out there, but when looking quickly at the statement of two widely used ones:
“This type of service allows User Data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements”
“We collect End Users’ information when they use our Customers’ websites, web applications, and APIs. This information may include but is not limited to IP addresses, system configuration information, and other information about traffic to and from Customers’ websites”
And when I search for more policies it doesn’t get any better. But nice that you use one that doesn’t track users (KeyCDN) :).
edit: by the way, it wasn’t my intention to start a whole discussion about passive tracking (sorry if I contributed to starting it). I’m still curious to more pointers to Hugo developers! It’s not that I don’t like talking about privacy/security (both my job and hobby), but it’s slightly offtopic . That being said, if that isn’t a problem here then continue by all means.
Well I’ve been quietly looking at this topic and yes I agree that the discussion about passive tracking is OT in the forum but I just want to point out that this past week a widely used service with its own CDN aimed at JAMstack projects changed its Terms & Conditions.
Among the new terms I made note of the following:
shall have the right to collect and analyze data and other information relating to the provision, use and performance of various aspects of the Services and related systems.
will use such data to administer, improve and develop its products and services, including the Services;
may share aggregated information and non-identifying information with third parties.
So I suppose that unless someone is willing to become a fully fledged Server Administrator, one can really have no control over what these services do with user data whenever terms and conditions get updated.
But back on topic @Luna this forum is the place par excellence to find Hugo Developers and if anyone is interested I suppose that they will send you a message.
Very interesting. Thanks, @Luna and the others. I think there are ways to mitigate attack vectors without giving up the benefits of modern tooling and CDNs. Subresource Integreity, DNSSec, etc. But at any rate, I don’t want to further veer the thread off topic. Thanks again!
Any website or organization that isn’t security and privacy focused is not going to be around much longer!
JavaScript minimization/obfuscation is totally understandable. I hope you realize that it won’t totally prevent security breaches. You can do a lot of damage in the browser’s developer tools if you don’t protect your backend as well as your frontend.
CSS bloat isn’t a security/privacy issue, but I agree that it’s a big problem these days. Nothing in Hugo innately causes CSS bloat, but unsophisticated use of themes can lead to it.
CDNs have to be chosen with care.
I don’t think that this changes the expertise you need, but I don’t see a lot of Hugo contract developers out there. You may have to find a good web-oriented developer and let him or her learn Hugo.
@Luna Sorry. This thread has veered off the topic and I am closing it.
@anon8675309 May I suggest that you raise your security concerns regarding Hugo directly in the Hugo GitHub issue tracker, instead of the forum. Thank you.
. As mentioned briefly by RickCogley, a lot of CDNs unfortunately track users and some of them even sell the user data to others. Of course that’s bad from a privacy perspective, but it’s worse: loading external resources to your website (think of externally loaded css, javascript, fonts etc.) also isn’t desirable from a security perspective. And even if you think that you only host your own files on a CDN (instead of framework stuff), that’s not always the case: some CDN providers add their own code to you source before serving it to others. Tracking wise I would even argue that you have to mention these CDNs in your privacy statement (and if they profile/track users possibly even ask for consent before sending their data to third profiling parties) if you would like to conform to the GDPR.
. When in need of CDNs for performance reasons (which is very rare), we just host it ourselves on secure/hardened servers that don’t track users.
. That being said, if that isn’t a problem here then continue by all means.