The End of Trust

golinux · 2018-12-04 02:27:46

For your reading pleasure:

https://www.eff.org/the-end-of-trust

Most of it is familiar but I did discover something that I didn't know. Tucked away in the sidebar on page 226 is this interesting factoid:

"The website freedom-to-tinker.com, hosted by Princeton’s
Center for Information Technology Policy, published a study
highlighting a particularly invasive data-mining software
called “session replay scripts” that are being used by an
increasing number of websites. According to the study, session
replay scripts “record your keystrokes, mouse movements,
and scrolling behavior, along with the entire contents of the
pages you visit.” Unlike most third-party analytics services,
which provide aggregate statistics of your searches and the
pages you visit, session replay scripts actually record your
individual browsing session in its entirety, “as if someone is
looking over your shoulder”.
The study lists tens of thousands of websites that were
either found recording users’ browsing sessions or have the
capability to do so. Among the big-name sites are xfinity.com,
windows.com, texas.gov, petco.com, and fandango.com. The
following sites were also found on that list."
—Landon Bates

Here are links to the study and full list:

https://freedom-to-tinker.com/2017/11/1 … y-scripts/

https://webtransparency.cs.princeton.ed … sites.html

It just keeps getting worse and worse . . .

siva · 2018-12-04 13:22:07

I saw that, too. I found that sensible filtering practices can block (or at least mitigate) this kind of tracking:

https://www.ghacks.net/2017/11/24/how-t … -tracking/

You can use a browser extension like NoScript, uBlock Origin or uMatrix to block these scripts from being loaded on sites you visit. This protection works only if you don't allow the scripts to run on sites you visit though, so keep that in mind.

I'll bet w3m doesn't have these issues

P.S. Something else I found interesting on the Princeton site, our friends at Google and Amazon don't have any of these listed. I also appreciated the irony that a Javascript-based filter is used. (If you disable scripts, it'll fallback to a simple list of all the notorious sites.)

Last edited by siva (2018-12-04 18:00:44)

MysticLord · 2019-02-24 21:10:33

Is there a way to dis/enable subsets of JavaScript for certain pages/domains/whatever? Is there a modular js engine that does this? Because sometimes you need certain things, most of the time you need a smaller set.

Like, image a hierarchy of js things where the bottom is the largest safe set, and the ones above it are progressively less safe, and you can white/blacklist any combination of them. Maybe I'm nuts but that is how I would write a JavaScript engine and integrate it into a web browser.

There would be categories within each step of the hierarchy for things that are unsafe in the same amount but different ways.

Really what's needed is a modular browser where you can drop in every concievable piece of a browser.

Last edited by MysticLord (2019-02-24 21:23:32)

imhigh.today · 2019-02-28 22:03:10

I'm disturbed that GitLab is on that list.

golinux · 2019-02-28 22:34:18

imhigh.today wrote:

I'm disturbed that GitLab is on that list.

FYI . . . the Devuan team is looking at alternative options to gitlab.

siva · 2019-03-05 13:47:27

golinux wrote:

imhigh.today wrote:
I'm disturbed that GitLab is on that list.
FYI . . . the Devuan team is looking at alternative options to gitlab.

Any progress?

golinux · 2019-03-05 16:29:34

@siva . . . Hello stranger! Nice to see you. We're looking at Gitea. It will hopefully be up for testing soon but then require extensive testing before the final decision is made.

jonaspm · 2019-03-05 18:39:46

How about https://codeberg.org/ ?

golinux · 2019-03-05 19:12:13

jonaspm wrote:

How about https://codeberg.org/ ?

Two red flags . . . more java script licenses than I can count on my 10 fingers and a rather strange ToS. Plus emojis . . . really? We want to minimize the web interface not expand it.

w3 · 2019-03-06 19:03:07

golinux wrote:

@siva . . . Hello stranger! Nice to see you. We're looking at Gitea. It will hopefully be up for testing soon but then require extensive testing before the final decision is made.

See Rocket Git

Git hosting solutions comparison

Last edited by w3 (2019-03-06 21:08:14)

bobemoe · 2020-03-13 17:23:03

Hey everyone. I just came to do a quick search for "gitea" as I've been using it extensively recently and remember Devuan was looking for git solutions, so thought I'd make sure you'd all heard of it and add my +1. This was the only thread with any real mention so I posted here. How did it go?

Interesting thread too +1 as well for uMatrix you get a lot more control than NoScript.

Also to note that Google Recatcha v3 looks like its doing this kind of session recording https://www.fastcompany.com/90369697/go … -dark-side

The officially official Devuan Forum!

#1 2018-12-04 02:27:46

The End of Trust

#2 2018-12-04 13:22:07

Re: The End of Trust

#3 2019-02-24 21:10:33

Re: The End of Trust

#4 2019-02-28 22:03:10

Re: The End of Trust

#5 2019-02-28 22:34:18

Re: The End of Trust

#6 2019-03-05 13:47:27

Re: The End of Trust

#7 2019-03-05 16:29:34

Re: The End of Trust

#8 2019-03-05 18:39:46

Re: The End of Trust

#9 2019-03-05 19:12:13

Re: The End of Trust

#10 2019-03-06 19:03:07

Re: The End of Trust

#11 2020-03-13 17:23:03

Re: The End of Trust

Board footer