The officially official Devuan Forum!

You are not logged in.

#1 2018-12-04 02:27:46

golinux
Administrator
Registered: 2016-11-25
Posts: 3,316  

The End of Trust

For your reading pleasure:

https://www.eff.org/the-end-of-trust

Most of it is familiar but I did discover something that I didn't know.  Tucked away in the sidebar on page 226 is this interesting factoid:

"The website freedom-to-tinker.com, hosted by Princeton’s
Center for Information Technology Policy, published a study
highlighting a particularly invasive data-mining software
called “session replay scripts” that are being used by an
increasing number of websites. According to the study, session
replay scripts “record your keystrokes, mouse movements,
and scrolling behavior, along with the entire contents of the
pages you visit.” Unlike most third-party analytics services,
which provide aggregate statistics of your searches and the
pages you visit, session replay scripts actually record your
individual browsing session in its entirety, “as if someone is
looking over your shoulder”.

The study lists tens of thousands of websites that were
either found recording users’ browsing sessions or have the
capability to do so. Among the big-name sites are xfinity.com,
windows.com, texas.gov, petco.com, and fandango.com. The
following sites were also found on that list."
—Landon Bates

Here are links to the study and full list:

https://freedom-to-tinker.com/2017/11/1 … y-scripts/

https://webtransparency.cs.princeton.ed … sites.html

It just keeps getting worse and worse . . .

Offline

#2 2018-12-04 13:22:07

siva
Member
Registered: 2018-01-25
Posts: 282  

Re: The End of Trust

I saw that, too.  I found that sensible filtering practices can block (or at least mitigate) this kind of tracking:

https://www.ghacks.net/2017/11/24/how-t … -tracking/

You can use a browser extension like NoScript, uBlock Origin or uMatrix to block these scripts from being loaded on sites you visit. This protection works only if you don't allow the scripts to run on sites you visit though, so keep that in mind.

I'll bet w3m doesn't have these issues wink

P.S. Something else I found interesting on the Princeton site, our friends at Google and Amazon don't have any of these listed.  I also appreciated the irony that a Javascript-based filter is used.  (If you disable scripts, it'll fallback to a simple list of all the notorious sites.)

Last edited by siva (2018-12-04 18:00:44)

Offline

#3 2019-02-24 21:10:33

MysticLord
Member
Registered: 2019-02-23
Posts: 27  

Re: The End of Trust

Is there a way to dis/enable subsets of JavaScript for certain pages/domains/whatever? Is there a modular js engine that does this? Because sometimes you need certain things, most of the time you need a smaller set.

Like, image a hierarchy of js things where the bottom is the largest safe set, and the ones above it are progressively less safe, and you can white/blacklist any combination of them. Maybe I'm nuts but that is how I would write a JavaScript engine and integrate it into a web browser.

There would be categories within each step of the hierarchy for things that are unsafe in the same amount but different ways.

Really what's needed is a modular browser where you can drop in every concievable piece of a browser.

Last edited by MysticLord (2019-02-24 21:23:32)

Offline

#4 2019-02-28 22:03:10

imhigh.today
Member
Registered: 2019-02-14
Posts: 6  
Website

Re: The End of Trust

I'm disturbed that GitLab is on that list. sad


---
Devuan Ceres | Ryzen 2400G | RX560 | 32GB RAM | Samsung 850 Pro

Offline

#5 2019-02-28 22:34:18

golinux
Administrator
Registered: 2016-11-25
Posts: 3,316  

Re: The End of Trust

imhigh.today wrote:

I'm disturbed that GitLab is on that list. sad

FYI . . . the Devuan team is looking at alternative options to gitlab.

Offline

#6 2019-03-05 13:47:27

siva
Member
Registered: 2018-01-25
Posts: 282  

Re: The End of Trust

golinux wrote:
imhigh.today wrote:

I'm disturbed that GitLab is on that list. sad

FYI . . . the Devuan team is looking at alternative options to gitlab.

Any progress?

Offline

#7 2019-03-05 16:29:34

golinux
Administrator
Registered: 2016-11-25
Posts: 3,316  

Re: The End of Trust

@siva . . . Hello stranger!  Nice to see you.  We're looking at Gitea.  It will hopefully be up for testing soon but then require extensive testing before the final decision is made.

Offline

#8 2019-03-05 18:39:46

jonaspm
Member
From: Mexico
Registered: 2018-01-20
Posts: 9  
Website

Re: The End of Trust

How about https://codeberg.org/ ?

Offline

#9 2019-03-05 19:12:13

golinux
Administrator
Registered: 2016-11-25
Posts: 3,316  

Re: The End of Trust

jonaspm wrote:

Two red flags . . . more java script licenses than I can count on my 10 fingers and a rather strange ToS. Plus emojis . . . really?  We want to minimize the web interface not expand it.

Offline

#10 2019-03-06 19:03:07

w3
Member
Registered: 2018-08-27
Posts: 21  

Re: The End of Trust

golinux wrote:

@siva . . . Hello stranger!  Nice to see you.  We're looking at Gitea.  It will hopefully be up for testing soon but then require extensive testing before the final decision is made.

See Rocket Git

Git hosting solutions comparison

Last edited by w3 (2019-03-06 21:08:14)

Offline

#11 2020-03-13 17:23:03

bobemoe
Member
From: UK
Registered: 2016-12-01
Posts: 30  

Re: The End of Trust

Hey everyone.  I just came to do a quick search for "gitea" as I've been using it extensively recently and remember Devuan was looking for git solutions, so thought I'd make sure you'd all heard of it and add my +1. This was the only thread with any real mention so I posted here. How did it go?

Interesting thread too wink +1 as well for uMatrix you get a lot more control than NoScript.

Also to note that Google Recatcha v3 looks like its doing this kind of session recording https://www.fastcompany.com/90369697/go … -dark-side

Offline

Board footer