Privacy Icon

Privacy

66 Stories
All Topics

Apple appleinsider.com

How Apple could kill CAPTCHAs

AppleInsider explains Apple’s new Private Access Tokens (PAT) tech announced at WWDC:

Using a new HTTP authentication method called PrivateToken, a server uses cryptography to verify a client passed an iCloud attestation check.

When the client needs a token it contacts an attester — in this case, Apple — which performs the process using certificates stored in the device’s Secure Enclave.

I’ve been waiting for someone to kill CAPTCHAs for us, but this will be an Apple-only solution for now:

The company is working to help make Private Access Tokens a web standard, but there is no mention of tokens working on Android or Windows. People on those platforms may have to put up with CAPTCHAs, for now — or wait for Microsoft’s and Google’s work on the matter.

I believe this is the draft of the standard that they’re referring to. Cloudflare also has a nice article on their work in this space.

Fonts fonts.bunny.net

A GDPR compliant drop-in replacement for Google Fonts

Bunny Fonts is an open-source, privacy-first web font platform designed to put privacy back into the internet.

With a zero-tracking and no-logging policy, Bunny Fonts helps you stay fully GDPR compliant and puts your user’s personal data into their own hands. Additionally, you can enjoy lightning-fast load times thanks to bunny.net’s global CDN network to help improve SEO and deliver a better user experience.

All font in the collection are fully open source, which means you can use them without fees even in commercial offerings.

Kev Quirk kevq.uk

Is DuckDuckGo, DuckDuckDone?

Kev Quirk:

DuckDuckGo, the privacy centric search firm have been found to be allowing Microsoft trackers through their browser. It’s dishonest, and I’m really disappointed.

Noteworthy: this is the DDG browser, which I’ve never used. Not the search engine. But still, this is concerning like Kev says:

DuckDuckGo tout themselves as being highly transparent and privacy respecting in everything they do. So to discover that they have been keeping this tidbit of information from their users — one that goes against the very fibre of the company — is a little concerning for me.

Martin Heinz martinheinz.dev

Why and how you should leave Google Analytics

With the recent events relating to Google Analytics platform, it’s becoming very clear that the time has come for many of us to migrate from Google Analytics to different platforms.

In this article we will go over both the “Why?”, so that you can make an informed decision whether you need to migrate of not, as well as the “How?” of migrating from Google Analytics - that is, quickly and easily taking your data and moving to different analytics platform without too much hassle.

Brave brave.com

Brave amps up privacy by cutting out AMP

Brave is rolling out a new feature called De-AMP, which allows Brave users to bypass Google-hosted AMP pages, and instead visit the content’s publisher directly. AMP harms users’ privacy, security and internet experience, and just as bad, AMP helps Google further monopolize and control the direction of the Web.

The Brave team is really doubling down on privacy and security. I don’t think that strategy would’ve won users a few years ago, but in 2022 and beyond…

Privacy github.com

A self-hosted, ad-free, privacy-respecting metasearch engine

Get Google search results, but without any ads, javascript, AMP links, cookies, or IP address tracking. Easily deployable in one click as a Docker app, and customizable with a single config file. Quick and simple to implement as a primary search engine replacement on both desktop and mobile.

Includes quick deployment to Heroku, Replit, and Fly. Or you can run it locally, of course via standard Python tooling or Docker.

Henrik Fricke indiepen.tech

Indiepen – a privacy-friendly solution to present your code to people

Henrik Fricke:

Indiepen lets you embed HTML, CSS, and JS code examples on a website. We built it because we wanted to embed code examples on our blog, but many existing solutions set cookies, have a ton of features or just come with a bad performance.

😎 No cookies, no tracking, no external requests
⚡️ Small footprint with less than 20 KB
❤️ Features built for everyone

Congrats, Henrik, on shipping your first open source project! 👏

Zach Bloomquist zach.bloomqu.ist

Reliable, deliverable, self-hosted email

This sounds too good to be true, because it kind of is. There is no escaping the cloud (because of email trust) or the requirement of sysadmin’ing this setup (sending/receiving email is critical). If you slack on the details or upkeep, it’s your email.

I have been on an ongoing quest to free myself from cloud services for years now. During this time, I have hosted my personal email (@bloomqu.ist) on a Google Apps G Suite Google Workspace account, which, while convenient, also means that my personal emails are at the whims of one of the world’s most privacy-hostile companies.

Don’t get me wrong – what Zach shared is quite possible, but it’s still too time consuming and difficult to host your own email. It’s untenable long-term. There’s a billion dollar business there waiting for someone to seriously compete with Google on email, and not be evil. Fastmail comes to mind. I could be wrong, but I would characterize them as being an alternative, not seriously competing with Google.

Brave brave.com

Brave adds a privacy-focused search engine (beta)

Brave Search has some similarities to DDG (which has been my default for a couple years now), but it’s different in that it builds its own index vs relying on Bing and Yandex. Brave’s principles:

  1. Privacy: no tracking or profiling of users.
  2. User-first: the user comes first, not the advertising and data industries.
  3. Independence: Brave has its own search index for answering common queries privately without reliance on other providers.
  4. Choice: soon, options for ad-free paid search and ad-supported search.
  5. Transparency: no secret methods or algorithms to bias results, and soon, community-curated open ranking models to ensure diversity and prevent algorithmic biases and outright censorship.
  6. Seamlessness: best-in-class integration between the browser and search without compromising privacy, from personalization to instant results as the user types.
  7. Openness: Brave Search will soon be available to power other search engines.

If those resonate with you, it’s worth a try. Not a Brave Browser user? You can still use search.brave.com.

Marko Živanović markozivanovic.com

Screw it, I'll host it myself

Marko Zivanovic has had enough of letting other people own his data:

Owning your data is more than just having backup copies of your digital information. It’s also about control and privacy. It’s about trust. I don’t know about you, but I don’t trust a lot of services with my data (the ones I do are few and far between).

How does he replace all those hosted services?

I created a simple diagram to roughly show how my personal setup works. Before you say anything – I’m aware that there’s a group of people that wouldn’t consider my self-hosting as pure self-hosting. I’m using Vultr to host my web-facing applications and not a server in my house. Unfortunately, the current situation doesn’t allow me to do that (yet).

This all looks like a lot of work to pull off, but maybe it’s worth it?

Screw it, I'll host it myself

EFF Icon EFF

Am I FLoCed?

The EFF launched a new site you can use to see if your Chrome install is one that Google is testing FLoC on.

Google is running a Chrome “origin trial” to test out an experimental new tracking feature called Federated Learning of Cohorts (aka “FLoC”). According to Google, the trial currently affects 0.5% of users in selected regions, including Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the United States.

They also do a nice job describing exactly what FLoC is and what it might mean regarding your privacy online.

The Register Icon The Register

Brave buys a search engine, promises no tracking, no profiling

Smart move by Brendan Eich and the Brave team:

Brave Search, the company insists, will respect people’s privacy by not tracking or profiling those using the service. And it may even offer a way to end the debate about search engine bias by turning search result output over to a community-run filtering system called Goggles.

The service will, eventually, be available as a paid option – for those who want to pay for search results without ads – though its more common incarnation is likely to be ad-supported, in conjunction with Brave Ads.

Privacy as a first-class feature continues to trend up! 📈

Mozilla Icon Mozilla

Firefox 85 cracks down on supercookies

supercookies can be used in place of ordinary cookies to store user identifiers, but they are much more difficult to delete and block. This makes it nearly impossible for users to protect their privacy as they browse the web. Over the years, trackers have been found storing user identifiers as supercookies in increasingly obscure parts of the browser, including in Flash storage, ETags, and HSTS flags.

To hell with these trackers and the tech they rode in on.

In Firefox 85, we’re introducing a fundamental change in the browser’s network architecture to make all of our users safer: we now partition network connections and caches by the website being visited. Trackers can abuse caches to create supercookies and can use connection identifiers to track users. But by isolating caches and network connections to the website they were created on, we make them useless for cross-site tracking.

You gotta love it 🍻

Marko Saric plausible.io

Plausible Analytics is ready for self-hosting 👏

Listeners of The Changelog have already heard Plausible’s story. On that show we talked about self-hosting and how that was something the team was interested in, but hadn’t gotten around to it yet.

Well, now they’ve gotten around to it.

We started developing Plausible early last year, launched our SaaS business and you can now self-host Plausible on your server too! The project is battle-tested running on more than 5,000 sites and we’ve counted 180 million page views in the last three months.

Electron github.com

An open source YouTube app for privacy

FreeTube is an open source desktop YouTube player built with privacy in mind. Use YouTube without advertisements and prevent Google from tracking you with their cookies and JavaScript. Available for Windows, Mac & Linux thanks to Electron.

They also provide browser extensions for Firefox and Chrome so you can click links to YouTube videos in your browser and they’ll open in FreeTube.

Marko Saric markosaric.com

Only 9% of visitors give GDPR consent to be tracked

Marko Saric, who you may remember as the only content marketer we’ve met who runs Linux:

Most GDPR consent banner implementations are deliberately engineered to be difficult to use and are full of dark patterns that are illegal according to the law.

I wanted to find out how many visitors would engage with a GDPR banner if it were implemented properly (not obtrusive, easy way to say “no” etc) and how many would grant consent to their information being collected and shared.

0:00 / 0:00