Following up on our awesome episode of The Changelog with Algo creator Dan Guido, I thought I’d kick the tires on this Ansible-based, self-hosted VPN solution to see what it’s like to actually set it up and configure my phone to use it. This is my first video of this kind. I’d love to know what you think! How can I do this better? Do you want moar like this? Keep my day job? What?!
GoatCounter is a web analytics platform, roughly similar to Google Analytics or Matomo. It aims to give meaningful privacy-friendly web analytics for business purposes, while still staying usable for non-technical users to use on personal websites. The choices that currently exist are between freely hosted but with problematic privacy (e.g. Google Analytics), hosting your own complex software or paying $19/month (e.g. Matomo), or extremely simplistic “vanity statistics”.
If you’re concerned with the amount of data Google has on you, this list of alternative browsers, web apps, operating systems, and hardware may help you ween yourself from the company. Looking at this list, it’s amazing just how much value Google offers in trade for our data. A note from the author:
It’s a shame that Google, with their immense resources, power, and influence, don’t see the benefits of helping people secure themselves online. Instead, they force people like us to scour the web for alternatives and convince our friends and family to do the same, while they sell off our data to the highest bidder.
A fun, quick dive into Facebook’s tracking pixel and how it does its thing:
I think it’s fun to see how cookies / tracking pixels are used to track you in practice, even if it’s kinda creepy! I sort of knew how this worked before but I’d never actually looked at the cookies on a tracking pixel myself or what kind of information it was sending in its query parameters exactly.
Creepy, indeed. Our browsers are the last line of defense against such creepiness. Choose yours wisely.
Run it on a Raspberry Pi or any other local server. Try the online demo to see what all it’s capable of.
Certbot was first released in 2015, and since then it has helped more than two million website administrators enable HTTPS by automatically deploying Let’s Encrypt certificates. Let’s Encrypt is a free certificate authority that EFF helped launch in 2015, now run for the public’s benefit through the Internet Security Research Group (ISRG).
A lot of progress has been made since we first talked about Let’s Encrypt on The Changelog.
Watch out! If you start reading this paper you could be lost for hours following all the interesting links and ideas, and end up even more dissatisfied than you already are with the state of software today. You might also be inspired to help work towards a better future. I’m all in :).
I co-sign that sentiment. When the author says “this paper” they are referring to this paper which they are about to summarize. If you haven’t considered local-first software before, you should know that there are seven key properties to it, which are described in detail in the paper and in brief in the summary.
The RadVPN doesn’t need any central point as it connects to other nodes directly (full mesh) it has built-in router that helps packets to route to the appropriate destinations.
Linux only at the moment.
Algo automatically deploys an on-demand VPN service in the cloud that is not shared with other users, relies on only modern protocols and ciphers, and includes only the minimal software you need. And it’s free.
For anyone who is privacy conscious, travels for work frequently, or can’t afford a dedicated IT department, this one’s for you.
Algo’s list of features (and anti-features) is compelling and most VPN services are terrible. 👀
Works out of the box. No lousy documentation to read. No configuration file. No post-configuration. Run a single-line command on the server, a similar one on the client and you’re done. No firewall and routing rules to manually mess with.
This looks like a nice alternative to the many vpn-as-a-service offerings out there if you’re up for hosting it yourself.
Cory Doctorow, writing for EFF about the history and present of adblocking:
The rise and rise of ad-blockers (and ad-blocker-blocker-blockers) is without parallel: 26% of Internet users are now blocking ads, and the figure is rising. It’s been called the biggest boycott in human history. It’s also something we’ve seen before, in the earliest days of the Web, when pop-up ads ruled the world (wide web), and users went to war against them.
Fascinating. I’d never heard of adversarial interoperability before.
Those sneaky Mozillians are up to no good with their new tool to confound advertisers:
Let us open 100 tabs of pure madness to fool trackers into thinking you’re someone else.
In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they’re offline, allowing nearby Apple devices to relay their location to the cloud… it turns out that Apple’s elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.
WIRED with a fascinating explanation of an utterly fascinating scheme.
According Darrell Etherington writing for TechCrunch, “Apple is now the privacy-as-a-service company.” Just look at that larger-than-life billboard-style ad and apple.com/privacy.
What happens on your iPhone, stays on your iPhone.
Run a secure DoT (DNS-over-TLS) and DoH (DNS-over-HTTPS) DNS server that can do ad blocking and hide your DNS query from your ISP.
The report focuses on 5 questions about the internet.
- Is it safe?
- How open is it?
- Who is welcome?
- Who can succeed?
- Who controls it?
The answer is complicated, and the report doesn’t make any particular conclusions so much as share a series of research & stories about each topic. Includes some fascinating looks at what’s going on in AI, inclusive design, open source, decentralization and more.
Brave has launched its “built on privacy” advertising platform that will give you 70% of the ad revenue share as a reward for your attention. I’m particularly interested in the opt-in nature of this platform as well as their promise of privacy and security.
Starting today, users of Brave’s latest release of the desktop browser for macOS, Windows, and Linux can choose to view privacy-preserving Brave Ads by opting into Brave Rewards. These users will receive 70% of the ad revenue share as a reward for their attention…
Brave Ads also provides brands with direct opportunities to highlight offers and engage with users as they browse the web. Since Brave Ads are opt-in, brands know with certainty that when their campaigns run with Brave, their ads are viewed by people who welcome advertising. Brave’s anonymous-but-accountable campaigns ensure that advertisers are connecting with the users they are seeking, removing the excessive costs, privacy, security, and fraud risks currently associated with middlemen in digital advertising.
For all our #applenerds out there — a key feature in iPhone has Mozilla worried. According to Ashley Boyd, VP of Advocacy at Mozilla, this key feature is making “their latest slogan ring a bit hollow.”
Each iPhone that Apple sells comes with a unique ID (called an “identifier for advertisers” or IDFA), which lets advertisers track the actions users take when they use apps. It’s like a salesperson following you from store to store while you shop and recording each thing you look at. Not very private at all.
You can turn the feature off, but “most people don’t know that feature even exists.” Mozilla has an idea of “privacy by default” though…
Switching away from Disqus reduced my page weight by over 10x and my network requests by over 6x. Disqus is bloated and sells your data - there are much better alternatives out there.
Disqus has been the de facto comment engine used for dev blogging (especially for SSGs) for years. I’m happy to learn there are less bloated and privacy-focused alternatives out there.
Google Analytics runs on over 56% of all websites. It’s the backbone of ad-tech across the web. Unfortunately, for site owners like me who just want to learn how people are using their website—while respecting their privacy—there simply aren’t any alternatives that meet all my requirements. So in two days, after a couple dead-ends, I built my own using React, AWS Lambda, and a spreadsheet. This is how.
It’s somewhat ironic that the datastore for this project is Google Sheets. That aside, this is a well-done effort and one that I wouldn’t mind adapting for use around these parts.
Called “letterboxing,” this new technique adds “gray spaces” to the sides of a web page when the user resizes the browser window, which are then gradually removed after the window resize operation has finished.
This appears to be a major win for privacy advocates. It also seems like a chink in the armor of Chrome’s dominance, given that many people have lost trust in its privacy model.
The irony here is that the site we’re linking to for this story is FULL of display ads. The web and mobile web for content sites, blogs, and the like tend to borderline on a confusing and/or terrible experience because of ads, modals, takeover screens, content that seems like content but is just content in disguise…then, THEN…the retargeting. I can see why Apple, with their focus on the users privacy, that this feature is a Safari thing and being lead by Apple.
The feature—blandly dubbed “Intelligent Tracking Prevention,” or “ITP 2”— is the second major iteration of its anti-tracking tool, which was first introduced last year. The update prevents marketers from targeting Safari users across the web. For example, someone who visits Nike’s website can’t be targeted elsewhere on the web, such as Google search or the New York Times website.
I’m all for websites finding ways to make money from smart relationships, partnerships, and “ads,” but they must be delivered in well-mannered and tasteful ways that does not objectify the reader or their privacy.
In the documents that define how the Web works, a browser is called a user agent. It’s supposed to be the thing that acts on your behalf in cyberspace. If the massive data collection appetite of Google’s advertising- and tracking-based business model are incentivizing Chrome to act in Google’s best interest instead of yours, that’s a big problem—one that consumers and regulators should not ignore.
It’s no surprise that privacy-focused browser alternatives are gaining ground in the quest to be your user agent. This coming week, we’re sitting down with Brave’s CTO for what should turn out to be a fascinating episode of The Changelog. Stay tuned for that.
Here is Gruber’s take…
Hill: Facebook, are you doing this terrible thing?
Facebook: No, we don’t do that.
Hill, months later: Here’s academic research that shows you do this terrible thing.
Facebook: Yes, of course we do that.
I agree with Gruber on Facebook being a morally criminal enterprise. Also, I try to avoid Facebook, aside from my wife’s usage, at all costs. I’m even leery of Instagram, which is sad because one of my professional hobbies is photography. Gruber says:
At this point I consider Facebook a criminal enterprise. Maybe not legally, but morally. How in the above scenario is Facebook not stealing Ben’s privacy?
Modifications to Google Chromium for removing Google integration and enhancing privacy, control, and transparency
For those of us who love Chrome too much to leave it, but would prefer not have Google all up in our browser. By the way, now is a pretty good time to give Brave and/or Firefox a spin, if you haven’t recently.