ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers.
This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet, which is regularly updated by us and can be found here.
A solid primer on using
openssl to encrypt all the things, which in this day and age is a skill that shoiuld be taught in secondary school right alongside how to bake a cake and change a tire.
Marko Zivanovic has had enough of letting other people own his data:
Owning your data is more than just having backup copies of your digital information. It’s also about control and privacy. It’s about trust. I don’t know about you, but I don’t trust a lot of services with my data (the ones I do are few and far between).
How does he replace all those hosted services?
I created a simple diagram to roughly show how my personal setup works. Before you say anything – I’m aware that there’s a group of people that wouldn’t consider my self-hosting as pure self-hosting. I’m using Vultr to host my web-facing applications and not a server in my house. Unfortunately, the current situation doesn’t allow me to do that (yet).
This all looks like a lot of work to pull off, but maybe it’s worth it?
The EFF launched a new site you can use to see if your Chrome install is one that Google is testing FLoC on.
Google is running a Chrome “origin trial” to test out an experimental new tracking feature called Federated Learning of Cohorts (aka “FLoC”). According to Google, the trial currently affects 0.5% of users in selected regions, including Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the United States.
They also do a nice job describing exactly what FLoC is and what it might mean regarding your privacy online.
Smart move by Brendan Eich and the Brave team:
Brave Search, the company insists, will respect people’s privacy by not tracking or profiling those using the service. And it may even offer a way to end the debate about search engine bias by turning search result output over to a community-run filtering system called Goggles.
The service will, eventually, be available as a paid option – for those who want to pay for search results without ads – though its more common incarnation is likely to be ad-supported, in conjunction with Brave Ads.
Privacy as a first-class feature continues to trend up! 📈
Today we are pleased to announce Total Cookie Protection, a major privacy advance in Firefox built into ETP Strict Mode. Total Cookie Protection confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site.
You gotta love to see it. 👏
supercookies can be used in place of ordinary cookies to store user identifiers, but they are much more difficult to delete and block. This makes it nearly impossible for users to protect their privacy as they browse the web. Over the years, trackers have been found storing user identifiers as supercookies in increasingly obscure parts of the browser, including in Flash storage, ETags, and HSTS flags.
To hell with these trackers and the tech they rode in on.
In Firefox 85, we’re introducing a fundamental change in the browser’s network architecture to make all of our users safer: we now partition network connections and caches by the website being visited. Trackers can abuse caches to create supercookies and can use connection identifiers to track users. But by isolating caches and network connections to the website they were created on, we make them useless for cross-site tracking.
You gotta love it 🍻
Listeners of The Changelog have already heard Plausible’s story. On that show we talked about self-hosting and how that was something the team was interested in, but hadn’t gotten around to it yet.
Well, now they’ve gotten around to it.
We started developing Plausible early last year, launched our SaaS business and you can now self-host Plausible on your server too! The project is battle-tested running on more than 5,000 sites and we’ve counted 180 million page views in the last three months.
Marko Saric, who you may remember as the only content marketer we’ve met who runs Linux:
Most GDPR consent banner implementations are deliberately engineered to be difficult to use and are full of dark patterns that are illegal according to the law.
I wanted to find out how many visitors would engage with a GDPR banner if it were implemented properly (not obtrusive, easy way to say “no” etc) and how many would grant consent to their information being collected and shared.
Turns out DDG has been using a favicon proxy since 2018 that effectively sends all websites users visit in the app to their servers. This was first reported a year ago and shrugged off (and closed) by them because they aren’t keeping any of those requests.
The issue sat dormant until it resurfaced yesterday when many other users stated their concern with the naive server-side implementation:
Yes, we already trust DDG, but only because we have to trust someone and others have proved to be untrustworthy. The issue isn’t about whether the user trusts DDG, it’s about minimizing the need for trust and maximizing the ability to verify privacy. Please consider reopening this issue. – svenssonaxel
It was suggested that this feature could/should be handled on-device and this comment on Hacker News points to Mozilla’s open source implementation that does just that. Finally, DDG’s CEO Gabriel Weinberg woke up (literally) and committed to changing the implementation.
All’s well that ends well?
I’m pretty sure that, given the state of the world and the focus on Zoom right now, they will rectify this, but until then…“the only feature of Zoom that does appear to be end-to-end encrypted is in-meeting text chat.”
“They’re a little bit fuzzy about what’s end-to-end encrypted,” Green said of Zoom. “I think they’re doing this in a slightly dishonest way. It would be nice if they just came clean.”
Without end-to-end encryption, Zoom has the technical ability to spy on private video meetings and could be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests.
Have you ever posted an image on the public internet and thought, “What if someone used this for something?” Thomas Smith did and what he discovered about Clearview AI is disturbing…
Someone really has been monitoring nearly everything you post to the public internet. And they genuinely are doing “something” with it.
The someone is Clearview AI. And the something is this: building a detailed profile about you from the photos you post online, making it searchable using only your face, and then selling it to government agencies and police departments who use it to help track you, identify your face in a crowd, and investigate you — even if you’ve been accused of no crime.
I realize that this sounds like a bunch of conspiracy theory baloney. But it’s not. Clearview AI’s tech is very real, and it’s already in use.
How do I know? Because Clearview has a profile on me. And today I got my hands on it.
Instead of blocking ads & trackers at the device level, Pi-hole is a DNS sinkhole that gets the job done at the network level. One benefit of this (in addition to ease of use) is that it can block content in non-browser locations like mobile apps and the like.
Easy to use, self hosted, no tracking, just photos.
We like to take photos and share them. Problem is it’s hard to really own your photos and how they’re represented across social media these days, so we set out to make a place for them. You host it yourself, wherever you want (Netlify, Github Pages…), you’re in control.
Following up on our awesome episode of The Changelog with Algo creator Dan Guido, I thought I’d kick the tires on this Ansible-based, self-hosted VPN solution to see what it’s like to actually set it up and configure my phone to use it. This is my first video of this kind. I’d love to know what you think! How can I do this better? Do you want moar like this? Keep my day job? What?!
The commercial VPN industry is a minefield to navigate and many open source solutions are a pain to use or ill-suited for the task. Algo VPN, on the other hand, is a self-hosted personal VPN designed for ease of deployment and security. It uses the securest industry standards, builds on rock-solid solutions like WireGuard and Ansible, and runs on an ever-growing list of cloud hosting providers.
On this episode Dan Guido –CEO of security firm Trail of Bits and Algo’s creator– joins Jerod to discuss the project in depth.
GoatCounter is a web analytics platform, roughly similar to Google Analytics or Matomo. It aims to give meaningful privacy-friendly web analytics for business purposes, while still staying usable for non-technical users to use on personal websites. The choices that currently exist are between freely hosted but with problematic privacy (e.g. Google Analytics), hosting your own complex software or paying $19/month (e.g. Matomo), or extremely simplistic “vanity statistics”.
If you’re concerned with the amount of data Google has on you, this list of alternative browsers, web apps, operating systems, and hardware may help you ween yourself from the company. Looking at this list, it’s amazing just how much value Google offers in trade for our data. A note from the author:
It’s a shame that Google, with their immense resources, power, and influence, don’t see the benefits of helping people secure themselves online. Instead, they force people like us to scour the web for alternatives and convince our friends and family to do the same, while they sell off our data to the highest bidder.
A fun, quick dive into Facebook’s tracking pixel and how it does its thing:
I think it’s fun to see how cookies / tracking pixels are used to track you in practice, even if it’s kinda creepy! I sort of knew how this worked before but I’d never actually looked at the cookies on a tracking pixel myself or what kind of information it was sending in its query parameters exactly.
Creepy, indeed. Our browsers are the last line of defense against such creepiness. Choose yours wisely.
Run it on a Raspberry Pi or any other local server. Try the online demo to see what all it’s capable of.
Certbot was first released in 2015, and since then it has helped more than two million website administrators enable HTTPS by automatically deploying Let’s Encrypt certificates. Let’s Encrypt is a free certificate authority that EFF helped launch in 2015, now run for the public’s benefit through the Internet Security Research Group (ISRG).
A lot of progress has been made since we first talked about Let’s Encrypt on The Changelog.