Notebook (Posts about privacy)/categories/privacy.atom2019-05-05T21:20:57ZToni MüllerNikola(Hidden) Tracking At All Costs?/posts/hidden_tracking_at_all_costs/2013-09-09T09:33:00+02:002013-09-09T09:33:00+02:00Toni Mueller<div><p>Today, I was once more aggravated when viewing something on <code>github.com</code>, as the avatar icons for the individual users were not being displayed. It turns out that <code>github</code> has reworked their system to display such avatar icons to go to <code>gravatar.com</code>, a popular service for such purposes. The following short essay applies not only to github, which is merely taken as an example, but to other web services as well, and gives ideas about how to produce an alternative design without these problems.</p>
<p>This is, in itself, a bad move, since it turns gravatar into a massive tracking database, much like the ones at <code>doubleclick.net</code> or other advertising agencies, only with an emphasis on techie websites. That this move, and supporting this kind of tracking, was intentional, is also underlined by the fact that the actual icons are <strong>not</strong> delivered by gravatar, but by github, by redirecting to the following URL:</p>
<pre class="code literal-block"><span></span>https://identicons.github.com
</pre>
<p>So in effect, github does deliver all their icons below, but only makes a "detour" to gravatar to give them the ability to collect tracking data.</p>
<p>Apart from the profile-building property of this arrangement, this idea does also look quite dubious from a usability perspective:</p>
<ul>
<li>It involves one more service, thus reducing the availability of the overall service.</li>
<li>It results in at least two more web requests, even HTTPS, per icon, introducing a noticable delay from the user's perspective, plus additional data transfer.</li>
<li>By the same token, it involves both more CPU load on the server side, as well as on the user side.</li>
</ul>
<p>Using Firebug, I determined that the added delay for my notification page roughly varies between 1s for the fastest, and 2.5s for the last few requests, in overall page loading time. I dimly remember that conventional wisdom demands response times well under 1 second for a page to have acceptable performance. Firebug also showed that the individual icon requests were usually being processed in 1 second or under.</p>
<p>Now the questions are: Why would you introduce such delays into your website, especially if it involves added cost for everyone, without user-visible benefits? What are the hidden benefits of such a measure?</p></div>The Case Against Google Chrome/posts/the_case_against_google_chrome/2011-08-25T16:16:00+02:002011-08-25T16:16:00+02:00Toni Mueller<div><p>There are two web browsers, based on the Google Chrome codebase:</p>
<ul>
<li>Google Chrome (of course)</li>
<li>Chromium</li>
</ul>
<p>The latter is a free-software-only version of Google Chrome, having
the spyware features of the original Google Chrome ripped out, and
that can be eg. installed in Debian using apt-get.</p>
<p>Today, I wanted to try the extensions, since the original browser is
suitable for not much more than simply looking at a web page. But if
you want any kind of extensions, like eg. maybe <em>AdBlock</em>, or the
<em>SpeedMeter</em>, or the <em>SessionManager</em>, or whatever else would benefit
you as a user, you immediately find yourself locked out of Google's
Webstore. By the way... the name is already giving away what the
problem really is: Google, like about any other vendor I am aware of,
wants to reduce <strong>you</strong> to a user, and cut down on <strong>your abilities</strong>
to create, or use the software in ways you deem fit, instead of only
ways <strong>they</strong> deem fit. So, there is eg. no simple way to download the
extension to your hard disk drive, maybe for later digestion - no, you
can, at best, install the extension online, into your current
profile. And if you somehow lose that, you get to try again. So they
can not only track every move of you, they can also manage the
availability of their extensions to you as they choose. Like eg. Ad
sales going down? Poof, no more AdBlock for you.</p>
<p>This way, you sell out your freedom and your privacy in the same way
to Google than you probably did before, to Microsoft and Apple, and a
plethora of other companies.</p>
<p>Now my question to you is: <strong>Are you prepared to accept that, and if so, why?</strong></p></div>