Hi /tech/, it's been a while since the last thread about this project, so I thought I would make a new thread because I've been more active in editing the website, and I have more free time now.
The Online Spyware Watchdog is a website I have been working on, on and off for a while, you can visit it here:
Lately, the website has been getting a lot of traffic, a lot more than it was getting earlier, I think this is because a few weeks ago RMS created a page about why Discord is bad on his website linking to an article on the website: https://stallman.org/discord.html And then there was the controversy about Discord among /pol/ users which happened more recently which probably drove a lot of traffic to the site as well. The website has had almost 40k total hits when i'm writing this. So since a lot of people are looking at the site, I thought I would fix it up a little (I've been working on it more and adding new articles lately) and make a new thread for it.
You can read my earlier thread about this project here:
I didn't want to make the OP too big, so here is another post with some explanations of questions that I think would come up a lot in the thread:
>Wouldn't a wiki work better for this kind of website?
A wiki, or git, or something would work better, but at the scale that the website is updated (maybe a few outside contributions per week) it's not an issue. You would have to have someone reveiw your edits anyway, so it wouldn't make the site update faster.
>Your website looks like shit, change it
Sorry, I want to make it look better and i'm working towards that slowly. A lot of people have a lot of diffrent opinions on what the website should look like so I havent really changed the style of it much, I only recently fixed it up to use a global CSS file for the whole site. I'm not any kind of web developer, I only know the basics of HTML. I personally think that it looks OK, I agree that it could look better, but to me excessivley talking about the fonts and stuff kind of sounds like bikeshedding. (you can set up a custom user CSS file, right? I think some websites let you choose between certain "themes" with CSS ( but I dont know how to implement that yet) so maybe I will that in the future.
>Your website looks like shit, change it
tell them there face looks like shit, change it
Your site looks good to me
UI looks refreshing to me to be honest.
((("""User friendly"""))) and/or mobile friendly UI is one of many modern cancers of the internet. Maybe change the background to a solid one and that's it, don't waste effort on it
They're probably shitposters or autists bitching because it looks like something from 1994. If you're gonna be the one solely updating this website, then just use what works.
Since you plan to update this site, I got some suggestions for to help informing users of your website.
>Common Spyware Red flags
Examples - untoggleable automatic updates, phoning home, connecting to analytics, etc. Common spyware tactics and scenarios that can be pointed out on their own.
>Defending Against Spyware
Examples - wireshark, firewall configurations, blocklists, etc. Tools and techniques you can use to defend yourself from spyware.
>Categories and Searching for articles
Something for the future if you manage to have a lot of content on your site, I'm probably just repeating what you already have planned, but it's a thought.
If this sounds like a case of "redoing the basics" I understand, but some people that use this might not know this stuff.
>((("""User friendly"""))) and/or mobile friendly UI is one of many modern cancers of the internet.
Software that is truly user friendly doesn't get in your way when you use it. The problem with this kind of modern website design is that they aren't about being friendly, they're about (((The User Experience^TM))). Also, being "Mobile Friendly" is just a way for them to be cut corners on an already cheap job so they don't have to implement two versions of the same website.
> If you're gonna be the one solely updating this website
I wont be creating all of the content (a few articles and passages in some of the articles are written by a couple of anons) but I will be the one who actually stitches the HTML together. The idea is that anyone can contribute to the site and help keep the articles relevant and expand the catalog.
>I got some suggestions for to help...
I think that your ideas are pretty good about articles that warn people about how to identify and mitigate spyware. These are articles that I've thought about making , but haven't started yes- you can see the articles that aren't finished here: https://spyware.neocities.org/articles/index2.html
It's mostly stuff about web browsers right now because those are easy to write about.
You need to run your pages through a spellcheck. There's glaringly obvious ones on every page.
>Maybe change the background to a solid one and that's it,
That's good advice. The text is a little hard to read in parts because of the background.
Otherwise, it's fine. Most people focus far too much on style over content. As a result, the web is stuffed with very pretty, but absolutely bloated and useless websites.
The entire website, with all of the images and pages, are 1mb, so 0.1% of how much I am allowed to store for free on neocities. It's pretty nice.
Also, i've changed the background so that it looks like pic related, I agree with you guys that it needed to have a more solid background, this is easier to read for me as well.
>RMS created a page about why Discord is bad on his website linking to an article on the website
RMS featured your article on his website? You really should be proud.
>I want to make it look better
Sure, but keep it as simple as possible. I would recommend to take inspiration from the Dark Theme on https://stallman.org or http://textfiles.com/directory.html
>mostly-static page needing to be updated a few times a week
Host that shit on IPFS
The 90s look is charming.
If you really need to do or just want to use a more complex design (multicolumn , modal dialogs , responsive) i'd just use bootstrap , either v3 or v4.
It's gonna make the page like a generic modern page though and some shitposters are gonna screech but it's really simple to use without knowing css.
The responsive grid alone is enough to make it worthwhile.
OP, I love how you designed your website. It brings me back to 1996. Keep up the good work!
Don't change a single thing about the layout. It's perfect! Simple and to the point.
nice site, i like it. thank you. (also yes, refreshing design)
one tip for the articles: if this is meant for a general audience and not just 8ch/4chan, then maybe put "tracking" higher on the list of issues than "not open source". While closed source is suspicious, tracking features are outright proof of spying.
protip: timestamps. policies change, so it would be good to know when these facts were last checked
I noticed some pages had "Version tested" but others did not
bootstrap is the definition of bloat.
I'd prefer the content of the articles to be in the center of the page, but other than that it's nice. Simple and effective.
>pondering to phonepostetrs
>pondering to widescreen fullscreen windowfaggots
OP, your site is good, but you need to be more elaborate on Telegram, while being (((open source))) it is not free software and is too harmful to be considered non-botnet.
>open source is somehow jewish
Stop misusing echoes. Don't decrease their meaning to nothing more than "random shit I don't like".
thanks for reminding me this exists
>try to make account over tor
>spend 1 minute making an email airmail.cc and then 9 minutes filling out recaptcha on neocities
hit "next" button
nothing happens, just goes back to the same page with all fields cleared
>hurr durr IPFS
>hurr durr net neutrality
pure virtue signalling. now ill go back to my other 10 shithosts
>>hurr durr IPFS
What's wrong with IPFS? It's literally one of the best ways to host a static or semi-static website right now.
Open Source is an exact term used by jews and other cuck-licenced subversives to present their "heh-he we slapped a bunch of proprietary binaries with this poorly written code and put it on github, oops would you forgive us the fact we can't use git properly, all commits are outdated and software is not reproducible, who needs those sources anyways, download our apk on google goy market". I'm not even touching T*legram's joke "secret chats", shitty PR tactics and virtue signalling for Russian and Iranian audience, super secure central server (((in the cloud))) and phone number verification of course. Don't be a good goy and use XMPP instead. Free as in freedom.
You should consider hosting a wiki instance, so that people can more easily submit modifications.
Or even a git of the websites' mirror.
Keep up the good work!
Since I made the thread, two new articles have been added to the site:
How do I do that?
I've started adding them to articles as I edit them. So you might notice some pages giving a date.
You're right, that the article about Telegram isn't the whole story- although I think you know a bit more about these problems than I do. If you want, you can edit the telegram article, and email me a version that is better. If you don't have time I will eventually get around to it.
The question about something being spyware isn't if it's free or open source- but if you can read the source code that you're executing to find out if it's spying on you. But I do agree that obfuscated, outdated source code isn't acceptable.
>You should consider hosting a wiki instance,
neocities is static web hosting.
I agree with this but I just use "open source" to mean something I can compile from source.
telegram requires phone to sign up?
i want to make a site listing non-internet services like google, microsoft, facebook, yandex, and games that do bullshit like require you to get an SMS from them before using. also sites that block IP addresses for no reason, sites that have a small whitelist of allowed emails, sites that use recaptcha, sites that require another non-internet service such as gmail or facebook to sign up, etc
You could host it on Github too.
It's difficult to talk about "open source" or "software freedom" because specific groups, the Open Source Initiative, and the Free Software Foundation, try and enforce a monopoly on what those words and concepts mean. So, if you have a different opinion of what those things are, you will inevitably butt heads with people who want everyone to follow the meanings enforced by this monopoly.
To be able to know if a program is spyware or not, you have to be able to compile it from source- it does not need to meet any of the other requirements that it would need to meet to be called "Free Software" or "Open Source Software" according to the definitions of the FSF or OSI. So, I don't like to use the words "Free Software" or "Open Source Software" on my website because it implies that a program needs to meet all of the requirements set by those organizations to be called "Free" or "Open" for spyware concerns to be alleviated. If you can compile it from source, that is the only thing needed.
Although, I don't want to say that just because a program allows you to compile it from source, it isn't spyware. It just ensures that you can be aware of all spyware features, and that there is no spyware hidden inside of a binary blob.
It's not a monopoly on the meaning of a word. It's their clarification on what they mean when they say the word. If you have a different meaning, that's your choice but don't be surprised when people get confused about your meaning.
Hosting on github is pretty easy tbh.
Should he add a CoC up his ass too? I've heard GitHub has a tool to make that easy.
It is. Just tell them you want a CoC up your ass, and they'll send around a Bay Area girl (male) to give it to you.
>Spyware Level: Low
>GZDoom has the opt-in feature
reading through the forum it doesn't appear opt-in at all, and the developer appears to love sucking glowinthedark nigger cock all day and night long uncontrollably.
it the level should be bumped up to high. the "opt-in" is opting out by digging through a configuration file or flippling a compile-time switch.
>links directly to reddit
USE Archives faggot!
these GZDoom spying niggers also pushed out all of the data collection
adding the dialog box to turn it off. they are going to sit and collect all the data they want, and THEN add the botnet opt-out dialog.
These GZDoom niggers are terrible.
it's too hard for the gzdoom developers to make a confirm dialog on linux, they are forced due to lack of resources to datamine everyone who installs gzdoom
these fucking niggers it's literally 4-5 lines in C with gtk to pop a confirm dialog. 99% of linux users who are running a GUI will have gtk installed. they already list gzdoom as a requirement to build from source.
Never install GZDoom, not even once. This should be labeled as extreme botnet spyware.
*they already list gtk as a requirement to build from source
When everyone uses a word in that way, because of an organization promoting that meaning, its a monopoly (although I don't want to get stuck on this point). Luckily my website isn't about defining software freedom as a whole, but profiling one very specific type of software freedom. So, I don't have to worry about using words like "software freedom" and only have to worry about words like "spyware" which isn't in any of the software freedoms that the FSF and OSI describe.
If I end up changing hosts (probably not for a long time), I will possibly use git for article submissions, but I will not use GitHub for hosting or article submissions. I think that the other posts on this thread should explain it: GitHub is a very political platform that is pro-censorship.
Didn't they say it was opt-in? I specifically made that article to try and create a precedent for a spyware that could fit into the "Low" score. If you read this post later in the thread:
>And even if you still don't find this data-sending okay, it's been made opt-in, so I really don't see where the problems here are coming from.
>You aren't going to be hurt in any way by this, in fact there is no possible way that you could be, given the nature of the data sent.
Even if this wasn't opt-in, that could only push it up to "Medium" since while I agree completely that GZDoom is spyware, compared to the other spyware that I wrote about, it couldn't ever be higher than that score. That would imply that something like Vivaldi is less of a spyware than GZDoom. Also because, I don't want to inflate the ratings of the software. (Think of review sites, where the average score is 7.5 and not 5 out of 10)
Look, I know that you guys are mad at me for not giving it a higher rating- but since you all seem to know a whole lot more about the situation that I do, it's probably for the best that one of you emails me an edited version of the article that properly explains the level of spying it does on its users, since I don't want to get things wrong a second time. For now will move it into the "unfinished articles" section of the website until either I get around to fixing it, or someone else emails me a version that is better. Feel free to put copious amounts of block quotes and/or screenshots of the forums where the developers explain their anti-privacy viewpoints.
read later on
>It already has given us some really valuable information, the most surprising of which is the low percentage of Windows XP. Being an old game I would have expected this to be a lot higher, but so far it's only less than 1.5%. Right now there's no need to ditch it, but this should serve as a wake-up call to those users still on XP: With such low percentage its days of support are inevitably numbered. The moment an issue arises where XP turns out to be a blocker, it will be gone.
they already took the stolen data that was not agreed to and used it
>Any news on the native or in-game dialogs?
>Most likely we will use native UI from this branch when user friendly message will be written.
<there's still no confirm dialog
<they are still using the data nobody agreed too and still collecting data from goyim who have no idea what is going on
>How do I do that?
see >>>/tech/793208 and https://ipfs.io, don't get this thread off topic
Why not literally add an option into the option menu of the game itself. I don't think it would even be that hard to do.
also just because someone removes the botnet the score should not be lowered. they can no longer be trusted.
would you lower the score on that stupid flight sim mod company who literally installed chrome password crackers and uploaded everyone's chrome passwords under the guise of trying to catch pirates? they claim they removed it now, but their score shouldn't be lowered either.
because they want to continuously datamine and are bitching an moaning that it's too difficult as an excuse.
You don't need to convince me anymore, I am agreeing with you... If you look at the page again, on my site, it clearly says that the article is being rewritten, and I changed the wording to clarify that it is not an opt-in feature.
Also I am still trying to judge, whether the "low" score is a bad score to give it or not. It's true that GZDoom is spyware, but if I say that it is "Medium", then I am putting it in the same place as much more egregious software that does things like phone-home every 24 hours. It's not that think what GZDoom is doing is acceptable, its just that when I give this program a score of "Medium" that would devalue the meaning of the "Medium" score.
Apparently neocities has IPFS already, but I don't really know how to open these URL's.
>apparently neocities has IPFS already
wow didn't know that. It works kind of ok for individual pages, but neocities' IPFS version is kind of shit because resources (stylesheets, images etc.) don't get linked properly and you can't see them.
modal dialogs are harmful. there's not even one valid reason to ever use one
Everything is a fucking botnet. I am using opera for 10 years. I am fucked beyond saving.
Graf Zahl absolutely loves modern botnet software. I'm not surprised that he would follow that trend.
I decided to put the GZDoom article back up, I think it more accurately depicts the situation now. I kept it as "low" just because it doesn't have enough botnet in it for me to justify it getting another rating. Also, one of the contributors to the site finished the Pale Moon article, you can read it here:
I'm probably going to try and sort the catalog page into categories, soon. I think that I want a few more articles before that is needed, though. If you guys still have issues with GZDoom that you think aren't being presented well enough on the site, edit the article yourself and email that to me (that's kind of the point of the site anyway- that anyone can share knowledge about spyware)
REEEEEEEEEEEEEEEEEEEEEEEEEEEEEE i hate retarded shit like palememe's startpage. why do people even do this shit, it just makes the software crap, regardless of privacy issues.
Could someone please test SeaMonkey? Thanks.
I guess this proves that (highly monolithic) free software is just as easy to compromise. You guys ought to be worried about systemd and the Linux kernel now.
I was going to stop bumping the thread, since it seemed to die off, but since it's already at the top of the catalog I might as well bring up that more articles have been added:
The iTunes article of course is a bit short, and probably doesn't capture the full extent of spyware hidden in that program, but it is a good start for someone who can do a more detailed analysis of the software to edit into something better. It at least portrays the level of data collection iTunes does and so I think it's good enough to show now.
The browsers.html article is a little different since it compares all of the web browsers that have been reviewed up against each other. Maybe such a tier-list is one that not everybody will agree with, but anyone can submit amendments with good rationales about what should be where on the list, so it should straighten itself out after that if there is something wrong.
This thread was successful in getting a lot more eyes on the website, and a lot of good feedback but unfortunately no new people submitted articles or amendments to the site because of it- hopefully in the future maybe in the future more people will want to write for the website.
Does systemd or linux contain any telemetry? You would think that such software wouldn't...
I have no problem with monolithic free software because I will always have the freedom to change any part of it, no matter how complex it is.
Remove background image, invert colors (black text on white background).
Fortunately I can do it by myself with https://github.com/m-khvoinitsky/dark-background-light-text-extension
https://spyware.neocities.org/articles/firefox.html (just one example) — you should use a dash (—) for a dash instead of a hyphen(-)
> There is no excuse to at least not make "Check for updates, but let me choose whether to install them" the default - it would still give the security benefit, but not take control away from the user.
When we talk about some critical shit like a browser, no, it's bullshit — users which are tech illiterate won't do manual updates, I've seen it countless times.
You also have encoding problems at least in this page
> For example, if your child uses audio activation commands (e.g., â€œOK, Googleâ€ or touching the microphone icon), a recording of the following speech/audio, plus a few seconds before, will be stored to their account..."
You must add the encoding declaration to the HTML header.
https://www.w3schools.com/tags/att_meta_charset.asp probably like this.
DO IT FAGGOT
The site is suppose to be ASCII, not Unicode.
This should be fixed now, sorry I've been trying to keep the Unicode from sneaking in but it renders correctly on my browser so I miss it sometimes. I'll try and fix this problem in the future.
>The site is suppose to be ASCII, not Unicode.
You're doing it wrong.
The articles are written in English, so there isn't any reason for it to use Unicode. Unicode only gives the website compatibility problems without any real benefit beyond apostrophes that look different and slightly longer dashes.
>The articles are written in English, so there isn't any reason for it to use Unicode
Proper punctuation requires Unicode.
>Unicode … gives the website compatibility problems
Only in your horribly broken mental image of the reality.
>Proper punctuation requires Unicode.
ASCII has all of the punctuation marks English uses- so I don't know what you mean.
Cancermojis are not English punctuation.
I didn't talk about them, you dinghole
Then, talk about punctuation marks that you need to use Unicode for. Don't just say "Factually incorrect." because that isn't how to explain it when I don't know.
If you're hellbent on using the spellings "resumé" and "mediæval", or insist on using dashes, maybe.
… (yes it's a single character)
these were just a few examples
But, why use Unicode for such things that can easily be constructed in ASCII? A good reason would be something that requires Unicode to express- maybe you have a point with your math symbols, but this website doesn't have a need to show math equations.
That being said, I am not going to object to anyone who wants to put a Unicode tag on their articles, or amendments to other articles, since it really doesn't have any harm to the site, so maybe I was being a little silly saying that it "should be ASCII" as if Unicode is not allowed. I just don't see any need for me to maintain or enforce this Unicode style (I can't even type those letters), so I won't spend time changing the dashes on all of the articles since that doesn't seem like a good use of time to me. You are of course welcome to go through all of the articles and change all of the dashes to long Unicode dashes and add the Unicode meta tag to the top, and then email your edited versions of the articles to me, and I'll put them up.
>I can't even type those letters
This is only a problem of your sub-par keyboard layout. But it's easy to solve on most modern OS.
>You are of course welcome to go through all of the articles and change all of the dashes to long Unicode dashes and add the Unicode meta tag to the top, and then email your edited versions of the articles to me, and I'll put them up.
Do you mean to send the HTML files?
You write HTML by hand?
Anyways, it's doable. Maybe I will do this.
I have no issue with Discord tbh.
sent you the edited chrome page, check it out
Okay, I have updated the chrome article, and yes I write all of my HTML by hand, neocities has a text editor on its site and I mostly use that for this website, I don't know what anyone else who writes for the site uses though. I am not really a web developer at all, so that's the reason that my way of doing things is so amateurish, because I don't know much beyond basic HTML constructs. When I say at the bottom of every article, to email me amendments and new articles, I just mean emailing HTML files so that I can merge them in by hand.
Thanks a lot for helping out with the site, I do appreciate it.
No, he's doing it right. Adding more complexity for the sake of itself is part of the reason you have all this botnet shit to begin with. ASCII symbols are good enough here.
Ironically I've been on retro computer sites where the dude writes his webshit in unicode, and when you view the document on an actual retro computer, it looks like ass.
don't all blink-based browsers download a binary blob on first run, i think that feature was specifically removed from ungoogled-chromium before it was abandoned
I heard about this from a friend as well, as long as there is more info and a way to verify that it happens on all of the blink-based browsers that currently have articles on the site , then that should be included...
I looked it up and apparently the name of "hotword-x86-64.nexe". I have both google chrome, chromium, and google chrome canary installed but only google chrome seems to have downloaded this blob. Maybe I should download the other blink-based browsers and check for it coming up.
Ironically, writing for this website is damaging to my privacy, because it involves installing a ton of malicious programs and seeing what data they report about you.
>ASCII symbols are good enough here.
This is not a retro-computing resource.
Unicode is a world wide accepted standard and it's necessary for correct representation of any natural written language (compared to dumbed down versions with incorrect punctuation, etc.).
Deal with the facts of the year 2018, kid.
>Ironically, writing for this website is damaging to my privacy, because it involves installing a ton of malicious programs and seeing what data they report about you.
Use a VM. Or maybe, if you have spare computers, install an unlicensed copy of MACROSHIT WANGBLOWS with none of your data and use that.
I made my case, so enjoy your botnet since you want to indulge in it so badly.
that was a few years ago and it appropriately caused a shitstorm, google initially on their bug tracker claimed that nothing was wrong of course and just shut up and eat the binary blob but changed course after the outrage and removed it before debian and every other distro removed chromium from their repositories.
google saying shut up and take the blob
Comment 14 by email@example.com, Jun 19 2015
#11: "If the software downloads and installs a closed-source binary, how do we know when it runs and when it doesn't?"
Because the open source software has complete control of when the binary runs. You can look in the source code to see when it decides to start up and shut down the hotword module (I gave instructions on how to do that in the other bug).
Providing an extra step to install the module would be unnecessary friction for our users. There is literally no difference between downloading the module (without running it), and not downloading it, except a tiny amount of bandwidth saved. There is no difference from a privacy or security standpoint, because unless we run it, it can't do anything, no matter what behaviour it might contain within.
#13: "Once the blob is on the system the security risks have been increased". From our perspective, the blob is just another part of the Chrome codebase (just with a weird delivery mechanism). You could make a similar claim for any feature of Chrome, "it shouldn't be installed unless I ask for it." But that's not how software works. We don't download individual features of an application on demand. It's your choice whether to enable a given feature. But users generally don't get a choice of *which* features are downloaded when you download software. That's just never been the way software has worked.
google shutting it down
Comment 24 by firstname.lastname@example.org, Jun 19 2015
The bug tracker is for tracking technical development work, not debating policy or, even more, ranting about how Google is evil and you're deleting all Google software from your devices.
Closing to additional comments.
google removing the hotword module from chromium due to MSM picking it up and causing outrage
Project Member Comment 25 by email@example.com, Jun 24 2015
The following revision refers to this bug:
Author: mgiuca <firstname.lastname@example.org>
Date: Wed Jun 24 01:25:14 2015
Remove hotword installation code at compile time if hotwording disabled.
If enable_hotwording is false, the code to download/install the hotword
shared module is compiled out.
(This should not change behaviour; it was already disabled at run-time,
this just removes the installation code from the build.)
you can also reverse engineer closed source software, no matter how complex it is
free software is an illusion
>dude you need to use unicode on your website that is only in english and does not need anything in unicode
>you can also reverse engineer closed source software, it's the same as free software!
Bloated and complex free software is still low quality due to an increased number of bugs. Also it's a disgrace to the name of free software.
I wrote an article about the HTTP protocol:
Maybe it turned into a little bit of a rant at the end, but I think it's important to write things like these, because I can't find the same opinion anywhere online besides a few posts on /tech/ now and then, and those aren't a permanent resource for people to learn about those ideas.
It being 2018 doesn't make Unicode necessary for this site: also, the punctuation is correct either way.
That's a good idea, but why are you responding to yourself as if I responded to you, writing it off? I don't understand.
>>914192 (me) is not the same person as >>914017.
>Your website looks like shit, change it
No. Whatever you do don't add more js and css into it. It's fine now. You should just add a small icon next to each program under "browse articles".
>It being 2018 doesn't make Unicode necessary for this site: also, the punctuation is correct either way.
>durr muh punctuation!
The dash -- an important feature of written language -- should be written with a double-hyphen.
>inb4 triggered english teacher
This isn't school and nobody cares.
>you can also reverse engineer closed source software, it's the same as free software!
For non-experts, modifying something like firefox source code is just as insurmountable as reverse engineering. "Freedom 1" was never real.
That is not true. Sure, modifying firefucks source code without breaking something is quite difficult, but try modifying something in Internet Explorer.
(Also I heard something once about a large proportion of Firefucks code being auto-generated Java to C++. If that's true, it's even worse.)
No. Sophisticated systems in the form of human readble source code is nothing compared trying to read obfuscated code in the form of binary compiled software or minimized code.
You're assuming that the user of the software has to be the one doing the work. This is a bad assumption. There is absolutely no requirement for a user to have any kind of technical aptitude to audit and modify software as long as they can find a skilled helper to help them. Freedom in software means the user has the permission to study the code but it doesn't imply that the user must have the skill to do it.
Yeah finding a sucker to do that is even harder. In reality, Freedom 1 only applies to small scripts and such. Anything else is reserved for big corpos just as closed source software...
No it's not. It's as easy as finding a builder to build your house or finding a plumber to fix your plumbing or finding a carpenter to build a cabinet. Finding a software developer to help you is not hard at all.
Yeah that's why collaborative game development goes so well. Visit /agdg/ sometime...and you will find a bunch of guys working ALONE, because it's the only viable option...
A computer game is an artistic work of passion. The lead producer directs the game and this level of direction isn't always popular with a loose group of individuals who are working on a game project for recreation. A computer program that's designed for real practical work is different to a computer game. A practical computer program is very feasibly useable in a limited state and can continually be improved in the "release early, release often" model of development.
Yeah, but what I'm talking about is a guy taking, say, Firefox source code, and thinking to himself "okay, I want THIS feature in there!". And then he codes it in...yeah right, it's impossible. And let's say he managed it...new Firefox version is out! And he has to port his feature or else suffer from the previous security bugs, etc...
>a bunch of proprietary binaries
Holy fuck stormfags are retarded
Well hello there, fellow redditor. No gold for you today, sweetie.
Please read the following material to get yourself informed on this topic:
Is there a comprehensive guide for FF-based browsers with the following goals
<restore useful functionality that was removed
<add useful functionality (primarily improving privacy and performance)
<all the above without breaking compatibility/functionality on websites
It isn't worth the trouble. Go ahead and castigate me for being a shill, but I've switched to Iridium, and I doubt I'll go back. Not only is it faster, it also never segfaults. Make sure to run it with the following flags:
--user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
*You need HTTP referrers to post here.
No, there is not any such guide that I am aware of. I would love to include such a guide on the site, though. I have been thinking about writing it but I haven't actually gotten around to writing it. If you want to help me get started with it, I would really appreciate the help. I will probably need help anyway, I haven't used Firefox-based browsers for very long and so I don't know all of the about:config entries and addons and other things you should be doing. Ideally the site should include a similar guide for chrome-based browsers too, maybe this post: >>914418 is a good starting point.
If Iridium is based off of Chromium, doesn't that mean it has that (((bug))) that forces the browser to phone in to the gstatic and Client servers? Or am I just plain stupid and Iridium team already removed the (((bug))) already?
The guy who wrote that article runs the browsers through mitmproxy to check for that kind of thing. So presumably that didn't come up. You could try and verify it by downloading mitmproxy and running Iridium to really make sure that it's not doing that, if thats not the case then I will change the article to reflect that.
Ah, well do and thanks for the heads-up and the website.
>Yeah that's why collaborative game development goes so well. Visit /agdg/ sometime...and you will find a bunch of guys working ALONE, because it's the only viable option...
That's /agdg/'s problem.
There are free and open source games e.g Xonotic and Zero-K that are collaborative in nature, organized purely online, and successfully made releases without falling apart before getting anything notable done. Both of those games were in steady development over years, supported by free time, community, and donations.
You know that kind of thing is completely normal? This is true for all software. There's is nothing outstanding about what you're describing here.
Iridium recommendation is dumb. Sure, it might be better for vanilla installations, but you can open Firefox with your internet disabled and change all the options that connect to external sources and then it is equal to Iridium.
Then when you add addons you only download addons from the Mozilla addons store.
If you download addons in Iridium it's from Google's store, connecting to Google's servers.
I'm thinking of consolidating the "Low" and "Probably not Spyware" ratings to just "Low", and then moving Iridium to "mitigatable spyware browsers". Firefox has Google analytics on it's addons page and you cant remove the button on the GUI for it as far as I know. I'm not sure if Iridium has a direct link to the Google store on its page, if it doesn't, then cant you get addons for it from another place?
Iridium as a spyware browser, when their whole shtick is debotnetting Chromium...you're a funny guy. Or incompetent.
>I'm not sure if Iridium has a direct link to the Google store on its page, if it doesn't, then cant you get addons for it from another place?
No, actually Iridium even removed automatic updates of addons, to avoid any connection to Google. And of course it's possible to install extensions manually. Read their FAQ...there is no spyware in Iridium. You're a joke and so is your site.
Google safebrowsing requests are still a form of spyware.... It has two versions, either you download a safebrowsing list from their server, or it literally sends requests to a safebrowsing server that contain the URL of the site you are trying to access. So you cant really call that privacy at all. Yes, this server is not owned by Google, but do you trust the people who run this server? At the very least, people should be made aware of that.
I didn't personally review Iridium so I am not sure if it is downloading a list of sites to block, or sending everyone's connection requests to Iridium's servers, and I will have to test this myself, but if it is the former, I will change it's rating to "Low" and if it is the latter I will change it to "High". I don't know yet.
Really I think that this is an emotional response to my site, instead of looking at the facts... and that's why this site exists, because it's supposed to highlight privacy problems, even with so-called "privacy concerned" software. Yes, maybe its harsh to label people's work towards more private browsers as spyware, but that doesn't change the facts about what their browsers do. That's why the site has many different ratings based on how much spyware a program has in it. I think you are reacting too much to the fact that it's being called spyware, instead of realizing the purpose of these articles: it's to say that this is the kind of information you might be giving up if you use this software, are you OK with that? And really nothing else.
And now you're even considering switching Iridium to High. No, you're definitely incompetent.
>or sending everyone's connection requests to Iridium's servers
read your own article
Iridium is based on Chromium, using Blink engine which has significantly less control over your privacy in general when compared to Firefox. Not being spyware doesn't help vulnerable code.
I read the article, it mentions Google safebrowsing requests, a spyware feature, but it didn't mention which kind of safebrowsing it was using. If you look at the safebrowsing API here:
You'll see that it has the option to either download a blocklist (a form of phoning home) or to send every URL you try and connect to, to be checked agasint a blocklist at google. So either way, it's a form of spyware. According to the article, it's from Iridium's own servers, but not from Google, and the writer doesn't mention which type of safebrowsing requests are being sent.
Now that I have seen for myself, it looks like it is downloading a block list, but not from a mirror, instead directly from Google. So, I can't say that it's "not spyware" when it is literally phoning home to Google by default. I won't say that it is doing anything more, because this is the only privacy problem with it, but it's something that needs to be mentioned.
The way I see it, I have looked at Iridium browser with mitmproxy to see if it is spyware, and you have read the FAQ on their website to see if it is spyware. Which perspective is more credible? Maybe by this logic, I should label Discord as "Not Spyware" because they said that they don't sell your information on Twitter.
At least you're testing these things now, congrats.
How does your computing setup look like?
- Which OS do you use?
- Do you use VPNs?
- Which phone, in particular - which apps being installed?
It's just downloading the block list. Nothing malicious about it.
I'm not really calling it malicious, that's why the rating is only "low". They get your IP, User-Agent, etc, so it is a form of data collection, and so I have to mention it. I don't really call spyware malicious unless its really excessive in it's data collection, in this case it's kind of an incidental consequence of using spyware protocols like HTTP. So, I hope you guys think that this is a reasonable way to look at it.
I hope that this post isn't too dissapointing, because I'm really not a good example of someone who avoids all spyware.
>Which OS do you use?
I personally am using Windows 7. I download the security updates from Microsoft every once in a while but I haven't gotten around to applying the changes here: http://oxwugzccvk3dk6tj.onion/tech/w7tele.html so I'm not doing very well here. I have a laptop, it has Windows 7, Slackware, and Plan 9 front installed.
>Do you use VPNs?
>Which phone, in particular - which apps being installed?
I have an iPhone, so I am checked into the botnet. The reason is that it was "two for the price of one" to buy them, and my family wanted me to have a cell phone, so when someone else in my family got a phone, because of this I got a phone too. I wasn't very concerned about my privacy when I got it, although I didn't really want a cell phone, they wanted to be able to call me. If it breaks I will probably just buy a flip phone, or set up a land-line.
I only really have a couple of messenger apps installed on it, I have the facebook messenger app, and discord, this is because there are people that I am friends with who I can't contact in any other way. Beyond that I have an app for my bank and one that lets me buy train tickets. Maybe in the future I won't use a debit card anymore, and switch to using cash, but I am trying to do one thing at a time.
I hope that nobody thinks that because I personally use spyware, that the stuff that I write in my site isn't something that you should take seriously- if someone who smokes cigarettes tells you not to smoke, that doesn't change the risks of smoking.
>they don't use anything else
Switch some of them to riot.im. It's a very good discord alternative.
>choose a server
>choose an identity server
>choose a nickname
>choose a password
Normies seem too retarded for these things nowadays.
First thing first: there is no compromise between security, privacy and anonymity. There are the opposite sides of one triangle.
To blend in with the crowd, you have to look like the crowd, behave like the crowd. Disabling JS and hardening your browser is the exact opposite of this thing. If you want anonymity, use Tor Browser with default settings.
Now here are the guides I know:
Also these sites might be helpful:
>choose a nickname
>choose a password
Both optional. But these 2 are required on discord, so what's the difference?
You can be invited and open a link.
The only problem I have with OSW is that you guys use "Spyware" way too much, to the point it's somewhat annoying, it's expecially apparent in the Discord article
Discord babby got buttmad?
That's a real criticism of the website, not just funny hate mail from Discord fanboys.... although I can confirm that I have received some of that, and yes, it is hilarious to read.
Hey OP, would you be willing to do a check up on Qupzilla browser?
the important thing about your site is your reviews, I like the idea and reviews. keep going
>it looks like something from 1994
I seriously wondered
For web browsing, communicating etc. Which platforms do you recommend to use anon/s?
Go through and check any external sites you link to. I clicked two links and one of them was filtered by my AV and the other was a huffpost article.
Sorry everyone for the delayed response. I thought this thread had died, so I wasn't looking at it anymore.
I could do it but it says that it's changing it's name to the "falkon browser". Should I review that one instead? It sounds like a better browser to review if QupZilla isn't going to be worked on anymore like the website says.
Either way the next browser I am going to review is IceCat, since that browser is more relevant. According to some people who I think know what they are talking about IceCat is a spyware browser, but I haven't done any tests on it yet myself to find out.
If you can tell me which link was filtered by your AV, I would be happy to archive it or something. Beyond the fact that the article is from the huffington post, there isn't anything actually wrong with the content of the article. I just looked online for some articles that are alright about the topic to put into the further reading section, but i'm sure a lot of people could do better. If you have some good links feel free to share them.
the old design (90s as people have mentioned) is so old that now it looks new again! its simple and easy to read and god makes me realize how distracting modern pages are! no wonder every other kid has ADD these days.
the only thing I would suggest is to list the software alphabetically. It's easier for someone to find their software that way, especially as the list grows.
I plan to split it up into more categories later. Right now it's sorted by spyware rating. It will be reworked once the article count gets a bit higher.
lol I thought it was sorted by popularity. That's a funny trend though.
this thread has been ended up.
Thanks for posting this, it's really useful. Makes me very glad I deleted my Discord account ages ago.
This. This one site is infinitely more useful than the browser threads. Thank you.
>Discord is spyware
>Telegram is (probably not)
Hmmm, gee I wonder who might be behind this, towarisch?
would you be willing to test tor browser?
RMS' site already exist. Your shitty site is nothing to it.
Tell him to add >>922042
RMS links to this site, nerd.
Rms doesn't speak out against spyware unless it's related to his promotion of free software and the reputation of the free software movement . Otherwise, where are his articles talking about Mozilla and the free software projects written about on this site?
His answer is to change the source code. Matters of spyware in free software can be made meaningless when everybody is allowed to modify the software.
and he's right.
See a problem? Fix it.
Too retarded to? Shut the fuck up then.
This. Also never report bugs
Telegram devs are notorious for their inability of using git properly. They publish large chunks of uncommented outdated source code to github and think they can get away with this.
Matters of spyware in free software can be made meaningless when people are no longer using that spyware. That's part of the purpose of the site, to discourage people from using software that is spyware, and to encourage them to switch to non-spyware. RMS advocates the process where someone forks the code of a project to create a non-spyware version, and then the community can reject the old spyware version and move to the new, non-spyware version. This website could be considered part of that process he is talking about, where it is advocated to move from spyware versions of software to non-spyware versions of that software. So, producing these articles is entirely consistent with what he thinks is the solution to spyware in free software.
Once in a while, users who know programming find that a free program has malicious code.
Generally the next thing they do is release a corrected version of the program; with the four
freedoms that define free software (see http://www.gnu.org/philosophy/free-sw.html), they are
free to do this. This is called a “fork” of the program. Soon the community switches to the
corrected fork, and the malicious version is rejected.
I amended the Telegram article with this information, thanks for sharing it.
I'm sorry OP, but you seem clearly biased with criticism for certain software, while ignoring the faults of others that are clearly what you use/your favorites.
Its just another my opinion>yours kind of site and not something worth our attention.
It would be great if you provided an archived link along side the orignal link on most of your cited sources.
In Your articles you direct link many sources without an archive to back them up.
What would improve the overall cited sources to the webpage was if you did something more like how that of a wiki might.
Instead of only providing 1 link you can source multiple links at any given time.
You should also always provide an archived link instead of a direct link for purposes of keeping the article's time of creation and review understandable, incase anything on the site changes or the software changes.
I.E instead of https://policies.google.com/privacy/example/collect-information it would be https://archive.fo/Hthpb (or the long link) http://archive.today/2018.05.30-050751/https://policies.google.com/privacy/example/collect-information
You could perhaps just provide the direct and the archive for comparison
It is highly advise you provide better archive links then that of archive.org because archive.org has been known to delete snapshots that they don't personally like.
How did it come off that way to you? I'm not trying to write the site in a biased way, but I would not be surprised if it can come off that way, if there is stuff I missed about certain software, or things that I wrote about unfairly, I want to change that, if you would tell me what the problems are specifically.
It's supposed to be the kind of website that anyone can contribute too, but the articles are right now only written by me and one other contributor, with some minor edits (mostly typo/formatting cleanup) by a few other people. So, it's inevitably going to be flawed by a lack of writers and criticism, which is why I made the thread.
Maybe it would be useful to provide source numbers, and then have a list of sources at the bottom of the article with links to different archived versions so that it can be more easily found, like wikipedia. That kind of editing will take a little bit but is probably the direction that I want to take it. Over the next few days, maybe I should do that.
If you want to help out I will accept any HTML pages that you send my way that are edited to provide source lists.
I edited the article about Bing to include a source list. I like how it turned out, I think this is a good idea. So I'll go on and edit the rest of the articles to have similar source lists.
>I amended the Telegram article with this information, thanks for sharing it.
> Telegram does not follow it's GPLv2 Obligations
it's -> its
I'd also suggest bumping it to "Medium" or "High" from "Low" because disclosure of telephone number is a big deal and arguably bigger than anything, for example, that's done by Firefox which has "High" spyware level.
(The phone number isn't only used for mass sign up "prevention"; any account can be immediately found by the phone number and this is a big problem for public chats where the government, by probing phone numbers, can easily find who posted what, and then they might end up like Arkadiy Babchenko who was shot yesterday)
>for public chats
…or even non-public, as the gov-t agents can eventually infiltrate them anyway, or create baits from the start
you should probably mention that it's possible to find the account by the phone number.
(and please, put it through some basic spell checker)
That's a good argument for me, so I've made the trivial edit to bump it up to medium.
If you want, I would really appreciate it if you want to edit the HTML and email it to me to add a section or edit an existing section to emphasize this about it. Suggestions are great but in the end, it all takes time to apply them into the articles, so the fastest way to change the site is that way. I'm a little busy editing source lists into articles right now and could forget to add your suggestion in by the time i'm done.
OK, I'll take the current HTML after ~15 minutes and add some details to it.
I sent am email with updated html for the google search article.
OK, I have made the source list edit to the telegram HTML now. I have also made the change for the brave browser article too. That's a good idea with the <sup> tags, I didn't know that those existed but that makes sense. I'm going to go back and edit those other articles to use <sup>. I merged the google article so it's using the HTML you sent me.
Fug I will now have to merge the differences. (and I don't have the original)
Or do you want to merge them?
Don't worry about this. I will merge the pages for you, it's not a big deal.
Also I forgot to write, thanks guys for helping me out like this. I am right now working on fixing up the citations for the google chrome article. Do any of you know any good alternatives to archive.is? sometimes it refuses to archive the page and says "network error" as the reason. So i'm trying to find a third service I can look at to get archives from in case it fails.
OK I actually merged them, wait ~1 min for the email
web.archive.org, but I don't know if it's possible to force it to save something specific.
Or trying to roll your own archive, but it's not an easy task for non-technical reasons as well. (You have to build some trust, and you will be constantly attacked, probably even pressed in the meatspace as well)
It's been merged, thanks for the help again.
I'm using web.archive.org as well as archive.is, it's just that >>922558 is concerned about using it. So I am hoping that there are other services out there I can use just to be safe.
yeah it's of course better to use several archive sites, not affiliated with each other.
OP, can you do a review on ungoogled chromium so shills can shut the fuck up about it not being a botnet
might as well, hopefully it ranks well because it's tested enough that it might be actually secure (as well as private).
>IceCat is spyware
Are you insane?
Literally an oxyMORON.
I didn't say that: I said that I heard it was spyware and didn't check. I will make an article about this; I just haven't gotten around to it yet, and when I do I will have an actual position on whether it is or not. This is someone who has an opinion that I do trust, i'm just being lazy and I had a toothache yesterday (and also I haven't finished converting all the articles to the new sources format)
OK, I will do it after I review IceCat.
I (the other guy who was writing articles for the site) just tested it briefly. It makes no requests that I didn't make myself, but this is an old profile so some requests with a new install are still possible.
That's a strong reaction. What do you have in support of it? Because I did the tests and most of what is in the Firefox article still applies.
You should write the article and share it on the dev mailing list to see their commentary. Also, I'm pretty sure 60 isn't out yet, so what would you be reviewing? Because if you're reviewing the pre-Quantum version of Icecat right as the new one comes out, that's very disingenuous.
It's not going to be reviewed until version 60 like you said, I was not really keeping up with IceCat's development so I didn't mention it when making the comment. That was pointed out to me a few days ago through email as well with >>924285 .
>mobile friendly UI is one of many modern cancers of the internet.
Depends, the responsive shit is good, simple and easy to implement, css3+html5 max. Just tell the browser, if this is phone, handle the scrolling a bit better and change layout to something vertical on small screen.
The rest that comes with it is cancer, like animations on resize/rotation, pull out menus, anything that relies on js that isn't data related like fucking carousels, parallax backgrounds, etc. Fucking dross. You can even do without js if you don't mind the entire page refresh... which I don't, some sites with js look like their entire page refresh anyways, like searching on amazon... what a joke, if it's going to look like that then they can get rid of the js.
t. guy who studied and made "webapps/responsive sites/backend apis/hybrid apps/other web2.0shit and I hate 98% of it
static pages are web1.0
sites like 8chan are web2.0
responsive/jquery/other abuses of jabbashit are web3.0
you know what?
it doesn't even need js.
unless you use some ancient versions of HTML and CSS, perhaps.
Good thread. I use configured waterfox. I occasionally use TinyWall to see http requests. Nothing unusual in my experience. Maybe its because i have that safebrowsing bullshit turned off.
Does anyone have tips for running TinyWall or PfSense?
yeah, that's what I was saying here >>928594 my ip cycled, if it can do basics of css3 and html5 it'll work. Even then operamini or operamobile, the old one, doesn't support but it re-renders to work anyways. Not sure how ie reacts. You can even forget the css3 if you want it to look the same on all screens, you still need the html5 tags
that's not what 3.0 is, jquery is definitely 2.0 most frameworks and apis like reactjs and agular are 2.0. It's rendering and routing in the frontent, using your computers resources instead of the server's. It's just tonnes of js.
you don't know what "responsive" is or how it's implemented, do you?
Responsive css is botnet too.
Now try resizing your window and think how would it look on server's side.
Problem is: there is no escape. in order to serve less traffic and appropriate width webpage to mobile users, a website should determine phone's screen width which in turn will result in loading lower resolution images (with FLIF it'd be even more intrusive), interface elements, different graphics and arrange them properly. No, default html 1.0 full-width stickiness is not an option, try reading that crap in wide window or look at your average imageboard post width on full wide window, Tim didn't even do it right from day one.
So you mean Iridium browser? There is already an article of that on the website.
Possible Canvas Fingerprinting is detected! So mozilla is also doing that, heh. (Install extension "Canvas Fingerprint Defender" to see for yourself)
>Install uMatrix on browser of choice (download the .xpi beforehand)
>Go to dashboard
>On the dashboard tab, open the uMatrix menu to see "behind-the-scene" requests
>Click the 'on' button and save
Tell me this truly blocks all spyware jewry like OCSP and Mozilla telemetry? Is this the definitive list of all connections a browser makes?
Also, Google (((Safebrowsing))) appears if you don't fully disable all of it in about:config. I recommend disconnecting from the internet before you open a browser for the first time. In theory this allows you to avoid the Pale Moon start page.
Another website mistaking analytics for spyware. If you dislike websites needing to make money to stay alive then fuck off of the internet.
sure bro I'm out of here
Sorry for not responding as fast as I could have responded. I wrote an article about DuckDuckGo for the website a few days ago:
The only method that has been used on the site is MITMproxy. I don't know if uMatrix is catching all of the requests the browser makes, but I do know that MITMproxy is doing this. If you can send me screenshots of the safebrowsing requests I would like to add them to the Palemoon article.
There are plans to write articles about how to de-botnet all browsers listed but none of these have been started yet. A lot of people expect this and so maybe the site will be understood better when it has guides on removing or mitigating spyware in these browsers.
Check this for more information, it's written by a contributor:
Analytics are spyware, why analytics are being used does not change what they are.
Those are two different projects, ungoogled chromium hasn't been reviewed on the site yet.
There are lots of things I could write articles about, but I don't have an infinite amount of time. Anyone can contribute to the website, so if you want an article on the website you can just write it yourself and submit it to me.
>MITMProxy has a jewgle analytics script and 2 cloudflare scripts on their site
I don't condone what they are doing but the source code is available so they aren't hiding anything in that at least. (I hope). There are probably other ways of doing this that are made by people who respect your privacy better, but I don't really know that many ways of doing it.
You are utterly incorrect, any file a server sends you can, and has been used for tracking, more popular are fonts, fav.ico, DOM Storage, SWF Super Cookies, and more described ITT, which do not use XML|Ecmascript.
Keep up the good work. It's nice that your site is raising awareness to the issue that is everything calling home automatically without any warning or way to make the user aware.
Protip: go up to reviewing operational systems too.
>want an article on the website you can just write it yourself and submit it to me.
Got an XMPP account with an OMEMO enabled client?
Email is asking to deanonymize users here.
You truly are a hero OP, but >>910069 has a point. No reason to link directly to other sites, especially ones that can have content removed as easily as Reddit.
Sorry but I didn't know about this kind of thing before you brought it up, I'm trying to set up an XMPP account but I'm not really sure what i'm doing yet. So far downloaded a client called "gajim", I made an account called "spyware" at some server called "404.city", and installed the OMEMO plugin with the plugin manager it has. Hopefully that's enough for you to contact me.
Yeah, but that is the *content*, not the *protocol* that this content is sent through. I could send the exact same things through FTP and it would track you- but the reason FTP has a lower spyware rating is because FTP does not have spyware built directly into the protocol through features like user-agents.
The review was of the protocol itself, not of the content that people use the protocol for.
If you look at the site more recently, you'll notice that this is no longer a problem. Every single source cited also comes with an archive link to at least one archive and most of the time the sources have two archives or more, no matter where it comes from.
I still need to archive youtube videos that might be useful, but, unfortunately I'm not sure what service I should use to do that. I can compress video files but it makes the quality too poor and bloats the size of the site. The entire website is 1.5mb right now, but one video would be many times that size. Luckily I don't have any videos to archive right now that are seriously important, just that I link to some stuff as supplementary material.
Sorry, didn't finish reading the thread when I posted.
Chatting with someone through XMPP with OMEMO enabled is no more anonymous than sending an email.
Simply host screenshots/pdfs of the pages you mention, and you're done.
I don't think hosting these pics will take you any resources.