Comments (11)
Also, nothing you tell them would be news. The developers who built the site would already be aware of the issues (...)
Not necessarily 😏 Lissy93/awesome-privacy#65
from personal-security-checklist.
Also, nothing you tell them would be news. The developers who built the site would already be aware of the issues (...)
Not necessarily 😏 Lissy93/awesome-privacy#65
@ltguillaume You got me there 😂
from personal-security-checklist.
, that the web has become a ... a shit-hole, to put it bluntly
Couldn't have put it better 🤣
As a developer myself, JavaScript is Devil's Spawn. Almost all modern web "apps" run the majority of their logic client-side (on the users browser), this has increased overtime, due to client devices becoming more powerful, and the improved user experience you get from not having to re-render each page.
All this logic is written in JavaScript (or a subset which transpiles into JavaScript). Yet JS is not particulaly secure by default - it's messy, bloated, not type safe, behaves differently on different engines / browsers, can be insecure, etc, etc.
There are a bunch of proposed solutions to the issue in the works, e.g. WASM, which is pretty cool.
That said, you can still build frontend apps, using modern frameworks that are not privacy-invasive. Here's the Privacy Docs for one of my apps, it doesn't make any external requests, unless you specifically enable a feature (like weather, uptime monitoring, etc), and everything that is stored is transparently documented to the user.
The privacy issues mostly come from either sloppy developers, or data-greedy companies, combined with a poorly configured user environment.
from personal-security-checklist.
In terms of your idea...
It doesn't need to be a browser extension (and probably shouldn't be), and obviously the mail sending component wouldn't be possible from an extension alone.
Instead, you could just have a serverless function, which accepts a URL, scans the site, generates a report, scrapes a contact address, then sends off the message. The function could then be initiated manually with a web address passed in, or you could use it to crawl top sites within certain categories.
As for the effectiveness, although a nice idea, I honestly don't think any companies would give a shit. To them, the data they are collecting, is far more valuable to them than a few users threatening to boycott their service.
Furthermore, web administrators get A TON of mostly automated messages every day. They don't read any of them. Even developers of small sites, like myself get so many automated messages that it's not practical to even open them any more.
Also, nothing you tell them would be news. The developers who built the site would already be aware of the issues, and would have made those decisions based on things like cost, complexity, time-constraints, business requirements..
You could still try building it, not sure of your skill level, but this should be a very easy starter project. Most of the logic is already out there, so just a case of putting the parts together, maybe just a serverless function written in Go, and a simple UI to invoke it.
from personal-security-checklist.
Instead, you could just have a serverless function, which accepts a URL, scans the site, generates a report, scrapes a contact address, then sends off the message. The function could then be initiated manually with a web address passed in, or you could use it to crawl top sites within certain categories.
interesting idea for sure!
the problem is, all the mails would be coming from the same mailer, no? this wouldn't be as effective as mails originating from many individuals - any idea on how that could be overcome? i suspect passing a mail address as a param to the ... script(?) wouldn't really work (mails would still originate from a single server)
also, wouldn't a browser ext. act as a compliment to this so users can feed the script the params without having to do anything? i'm thinking about keeping this as dirt simple as possible for users
what about a very simple ext. that interacts with the script? so the script then checks the site (url param sent to the script) against a db and opens a pre-filled mail for the user to manually send - this avoids ext. updates when the db is updated (db = a text file, not an actual db)
As for the effectiveness ... I honestly don't think any companies would give a shit. To them, the data they are collecting, is far more valuable to them than a few users threatening to boycott their service.
i dunno - maybe it depends on who is contacted? - site owner vs. article author, the "contact" address, etc. - i think this might get some noticeable attention over time - the "few users" is a hurdle to overcome, but that's where a browser ext. might help and maybe some advertising
not sure of your skill level...
well, if we start the scale at 0, i'm about a 0.2 (some bash, html, css, very limited success hacking other peoples JS/PHP) - given it's assumed simplicity however, this is not necessarily beyond my ability but i'll probably need help, perhaps mostly with getting the ext. to talk to the script (assuming an ext. is in order)
from personal-security-checklist.
the problem is, all the mails would be coming from the same mailer, no? this wouldn't be as effective as mails originating from many individuals - any idea on how that could be overcome? i suspect passing a mail address as a param to the ... script(?) wouldn't really work (mails would still originate from a single server)
Ah yeah, I see what you mean, yeah you could have emails sent from the users address by using an ordinary anchor element. The mailto
part within the href attribute can accept, the recipient, subject and body passed as GET params. So when you / the user open the link it'll open your default email client, and populate those fields, all you'll need to do is hit Send.
Then, like you say each mail comes from a real sender, which will be much more effective. Although would also mean sending the email from your real address. And it would might tedious to do each website one at a time.
That'd remove the need for any email sending capabilities. Setting up mail servers for sending, in a way that you can send out a lot of emails, without them landing in spam is surprisingly hard. That's one of the reasons why most apps with any mail sending functionality will outsource this to a third-party service, like mailchimp, sendgrid, mailgun...
i dunno - maybe it depends on who is contacted?
Ah yeah, very true. But also, any email address you can found online by a web scraper, will have already been found by a web scraper, and be getting a lot of emails. But if you can manually deduct an authors email address yourself (e.g. trying [email protected]), then you'll probably have much better results.
from personal-security-checklist.
Although would also mean sending the email from your real address. And it would might tedious to do each website one at a time.
users would be (strongly) encouraged to set up a dedicated account somewhere (riseup, gmail <-- yes, i said that out loud, protonmail, etc.)
frequency of mails based on different domain visits could be handled by a preference, or done in a very unobtrusive way, such as a toolbar icon changing color with an optional notification
so i gather you think an ext. + a script makes sense? i'm open to any and all suggestions
ps - for anyone interested, i'm looking at the ClearURLs ext. because it fetches a file from a git repo and processes it - see line 262 in clearurls.js
from personal-security-checklist.
As for the effectiveness, although a nice idea, I honestly don't think any companies would give a shit. To them, the data they are collecting, is far more valuable to them than a few users threatening to boycott their service.
Furthermore, web administrators get A TON of mostly automated messages every day. They don't read any of them. Even developers of small sites, like myself get so many automated messages that it's not practical to even open them any more.
Also, nothing you tell them would be news. The developers who built the site would already be aware of the issues, and would have made those decisions based on things like cost, complexity, time-constraints, business requirements..
I agree 100% with @Lissy93 on this and for the reasons she has mentioned above, I don't think this would have any impact what so ever.
IMHO the entire industry is so hopelessly romanticized by hype that even when it is more costly in the long run, they still do the "wrong" thing just because that's what everyone else is doing.
from personal-security-checklist.
hiya @unixsheikh :)
i wouldn't necessarily disagree that effectiveness would be between 0 and near 0 if Big Tech were the target, but that's not really what i had in mind - i'm more interested in blogs, alternative social platforms, sites that focus on free software, personal site, wordpress sites, etc. - a lot of these kinds of sites aren't interested in monetizing data, but the admin, who could be a total novice, is just using whatever tools are popular (wordpress, shitty plugins, etc.) without being aware of the implications
i'd also mention again that i think the effort required to get something like this up and running as far as coding would be rather trivial - essentially a very simple browser ext. that grabs a remote file and prefills a ready-to-send mail
it could be an interesting experiment and, who knows, the result may be surprising
from personal-security-checklist.
i wouldn't necessarily disagree that effectiveness would be between 0 and near 0 if Big Tech were the target, but that's not really what i had in mind - i'm more interested in blogs, alternative social platforms, sites that focus on free software, personal site, wordpress sites, etc. - a lot of these kinds of sites aren't interested in monetizing data, but the admin, who could be a total novice, is just using whatever tools are popular (wordpress, shitty plugins, etc.) without being aware of the implications
Hi @atomGit :)
The problem with those, i.e. private blogs, Wordpress, etc., is that the people using these wouldn't know what to do about it. Even when/if you suggest replacements, migrating a website from product A to product B for at non-tech person is often a daunting/time consuming task.
I personally know a lot of small business that just use Wordpress for blogging, and they know absolutely ZERO about any of this. They managed to get it installed and that's about it.
from personal-security-checklist.
I personally know a lot of small business that just use Wordpress for blogging, and they know absolutely ZERO about any of this.
that's where this part comes in...
if the user lands on a blacklisted site, they are non-intrusively prompted to send a pre-filled mail to the site owner/admin/contact/author/etc. which contains concerns with the site (privacy, security, etc.) and information as to possible solutions
i agree that a lot of these administrates are technically challenged (so am i) and i gave that a little bit of thought when i outlined all this - i think friendly, concise suggestions and a willingness to help could go a long way
from personal-security-checklist.
Related Issues (20)
- [AMENDMENT] A little error in the README.MD
- Broken hyperlinks in README.md HOT 1
- ~ 50 broken links in other md files HOT 1
- [REMOVAL] Information about Silence
- [REMOVAL] Disable WebRTC
- [AMENDMENT] Disable WebRTC
- [ADDITION] Add Information about PassKeys (with Apple, Microsoft, Google, Github etc)
- how to fork as github page HOT 1
- [ADDITION] altTech web directory
- [AMENDMENT] Invisible Hyperlinks HOT 2
- [AMENDMENT] DNS-over-HTTPS vs DNS-over-TLS
- [AMENDMENT] Missing links re. third-part cookies
- [REMOVAL] Change your Router's Default IP
- [AMENDMENT] Harmonize wording: "recommended", "basic", "essential" HOT 1
- [AMENDMENT] is the "Spoofing GPS" advise suggesting something illegal? HOT 2
- [AMENDMENT] Ability to edit unclear/not working HOT 5
- Noob is looking for the help!
- 404 Issue in self running copy - no checklists working.
- digital-defense.io - gorgeous!
- My check list
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from personal-security-checklist.