đź”– Bookmarked: How to move from Chrome to another browser

“Despite some new improvements to user privacy, Google’s popular Chrome browser has recently been lambasted in some quarters as problematical when it comes to privacy issues. These same articles suggest that if you’re concerned about the security of your data, you should try an alternative browser, such as Firefox, Safari, or Brave.”

Make the switch. I’ve been using Firefox for several months, and I couldn’t go back now.

Weaponizing Your Website, on YouTube
Speaker: Jennifer Hill There is a war a raging in our cyberworld and it is time for you to join the resistance. Cambridge Analytica stealing Facebook user’s data, white supremacists getting verified on Twitter, and child pornography on Instagram. The list of atrocities continues. We as technologists know the inner workings of social media platforms more than anybody. We see the hypocrisy and the evil of social media platforms in a way that most people do not. It is time for us to awaken from our passivity and take a stance against our corporate social media overlords. Weaponizing Your Website will give you ideas, or ammunition, to fight against our broken social media world. This bootcamp will include learning how to utilize the strongest weapons in your stockpile; your voice and your website. With me, Jenn Hill, a University of Mary Washington student, at the helm I will prepare you for taking up arms and battling the corporate social media tyrants.

Thanks to Kicks for linking to this.

đź”– Bookmarked: Feminist Internet

“The internet holds huge potential for liberation and political transformation. However many of society’s inequalities are encoded in its structures, processes and communities. Whether it’s digital platforms allowing online abuse against women, lack of workforce diversity in the tech sector, biased data collection reinforcing privileges or sexist naming of subservient chatbots, there are many issues to address. Feminist Internet is here to intervene and ensure an equal and just internet for all.”

đź“– Read: The kid from "David After Dentist" is headed to college (Vox)

“Here’s how going viral changed his life.”

Vox

The type of internet fame that David experienced — mostly supportive, humorous, and even sweet — is emblematic of the 2000s. This was the cusp of the social media era, when people regularly posted their earnest feelings on Facebook and being in someone’s Top Eight on MySpace still connoted close friendship. But the online conversation has soured since then, and blowback can be crueler. Now, in the age of doxing, trolls, and brutal Twitter takedowns, is it possible to escape viral fame so unscathed?

Quoting: A Century Ago We Killed The Radio Commons; Don't Let The EU Do That To The Internet

“The very structure of Article 13 makes this clear. The demand that everything must be “licensed” on internet platforms makes no sense. Do you “license” content in order to communicate with your friends? Do you license a song to sing? Do you license it when you quote from a book? Licensing is not necessary for communication — it is only necessary for “broadcast.” This is the core problem that the legacy gatekeepers have with the internet. It’s a communications medium, and they come from the broadcast era. Their entire structure is built off of licensing to broadcasters. And rather than recognize that everything has changed, their only play is to try to shove the internet into a similar broadcast structure. “

an author (Techdirt.)

Listened: Crying Wolf Over Conservative Censorship

“You’ve heard the uproar — conservatives are being censored on social media! But… are they? The short answer is no. The long answer is this week’s podcast, with Lincoln Network policy head Zach Graves joining us for a discussion about the misinformation, hyperbole and general ridiculousness surrounding supposed social media bias.”

The algorithm-driven Instagram feed was rolled out a while ago, but it’s only recently I’ve noticed much of a difference. Unfortunately the difference, particularly in the last couple of weeks, has been increasingly negative. So much so I really wish there was a way to opt-out!

Basically it comes down to I’m not seeing what I want to see at the time I want to see it, often leading me to just close the app after scrolling down a little bit. So as a way of “increasing engagement” it utterly fails.

A trivial example: I follow WWE on Instagram. Every Monday and Tuesday night, they post 6-12 photos from the goings on at Monday Night Raw, and Smackdown Live. Every Tuesday/Wednesday morning, I would like to open up Instagram and be able to scroll through to see what happened. This used to work, but some time in the last few weeks it changed so these photos show up randomly in my feed over the next 2-4 days – after I’ve already got the information from other sources, and definitely past the point I want the photos to show up at the top. The photos never show in chronological order, and never show as a batch of more than 1-2 at a time.

For the accounts I follow who aren’t “brands” (i.e. friends, shared interest accounts, etc), often it’s the people I like or comment on the least who appear near the top, and often the most trite, uninteresting photos they’ve posted. Why show me the video of a friend’s baby’s adorable first laugh, another friend’s stunning macro photography, or a popular post from an interest account, when 4 out of 6 of the photos at the top of my feed are meme nonsense? With the other 2 being drinks/food from someone’s night out 3 days ago?

Is it just me? I don’t think so, but maybe it’s just particularly bad on my feed? What’re your experiences with Instagram lately?

So after the preamble, which should give you a frame of reference to what I’m aiming to do in this mini-series of posts about improving my online privacy and security, this short post will talk about the first steps I’m taking to tighten everything up. As this is all at the very beginning of my learning journey, all of these might change in the future. If they do, I will update the post and add a comment below.

In this post I look at two of the fundamentals of privacy on the web: the web browser and search engine. I’m mainly looking at the desktop for now, rather than mobile, mainly because it’s simpler to focus on one thing while I wrap my head around this stuff!

A Change of Browser

I’ve been using Chrome for years, after it usurped Firefox as the “fast, alternative” browser for Windows. These days, Chrome has become seriously bloated – it’s routinely consuming multiple gigabytes of RAM on my desktop. It may be (usually) fast despite of that, but it slows the rest of the computer. What’s more, it’s so deeply wired into Google’s ecosystem that it’s arguably as much a data hoover for Google as it is a browser.

So I was in the market for a new browser to begin with, and I was looking into alternatives like Chromium or Opera. But once I started diving into things a bit more, pretty much every recommendation for privacy-minded software recommended good-old Firefox, so that’s what I’ve gone with. I followed the configuration guide at PrivacyTools.io, as well as:

  • Turn on Do Not Track
  • Set Firefox to never remember my browsing/download/search/form history
  • Never accept third-party cookies
  • Only keep cookies until I close the browser
  • Never remember logins for sites
  • Turned off Firefox Health Report, Telemetry, and Crash Reporter

Extensions

Most of the extensions I had installed in Chrome were privacy-minded anyway, so were equally applicable to Firefox. Some additions came recommended. At the moment I am using the following:

Mobile

The situation on mobile (in my case, iOS) is a bit less clear. For now I’m not using the Chrome iOS app, reverting to Safari with the addition of a content blocker.

Downsides

The biggest issue with the above setup is it removes a few conveniences: remembering pinned tabs between browser sessions; having to login to websites every time you visit; having to retrace your steps to find a page in the future, if you don’t bookmark it at the time… that sort of thing. I might do a little tuning on this, relaxing the settings a little, but overall I think this might be one of those things that I need to live with.

A Change of Search Engine

Apart from a brief flirtation with DuckDuckGo a few years back, I’ve always used Google as my search engine. It’s constantly been the most reliable, fastest, and all-round best at what it does.

Even so, I’ve never been 100% happy with the fact that Google collects just about every data point they can, that it’s all wrapped up in your Google account, linked to everything you do in their other services, and made available for advertisement targetting (amongst who knows how many other things). As someone who’s had a Gmail account since they were invite only, I know Google has a fucktonne of data on me already; the genie is well and truly out of the bottle in that regard.

That doesn’t mean I can’t stop giving them more data. Sure, they’ll get the odd bit here and there when I use YouTube, or the odd email that hits my old, pretty much unused Gmail account, but that’s really it – if I change my search engine to somewhere else.

The obvious thing to do would be to revert back to DuckDuckGo, as I already have experience of it, and it’s accurate enough… but I wanted to try something different for the moment, while I’m still in the learning phase of this little project.

I tried all the recommendations at PrivacyTools.io. Searx generally gave me terrible results, but is an interesting idea; Qwant gave me some decent web results, but the included News results were mostly irrelevant, and I couldn’t find a way to turn these off. StartPage had been recommended in other places too, and overall was the best performing of the bunch – possibly not surprising, as it’s effectively a proxy for Google search, so seems like a win-win in this case. For now, I’ve set it as the default search engine in Firefox.

Mobile

For searches on my iPhone, I’ve set the default search engine to DuckDuckGo, as it’s the best of those available.

In 2017 I’m trying to be be a bit more privacy and security-minded when using the web (on all devices). I’ve been increasingly interested in these areas for a few years, and especially since the Snowden revelations, and recent events like the IP Bill, aka the “Snoopers Charter,” in the UK have pushed me further towards them. Over the next few weeks I’m going to look into (and try to document here) various things I can do to increase my security, decrease the amount of information applications and services can collect on me, and generally “take back control” of my online privacy.

I work in the tech industry, I’m fairly conscious about this stuff, and understand a few of the elements and technologies, but it’s really a very basic understanding. What I do know might be out of date. At this stage it might be too little too late… right now I don’t really know.

Upfront: I fully recognise that if the police/MI5/NSA/FSB/whoever really wanted my data, nothing I could do would be able to stop them.

security

Also upfront: even with that in mind, whatever I put in place won’t be considered “perfect.” What I’m looking to do is balance convenience, practicality, and security. If something is too difficult or fiddly to use, it will end up not being used.

Thinking specifically about the IP Bill, far too many agencies for my liking will have complete, unfettered access to what I get up to on the internet. Beyond that one example, the amount of web ad trackers we have to contend with nowadays is snowballing, as are the services amassing data to pay for those “free” apps we enjoy.

While it might be that none of these data collectors have nefarious purposes in mind (if you’re trusting), data security breaches are becoming bigger and more frequent. Data being stored is likely to leak or be stolen at some point, so the best you can hope for is to limit the amount of potentially harmful data1 being held.

On a lighter note, here’s a great spoof from Cassetteboy about the IP Bill

So all this is a bit of a long-winded preamble to saying look out for the future posts where I talk about what I have learned, how I’m applying it, any recommendations I have, and how you can do the same. The first post on some of the basics, and links to reading materials will be coming today/tomorrow. In the meantime, are there any tips or good sources you’ve come across? Feel free to share in the comments.


  1. Insert definition of what you would consider “harmful data if leaked” 

Winamp shutdown yesterday. Even though I hadn’t used it in years, this makes me a little sad, as Winamp was iconic. It was a hero of the early world-wide web, helping to kick-start the internet music age for a great many people like myself.

Winamp1.006

I first discovered Winamp around 14 years ago, during my first year at university. Back then, you could run Winamp from any old folder without installing it, so everyone used to have a copy in their network profile. This was the early days… MP3s were still a rarity here in the UK, so you would listen mainly to CDs (Windows Media Player was a world of suck on Windows NT), or the 2-3 MP3s you had downloaded from Napster.

As time went on, MP3s became more and more common, and Winamp became the defacto music player for a lot of people. Imitators sprung-up elsewhere. It was small, customisable, and with plugins was able to do almost anything – like managing an MP3 Player, if you were the early-adopter who splashed out a few hundred for one of the early, pre-iPod devices. Ahem.

Then the iPod happened, and with it, iTunes. Once iTunes for Windows hit, that was the end of Winamp’s glory days. Owned by AOL, it sank into irrelevance. Full-blown music library management, with integrated store and device management, was the order of the day – all things Winamp was woeful at, even with plugins – relegating Winamp to a niche of nostalgia and a small number of users who couldn’t do with out some feature or other. Winamp 3 was a mess, Winamp 5.5 moved away from the minimal UI. There was even an Android version. It was terrible.

By that time, we had all moved to streaming music services. Why store gigabytes of music files on your computer, when someone else can do it for you, and high-speed access is increasingly common? The need for an application like Winamp was increasingly shrinking. At least Spotify has honoured your legacy by releasing Spotiamp.

spotiamp

And so yesterday, Winamp ceased to be. The site is still there, and for now at least, it seems you can still download v5.666… but that will be turned off soon.

So long, Winamp. You really whipped that ass for as long as you could.

For someone who’s primarily a developer/support person, I spend a lot of time setting up and configuring – or fixing – servers. I guess this came from an eagerness to learn and I got tarred with the “Linux/Server” Guy brushes at some point!

My interest in Operations has had an uptick again recently, so I’ve been doing a bit of reading of late. This morning, while waiting on news about some work-related activities I’ve come across a couple of interesting articles:

My First 5 Minutes On A Server; Or, Essential Security for Linux Servers by Brian Kennedy is a fantastic little quick-start for securing a Linux server. It’s not everything you need to do, but as noted in the article, it sets the foundations for a secure server which is easy to keep secure. Do these steps first, then go about securing any additional services you need to run.

One thing I’ve been wondering about, is setting up my own email system, rather than run on Google Apps. As convenient as the Google platform is, I do sometimes think I’m trusting them with a bit too much of my information. Recent revelations about the NSA/GCHQ, PRISM, and whatever-comes-next, from Edward Snowden haven’t done much to allay those worries.

But Google Apps is convenient. It wraps my mail, calander, contacts, and many other things into a nice package that is available everywhere and syncs across platform, with Push notifications, search, and other modern conveniences… but never the less, I’ve been thinking about how I could move away from the “Do-No-Evil” Empire, which is why Drew Crawford’s excellent, in-depth article “NSA-proof your e-mail in 2 hours” was a great find. I might spin up an instance on my dormant Joyent account and give it a try on one of my spare domains, so I can evaluate the process and benefits before deciding on moving my primary mail domain.

Other topics which have crossed my path this weekend are system configuration, maintenance, and automation using tools such as Chef and Puppet. The idea of taking a known-good environment and replicating it with just a few commands is definitely appealing – particularly when it comes to tasks such as setting up development/test environments! I haven’t gone too far into these topics yet, but I’m hoping to find the time in the next few weeks to go through some of the articles I’ve found.

My Deactivated Facebook Profile

On Thursday night I deactivated my Facebook account. It’s something I’d been considering for a while, as I’ve found using Facebook lately to be less a useful “checking up on friends and family” thing, and more something slightly depressingly monotonous which I continue to do out of sheer force of habit. It just so happened on Thursday there was a trigger which finally led me to push the button.

I admit, for a moment, I did consider deleting the account full-stop. Deleting you Facebook account is notoriously difficult to achieve. It seems to have gotten better and easier over the last couple of years, even before you consider services such as the new JustDelete.me.

For better or worse I decided that in all likelihood I would return to using Facebook one day… that this was just a temporary hiatus to give me space to clear my head. So, as the title of the post indicates, here came the hard part.

The process of deactivating your account in itself is “reasonably” straight-forward: Go to Account Settings > Security, then click the small link under the main list of options. Facebook will first try to emotionally twist your arm into staying, by showing big profile pictures of some of your friends. It’ll ask you why you’re leaving, then ask for your password, and then, just to be sure you really, really, really do want to deactivate, present you with a CAPTCHA image for verification. So far so simple. The difficulty comes in staying deactivated.

Deactivation only lasts so long as you stay logged out of your Facebook account. Log back in for whatever reason and it’s instantly reactivated again. Fine, just stay logged out then? OK, consider how many sites, services, even apps on your phone connect with Facebook, or even use it as their user login mechanism (the “Facebook Platform”). My iPad is logged in and connected to Facebook at the OS level, never mind using an app. Now factor in how many other computers you might be logged into Facebook using – often this could be 2 or more (say, home plus work). In my case I had to unlink iOS on my iPad from Facebook; uninstall the Facebook app from both the iPad and my phone; uninstall the Facebook Messenger app from my phone; logout from Facebook on my work laptop and some browser sessions on my iPad; change my OpenID settings on StackOverflow; and log out/change settings on a few other sites and apps… All so I could be as sure as possible my account wouldn’t spontaneously reactivate itself. There’s probably some that I’ve missed, so chances are I’ll need to deactivate again at some point.

I’m not (entirely) blaming Facebook for this though. Facebook has had to grow, and has done so by spreading itself across the web, to be more than just a profile and social stream. By wanting to opt-out of a profile for a while, I can no longer “like” an interesting blog article; I can’t try out that buzz-worthy new service or app that relies on logging in using Facebook; I can’t click that link to the apparently-hilarious cat meme my workmate just posted… OK, I’m not really going to be bothered by that last one, but you get the idea… there are now certain things – increasingly common things – I can’t do on the web any more, just by wanting out of Facebook for a while.