An Increasingly User-Hostile Web

This post is the first in a series linking to interesting articles or papers. The bare links will be paired with some background on why I think they are relevant for someone else also. The installments of the series will be easily discernible by the "Too Many Books To Read" xkcd comic.

The idea for such a series materialized after reading Against an Increasingly User-Hostile Web that I noticed on the Hacker News newsletter.

Although most of the content of the article wasn't really news to me, I found the focus and historical context of the article to be very well suited to ponder the state of the web today. Admittedly I never had a Facebook account as the "walled garden" aspect of such a service contradicted the decentralized web that I witnessed first hand during the 1990s and which kept me away from it right from the start. Also the way how Facebook sells private information of "clients" for a lot of money to third-parties made signing up a no-go right from the start. In this case certainly the saying that "if you are not paying for a service then you are the product" is spot on, but maybe that's a topic for another post.

I did however use Google+ for a while to find out what such a platform is capable of and if I can benefit from it. Being in possession of an Android mobile phone, the account was already there and thus the barrier to using it was very low. During three years of using Google+ I found the possibility to publish content limited in size to be very attractive. Compared to the effort of maintaining a web site typing in something into the web-browser to be immediately published was much easier and thus used also for smaller things. Still the feedback that was also readily available in contrast to a web site of 90s style showed that there was _some_ interest even for those small pieces.

Google+ became unbearable end of 2016 as I got more and more "suggestions" of openly xenophobic content. At the beginning I tried countering this by reporting what I considered to be offensive postings, but in the end I simply gave up on it altogether. The fact that I could not control my own content nor easily transfer it to a different platform added to my dissatisfaction and finally resulted in starting this blog under my own full control.

Back to the article, I found the analysis of a renowned news site on the internet astonishing in its detail. With the help of the webbkoll web privacy check tool the author shows that visiting a single news page initiated 430 third-party requests that were handled by parties not authorized by the person reading the content. These connections are not even easily visible to the user.

I was prepared for a handful of such requests or maybe a couple dozen, but 430 was beyond my imagination. As the tool is readily usable on the internet, I quickly ran a check on Heise which I visit quite regularly. The analysis shows that it also initiated 369 third-party requests to a whopping 56 third-party entities. This result made me think a lot and ponder the current situation somewhat further.

In contrast to the web checker tool, I do visit www.heise.de with the Firefox Browser and the Adblock Plus extension installed to block the advertisements. As I do not want to read intrusive adverts and as it has a significant influence on the page load speed, installing this Add-on was usually the first thing after installing Firefox on my or any other machine. I will be discussing the advertisement business model some pages are based on nowadays separately in a later post. For now I now wondered if Adblock Plus also blocks those third-party requests possibly conveying much more information than needed for the sake of presenting advertisements to me. Together with third-party cookies those connections can indeed communicate all of the browsing meta-data to entities that I do not know, nor want to collect personal data from me.

Now if you belong to the large group of persons who believe that meta-data is not such a big deal, a presentation that I ran across recently may lead you to reconsider. The blog SpiegelMining shows what modern data analysis can read out of pure meta-data. If you are interested, then the nice video of a talk given by David Kriesel at 33c3 (German only) gives a nice introduction to the topic and is absolutely worth watching.

In this light I tried to find out in more detail what Adblock Plus is doing and quickly ran across the uBlock Origin Firefox Add-On. As the homepage explains, uBlock Origin "is a wide-spectrum blocker that happens to be able to function as a mere ad blocker". Coupled with the better efficiency this chimed so well with my research that it was a straightforward process to switch all my Firefox installations over to uBlock Origin.

Finally checking this blog with webbkoll reminded me that I am also not 100% clean with respect to the privacy of my visitors. Using Disqus for the comments indeed has the potential to transmit meta-data. Also only by the help of webbkoll I realized that the selected theme for Nikola requests a font every time the page is visited. In conjunction with the "HTTP referrer" header this can also potentially be used for tracking purposes.

For now, I will simply acknowledge this, but maybe this can be changed in the future. Let's see.

Update 2018-01-14: Moving the Piwik (now called Matomo) analytics to a sibling domain cleared the false positive previously reported by webbkoll on the blog, so the last paragraph was adapted to that change.