for creating invidious links

  • 23 Posts
Joined 1Y ago
Cake day: May 17, 2020


yeah that’s pretty shite. this was originally posted on slashdot, but I’m going to take it down in light of this. thanks.

Without guessing who is most responsible, it seems like a logical conclusion of internet tracking capabilities is for it to be taken to the extreme before realising something profound like total surveillance is no surveillance or whatever the enlightenment is.

This “Why scientists don’t actually know if social media is bad for you” just came across my RSS [1]. I don’t agree with it, but its helpful to know what you are up against. It came through the Oxford International feed (Mozilla’s Mitchell Baker is an advisor to them). It was written by Oxford International researcher Prof Andrew Przybylski for BBC Science Focus.

But that doesn’t stop people claiming that cyberbullying causes suicides, even though there’s no evidence to prove it. You look at reasons why young people take their lives and it’s test scores or exams, it’s someone close to them taking their own life or it’s drug- and alcohol-related. Those are the three main attributable causes. There’s no evidence that social media is part of any of them.

Now, I can either adopt false confidence and tell you social media might be a problem (and possibly drop the word ‘might’ for greater impact – and there’s an entire cottage industry that tries to do that) or I can be honest with you and say I don’t know because scientists like us can’t see over the walls of the social media companies.

Whether you’re a grown up or a kid, ask yourself why you’re using social media. Is it because you want to, or because you feel you have to? It doesn’t necessarily matter how much time you spend ‘doomscrolling’ on Twitter or dancing on TikTok, but if you’re doing it because you feel you have to and it’s making you unhappy, you may want to try and stop.

  1. Why scientists don’t actually know if social media is bad for you:

The fingerprinting implications are not good no matter whether a site opts out or not. Theoretical protection against fingerprinting relies on a fairly ridiculous notion of Privacy Sandbox which seems easily skirted. Things like Trade Desk Unified ID combined with cohort ID actually makes FLoC privacy negative as it gives another data point to add to your already known identity.

The point is that the only way for a site to opt out of participating is by using this W3C ordained way. It basically useless for end users but necessary for sites who don’t want to participate in the program.

Google’s point is that all this and more is already going on with 3rd party system so why don’t we make this other crappy system which consolidates control further in their hands.

It’s not misinformation however to provide to site operators information about how to opt-out of participation.

I had a chance to read over the full article and its links. Here’s my conclusion:

  1. As stated in your piece, during the “Origin Trial” Google will use those who have enabled ads on their site.

However, this is not true imo:

If your website does not include JS that calls document.interestCohort(), it will not leverage Google’s FLoC. Explicitly opting out will not change this.

This will stop you from participating on the client side of FLoC, not the server-side. Server side categorization for sites with ads is where this Permissions action is aimed at. What this is saying is that if an ad tries to get a cohort id from an opted-out site, it will receive a meaningless default value. This knowledge is for the benefit of advertisers, not webmasters.

  1. The article basically says, it doesn’t matter anyway because the impact judged by the author to be insignificant:

This may or may not reduce the entropy gained by a FLoC ID, depending on how well or poorly your site serves as an identifier. Given this marginal improvement, I don’t think it’s right to place a burden or blame on webmasters when the burden and blame should rightfully be directed at those responsible for rolling this antifeature out in Chromium. We shouldn’t expect webmasters to add a tag or header every time Google advances the war against its own users

However, being categorized as a frequent visitor of Free and Open Source Software (think of being put in the Stallman cohort) may well be significant for advertisers, authorities, creditors and so on.

  1. This has happened before (DNT)

While DNT isn’t a great success, the number of companies who could face legal repercussions for ignoring this round of protections is quite small and risk could be quite large.

  1. Breathe

Agreed. This is no cause for mass hysteria, but lets get the information out there so webmasters can make informed choices (setting a Permissions Policy is the best option for those who do not want their content to included, especially as Google moves from Origin Trial into full on deployment and other browser vendors start to adopt the scheme).

Thanks I am out and about now, will read it.

Are you sure this issue is not about webmaster excluding their content from floc categorisation vs tracking their users via the cohort script? I will look at it later but it seems like two different though related issues.

Have you checked your bios settings for boot options? On mine I have 3 different options: fast boot, thorough and auto along with a couple for delays.

an interesting discussion on PaleMoon blocking AdNauseam wherever one falls on the issue. I don’t use palemoon or adnauseum but I’m not sure everybody that runs ads needs to deal with programmatic harm from visitors. if blocking ads isn’t enough, one might be hardcore enough to boycott the site altogether and add it to your hosts file.

Possibly realted: Your Smart TV is probably ignoring your PiHole

Fortunately, with a few simple firewall rules, you can intercept these hardcoded DNS queries and redirect them to your PiHole. These instructions are for pfSense, however you should be able to adapt them for Sophos XG, Ubiquiti EdgeRouter, etc

The point is that they are still going to do it anyway through things like Unified ID, Turtledove (outside scope of FLoC) so while we can object to the latest thing in the media, how would we propose they do it? If nobody cares then they have a bag of tricks full of worse measures waiting in the wings.

Just a note that this is for the android project. The original linux project is ongoing (

That would be interesing if an ad platforms focused on site by content category, so someone selling graphics cards would buy spots from google or facebook, etc to be placed on a specific site like videogameenthusiastists dot com or more general site like gizmodo, but the dictionary site who might under 3rd party have known that a visitor is a video game enthusiast will no longer receive the ad placements.

Interesting to think about how all of this will change the web, however it works out.

It could also elicit a so called problem-reaction-solution response where solution brokers propose something not very great either.

This an interesting crossroads in evolution of internet business models.

Privacy advocates, EFF, DDG, and even Google saying they don’t want 3rd party scripts and cookies (hooray)

EFF etc say they also don’t want an alternative where browsers use machine learning to analyse a users browsing history and assign them a potentially invasive label.

Google says this is already happening anyway with the current 3rd party solution, they who you are, what you do online so why not try to make it reasonably private.

So what does Big Privacy want instead? No 3rd parties, no machine generated interest ids. No potential customer data?

How should businesses owners gather market intelligence on their potential customers? How should potential customers signal their interest in new products?

A couple other initiatives that are taking off are Trade Desk Unified ID 2 which attempts to combine enormous surveillance databases with 1st party scripts to achieve a similar level of intelligence collected under the 3rd party cookie model.

What is the best way for the consumer internet to interact with businesses?

Finally, if you can’t find anyone you know in the invitation tree and didn’t author something posted to the site, consider joining the community in the chat room.

This came up recently with regard to who they are testing it on:

Google have announced that they will not make their FLoC (Federated Learning of Cohorts) targeting solution available for origin testing in Europe, mooting plans to trial the technology in the region this month. The decision comes amidst concerns that the method, which forms part of the tech giant’s post-cookie Privacy Sandbox, violates GDPR and the ePrivacy Directive.

The move was announced at a meeting of the Improving Web Advertising Business Group (IWABG) at the World Wide Web Consortium yesterday (23rd March), where Google engineer Michael Kleber admitted that FLoC may be incongruent with EU privacy legislation. A lack of clarity over who will be responsible for controlling and processing data to create the cohorts, as well as the potential use of FLoC IDs and a current uncertainty over whether internet users can feasibly give explicit consent for how their information is used under the technology could put the cookie-replacement on the wrong side of Europe’s key data laws.

Kleber’s statement was later backed-up by a tweet from Chrome product manager Marshall Vale, which said that the search leader will begin a “FLoC origin trial for users in the US and select other countries, and we expect to make FLoC available for testing worldwide at a later date.” Vale was keen to emphasise that FLoC will make it to Europe eventually, writing in a follow-up tweet that Google “are 100% committed to the Privacy Sandbox in Europe.” (

Not a concrete answer, but for me and several others in this distro hopping lemmy thread, a gateway drug into adopting linux was running a VM on a traditional OS. Perhaps identify groups which promote VM trials would be one approach.

Another gateway seems to be use of linux recovery disks where users boot into linux to recover data on a broken installation.

Good, if somewhat idealistic, overview of ActivityPub capabilities across the fediverse…

Google Is Testing Its Controversial New Ad Targeting Tech in Millions

Hopefully nobody here is still using chrome on personal machines, but good to know …

An interesting take on browser extensions which hope to prevent fingerprinting …

NYT says data collection by tech cos should be opt-in

On the heels of Apple’s opt-in tracking policy, NYT is calling for some drastic changes to app defaults. …

The most interesting part to me started here: …

Big Tech Detective (A new browser extension blocks big tech)

Dabbling with ungoogled chromium*, and reading about this extension I decided to give it a shot. Its not in the chrome store so you need to load it manually. I went to DDG and it immediatedly picked up 8 calls to Microsoft. Pretty interesting, though I haven’t looked into what it actually does or if…

Though App Privacy information has been added to Gmail, Google has done so server side and has yet to issue an update to the Gmail app. It has been two months since the Gmail app last saw an update. Earlier in February, the Gmail app was displaying warnings about the app being out of date as it ha… is an easy-to-use webapp for altering image material, in order to make it machine-unreadable. …

Apparently Apple will proxy Safe Browsing Requests to Google to reduce Google’s visibility into iOS users activity. The article doesn’t mention what Apple itself does with the information if users should have a proxy in front of apple too … …

favicon supercookies

This idea may have already been discussed in regards to a recent release of Firefox addressing the issue, but it didn’t come up in my search. …

One of the w3c devs I follow acted on the npm policies repo which I hadn’t seen before. Thought this might be interesting as much attention has been given to GH data collection but not as much npm itself. Not having dug too deep into it, nothing too nefarious stands out but it’s something potentiall…


This is from a year ago, but I didn’t see this level of persistence in gathering telemetry before. I am blocking most mozilla tracking endpoints via host file, but that’s a bit extreme. …

Links not wrapping

On mobile ios some links are not wrapping and are blowing out the width of the page (see attached). If you want me to open an issue in ui let me know but this is probably stupid safari. …

oklinks - a meta-agreggator of popular link sharing sites

I tried an install today and the setup and federation is amazing. seeing that first remote search result pop in was a thrill. …

Safari appears not to accept new CSP on iphone ios

Since the new CSP (great work btw) I have not been able to connect on iOS and was able to do a free cross-browser test on lambdatest dot com. It shows that the websocket api does not show in the CSP directive (see attached screenshots). It basically looks like you would need to modify the connect-sr…

Cover Your Tracks (EFF)

Performs an online test of your browser “to see how well you are protected from tracking and fingerprinting”. …

How to stop Firefox from making automatic connections | Firefox Help

Good information if you are “concerned about the connections Firefox makes to the Internet, especially when those connections are made for no apparent reason”. …