Kartones Blog

Be the change you wanna see in this world

Protecting your online privacy

20 January 2015

I came across on this post from William Durand about how to maintain your privacy and I said "uhm, is kind like me but I can provide an additional level or two of paranoia", so here goes my point of view.

Just a few notes to not repeat later:

  • I don't plan to fully remove Google from the stack. I try to give it too much info but I've come to terms with myself about leaking some data as I really like some of their services. It's an evil I can live with for the time being.
  • I have a history of not liking IM/chat applications nor social networks. I installed MSN Messenger at university because I had no alternative and left it years before its shutdown, never used GTalk much, was reluctant to create a Facebook account and never used it very actively.
  • I prefer to talk with people in person. With a beer, a refreshment, whatever, but I get quickly tired of talking by the phone, chats stress me, and I usually have all whatsapp groups muted to read them when I have time.
  • I don't have push notifications, except for auto-updated apps (I want to know if something breaks for a reason). It's a powerful tool but I don't want my phone to control my life and/or time.
  • A few of the tools and extensions are thanks to my friend Lobo666, as he has a quite different view to how internet should work and he's always searching for ways to "adapt it" to his liking.

 

Basic privacy control

  • 127.0.0.1 some hostnames: "nulling" domains from the hosts file is nice for blocking Facebook Connect, Disqus, AdWords, Google Analytics and other "sevices".
  • µBlock & µMatrix: Once you install µMatrix you really see the (frightening) reality of how many cookies, scripts and 3rd party services most websites have (and you can now block). µBlock is quite good also for privacy control filters, not only advertisement. Ghostery is not bad and an easier alternative, but not as powerful for advanced users.
  • Disabling AdvertisementId on mobile phones: Both iPhone (Protect My Privacy is a must for iOS if you jailbreak it) and Android (at Google Settings app, Ads section you in theory can disable sending the id). I also have an ever-growing "mobile hosts file" with hundreds of urls of common advertisement domains and platforms.
  • Firewall all the things: Both in computers and mobile phones. On iOS again via jailbreak only but at least it's possible. The amount of tracking services available is staggering (especially on games, but present everywhere), a firewall allows to disable all those flurry analytics, apparent crash report entrypoints and the like. It's a bit tiring at first (while you "educate" the firewall with which hostnames to block or let pass) but pays off.
  • Disable Google history whenever possible: Search, Gtalk, Maps, Youtube, Chrome autofill and DNS prefetching...
  • Use DuckDuckGo: I switched to it around a year ago and I'm pretty happy. I keep a Google shorcut also for some searches, as for example at image search Google performs better regarding accuracy.
  • Fake email addresses for not important services: www.guerrillamail.com and the like are perfect for this job.
  • Clear your IM: I only use Whatsapp for personal messaging, and I don't do backups nor send the "read state". I also clear conversations on the phone from time to time.
  • Use Box instead of Dropbox: Because I'd rather lose "cool features" (not many really, they're pretty similar) and not support such disgusting people related to Dropbox. Also Dropbox has a history of security issues.
  • Try to avoid iTunes and iCloud: iCloud's security issues apart, I don't trust Apple a bit so I directly don't use iCloud for anything. I still have to rely on iTunes for my iPad, but I have also almost everything disabled on it. It's just a big fat and ugly synchronizer desktop virus application.

 

Paranoid privacy control

Here's when I get crazy according to my friends, so I understand no everybody would do any or all of this actions.

  • Delete 3rd party cookies, LocalStorage and browser Cache frequently: µBlock allows to delete them after X minutes. This is quite good for some dirty tracking cookies and techniques that might have slipt the filters.
  • Fully disable Flash: I have it disabled at Chrome, and have Firefox in private mode if I must see something that doesn't provides HTML5 fallback. Flash allows some persistant tracking techniques.
  • Delete all email yearly: Previous local backup if you want. In my case, I backup using Outlook and in .PST files classified by year. Google allows to export emails too from Google Takeout. If I need something old, I turn on the virtual machine where I have Outlook with all my email history and search it (quite unusual scenario, for me at least).
  • Delete past calendar events: I don't like giving that sort of "life history" on my calendar, as I'm a heavy GCal user (due to being terrible remembering more than a few pending tasks).
  • Delete all tweets older than 7 days: Nobody records me when I talk in person, right? So why keeping a long-lasting record of all the stupid things I say over twitter? A nice script deletes all older ones, as I don't need a backup. I assume they get just logically deleted (marked as removed but that's all) but it's better than nothing.
  • Delete all instagram photos older than 90 days: I had Google Picasa and deleted everything, now I like Instagram but not so much how they keep hold on your photos. You can't delete them from the website nor from the API, so I have a dumb script that just opens "old photos" in my browser when run so I know which ones are due removal from the mobile phone app.
  • Use as few social networks as possible: My G+ is empty (required for some Google services), and after a few years using other social networks I ended up deleting their accounts, like Facebook (I also tried to remove old content from them via JS scripts, but got tired after a while). In a social network your data is the product. Data that also at the most gets really deleted after a few years (if even really removed), because due to law requirements has to be kept for a while, so is simply a matter of not writing anything so you don't need to care about removing it.
  • Never use a service that only provides Facebook Connect: If a site or service forces me to use FB Connect it is almost always to steal my contacts so I'm not willing to do that. And now I simply cant as I no longer have an account.
  • Don't use "smart services": I never used Google Now, Inbox or similar services or applications that build an even more advanced profile of my data and life to "bring suggestions and help me". I'm ok helping myself the way I do things, thanks.
  • Fake all registration data for non-essential services: I actually read some Terms of Service, and they are sometimes like horror movies, so as I can only apply a boolean accept/refuse action, combining fake data and disposable emails is my "I only partially accept your ToS".
  • Don't install mobile applications if there's a web alternative: I carefully check which permissions a mobile app asks me to grant it and many times they're excessive. Also it is not always easy to block tracking from apps (I've had app crashes after firewalling some analytics domains), so I prefer to rely on the (most times) fantastic HTML5 alternatives.

Proposals for 2015

27 December 2014
  • Code more: Except small experiments and unplanned blogs migration (and cascaded custom extension needs I had to build), I've been mainly focused on work-related coding. Not a bad thing itself, but I want to do something not web related in my spare time.
  • Learn more: But not only about development. Studies help adding some variety but I want broader areas.
  • Read more: I inherited from my father hundreds of sci-fi books, plus my personal collection and my beloved Kindle. I love watching films and playing videogames but I miss more reading.
  • Talk more: But applying the nice sentence "improve silence".
  • Help more: New rule I imposed this 2014: each salary rise or additional income, additional help I provide. If I can't spend time or effort I'll at least spend money. The world is already too fucked up to look away.
  • Socialize more: In the "old, traditional way": in person, talking and, if possible, having a beer. 2014 was also the year of deleting social networks (all but Twitter and Instagram *).
  • Live more by my ideals: It's impossible to avoid all unethical and disrespectful companies but if I can get rid of as many of them as possible I'll sleep better.

 

* : Not exactly true as I deleted my G+ account to then find that some Google services require it, so I had to create it again... but is empty and unused.

You don't always need jQuery

07 December 2014

Update #1: Added .addEventListener alternative to .onclick to keep existing handlers. Thanks @JohnHackworth.

Update #2: Added an excellent and way more complete reference at the end.


Disclaimer: Pretty introductory Javascript follows. If you were looking for advanced tips, migration techniques and the like, go somewhere else.


It's been at least one year since I last touched client-side javascript. Back then, we were quite pragmatic and relied on jQuery for most Javascript tasks; it's easy, quite well documented and has really good maintenance, bugfixing and updates. But I was also either using it or ZeptoJS even for tiny personal projects, so the other day I thought: "maybe vanilla Javascript and its query selectors are enough for simple tasks".

Chrome and Firefox have always been quite fast adopting changes, but the burden of Internet Explorer was everpresent. Now that everything below IE8 (and soon IE9) is considered not worth the effort and even mobile phones ar on par, I decided to do some small tests. And my results cannot be more satisfying... For trivial stuff you no longer need to rely on jQuery at all.

I'll simply provide four small code examples to summarize the scenarios I had to change: Clicking things, attaching events (with and without delegation/bubbling up), selecting N items and showing/hiding nodes. There are many scenarios where jQuery is of use or maybe not so easily replaceable, but for quick PoCs, pet projects and internal tools... .

 

Click on a node

jQuery

$("myId").click();

Vanilla

document.getElementById("myId").click();

 

Show/Hide

jQuery

function ToggleSection(eventData) {
  $("p").each(function (index) {
      $(this).hide();
  });
    $("s" + eventData.currentTarget.id).show();
}

Vanilla

function ToggleSection(eventData) {
  var i, len, $p = document.querySelectorAll("p");
  for (i = 0, len = $p.length; i < len; i++) {
    $p[i].style.display = 'none';
  }
  document.getElementById("s" + eventData.target.id).style.display = 'block';
}

 

Attach event handlers

jQuery

$("h3").each.on("click", ToggleSelection);

Vanilla

var i, len, $h3 = document.querySelectorAll("h3");
for (i = 0, len = $h3.length; i < len; i++) {
  // Option A: Overriding previous handlers
  // $h3[i].onclick = ToggleSection;
  // Option B: Adding a handler keeping existing ones
  $h3[i].addEventListener("click", ToggleSection);
}

 

Attach event handlers (event delegation)

jQuery

$("bookmarks").on("click", "h3", ToggleSelection);

Vanilla

document.getElementById("bookmarks").onclick = function(eventData) {
  var target;
  eventData = eventData || event;
  target = eventData.target || eventData.srcElement;
  if (target.nodeName == 'H3') {
    ToggleSection(eventData);
    return false;
  } else {
    return;
  }
};

 

I have ommited other query selectors and additional properties but Mozilla Developer Network has really good documentation for them.

This post series also have much more detailed guides of migrating from jQuery.