I don't use Google/Facebook for privacy reasons (and their sub-services etc). Haven't used them for ages but noticed that google still loads a lot of domains like analytics etc. This goes for facebook as well.

I now blocked a lot of google/facebook domains through my hosts file.

It's funny to see the amount of DNS requests to those fb/google connected domains nearly go to zero and also the fact that I literally can't load google/facebook anymore!

Dear Telegram, the fact that you're using a service which provides app usage/metrics/analytics kind of is not nice.

"But they've got the right to!"

Of course they do. But, when you advertise yourself as a messaging app focused on privacy, I expect you to behave that way.

And yes, we know your crypto is broken as fuck but that's not the point right now.

Oh and yeah, the next blog item will probably be about Telegram and how not-privacy friendly it is.

Privacy & security violations piss me off. Not to the point that I'll write on devRant about it, but to the point that coworkers get afraid from the bloodthirsty look in my eyes.

I know all startups proclaim this, but the one I work at is kind of industry-disrupting. Think Uber vs taxi drivers... so we have real, malicious enemies.

Yet there's still this mindset of "it won't happen to us" when it comes to data leaks or corporate spying.

Me: "I noticed we are tracking our end users without their consent, and store not just the color of their balls, but also their favorite soup flavor and how often they've cheated on their partner, as plain text in the system for every employee to read"

Various C-randomletter-Os: "Oh wow indubitably most serious indeed! Let's put 2 scrumbag masters on the issue, we will tackle this in a most agile manner! We shall use AI blockchains in the elastic cloud to encrypt those ball-colors!"

NO WHAT I MEANT WAS WHY THE FUCK DO WE EVEN STORE THAT INFORMATION. IT DOES IN NO WAY RELATE TO OUR BUSINESS!

"No reason, just future requirements for our data scientists"

I'M GRABBING A HARDDRIVE SHREDDER, THE DB SERVER GOES FIRST AND YOUR PENIS RIGHT AFTER THAT!

(if it's unclear, ball color was an optimistic euphemism for what boiled down to an analytics value which might as well have been "nigger: yes/no")

Just looked at the anonymous analytics I collect on the security/privacy blog.

No SQL Injection attacks yet (would be useless anyways as I don't use MySQL/MariaDB for the databasing.

Directory Traversal attacks. Really? 🤣

Nice try, guys.

I thought this launch (security/privacy blog) would go smooth:
- analytics fell, except for one thing, apart for yet unknown reasons
- MySQL came with a very weird error which took me like half an hour of research before I hacked my way past it.
- the firewall started to fuck around for no reason, works now though.

Nginx worked without issues though, as well as NetData 😅

Yeah, didn't go as planned :P

Sorry for being late, stuffs came inbetween!

I have done a few privacy rants/posts before but why not another one. @tahnik did one a few days ago so I thought I'd do a new one myself based on his rant.

So, online privacy. Some people say it's entirely dead, that's bullshit. It's up to an individual, though, how far they want to go as for protecting it.

I personally want to retain as much control over my data as possible (this seems to be a weird thing these days for unknown reasons...). That's why I spend quite some time/effort to take precautions, read myself into how to protect my data more and so on.

'Everyone should have the choice of what services they use' - fully agreed, no doubt about that.

I just find one thing problematic. Some services/companies handle data in a way or have certain business models which takes the control which some people want/have over their data away when you communicate with someone using that service.

Some people (like me) don't want anything to do with google but even when I want to email my best fucking friend, I lose the control over that email data since he uses gmail.

So, when someone chooses to use gmail and I *HAVE* to email them, my choice is gone.

TO BE VERY CLEAR: I'm not blaming that on the users, I'm blaming that on the company/service.

Then for example, google analytics. It's a very good/powerful when you're solely looking at its functions.
I just don't want to be part of their data collection as I don't want to get any data into the google engine.

There's a solution for that: installing an addon in order to opt out.

I'm sorry, WHAT?! --> I <-- have to install an addon in order to opt out of something that is happening on my own motherfucking computer?! What the actual fuck, I don't call that a fucking solution. I'll use Privacy Badger + hosts files to block that instead.

Google vs 'privacy' friendly search engines - I don't trust DDG completely because their backend is closed/not available to the public but I'd rather use them then a search engine which is known to be integrated into PRISM/other surveillance engines by default.

I don't mind the existence of certain services, as long as they don't integrated you with data hungry companies/mass surveillance without you even using their services.

Now lets see how fast the comment section explodes!

Alright so the security blog is coming up soon (as in, days probably) and I'm working hard together with 404response on the privacy site.

I do want to gain some insight into visitor numbers and so on but OF COURSE, commercial/closed source options are a no-go for me!

I am thinking about maybe using Piwik with all the privacy options enabled Also self hosted obviously. What do you guys/gals think?

Just managed to setup a tiny/simple privacy-friendly analytics system.

You basically call an api from your backend with the api key and all the headers you received from the browser (php and Apache or nginx in my case) and the analytics api gets useful stuff out of that data without sacrificing privacy.

I get a little bit more insight into my websites usage and the client isn't sacrificing identifiable information!

I've been wanting to make this fucker for fucking months.

Creating an anonymous analytics system for the security blog and privacy site together with @plusgut!

It's fun to see a very simple API come alive with querying some data :D.

Big thanks to @plusgut for doing the frontend/graphs side on this one!

I feel I should open a github repo, for people to contribute privacy policy parts into, have say folders like "google analytics" and then whenever people encounter those in the wild, add examples there, so people could fetch together a full privacy policy for free, as all those new cashgrab websites are just fucking insane. But I am not really sure, if that would find any contributors tbh sadly.

P.S: I seem to have developed now a third sense, when the devrant post cooldown is down, so I can rant more lol, because whenever I feel like posting the thought or rant, the cooldown is just about to expire

To everyone freaking out about how bad Microsoft buying GitHub would be for "privacy". I want you to know that GitHub already uses Google and Facebook analytics on their site.

Boss: “Our ecommerce conversions in Google Analytics are less than the actual pace of orders.”

Me: “Nothing has changed in the tracking code or setup. It must be our goals setup which you have to have a Ph.D. to understand, plus whatever mood Google’s algorithms are in today.”

He’s not mad at me. We’re both just confused why Google AdWords, Analytics, and Tag Manager have to be so damn hard to get right. I’ve never been able to do it right. And most data is thrown out because people browse websites while logged into their Google Account, which makes their clickstream disappear and become unattributable because of understandable privacy policies. I don’t want my data tracked when I’m logged in either!

So now we have had to hire specialists at several thousand dollars per month to figure this out.

Salespeople telling clients "Your site doesn't need a privacy policy/cookie policy since you don't actually sell anything on your site."

Wrong wrong wrong WRONGITY WRONG WROOONNGGGG!!!!!

Client to PM to me: "Well Jim said we don't need those on this site."

Me: "Well Jim is misinformed, since we use Google analytics, Facebook Pixel, and contact forms, you need to have both a privacy and cookie policy."

PM to client: "We'll find you a template you can use to get started, it'll cover most of what you need."

Me to PM: "we will do no such thing, we can send them a few links explaining why they need these, but they should consult a legal professional and cover their asses for their own business practices. I can provide any technical details they may need like what data the cookies collect if necessary."

PM to me: "well I'll just find something for them then."

*In my head* please just go crawl in a hole and die.

Science says it can't be done! You can't have an iPhone AND preserve your privacy!

Yet here I am, doing just that. Just analyze apps you use and just quit using fucking leeches like instagram and whatever facebook puts out. Also, do this:
1. Disable iMessage, iCloud and FaceTime
2. Opt out of sending analytics to apple
3. Use VPN with DNS that blocks trackers
4. Disable background app refresh and location access

Most importantly, quit using whatever uses personalization to spoon-feed you content that exploits your confirmation bias. Quit watching youtube. Switch to DuckDuckGo or whatever search engine without personalization.

If you don't like apple and don't care about cameras, just buy a Pixel smartphone and install Calyx OS. Fairfone with /e/os is also a good alternative.

DevRant has many privacy-conscious people and honestly just people who don't like when their personally identifiable data gets shared.

Yet, DevRant uses Carbon Ads owned by BuySellAds. Here's what their privacy policy reads:

"Some Personally Identifiable Information may also be provided to intermediaries and other Third Party Service Providers (defined in part (4) below) who assist us with the Services"

You know what's the funniest thing? In "part 4 below" they never actually state which companies do they share personally identifiable information with.

Just a quick reminder that when you use DevRant, your personally identifiable information may be shared with any amount of third parties, and you could bet a lot of money that the list includes Google and Facebook because of remarketing. Remarketing is a fancy term that means not selling personal data but instead giving it away for free.

Use AdGuard or any other browser extension that blocks analytic scripts. Buy a Raspberry Pi Zero W and make yourself a PiHole. When you're using DevRant mobile app, use analytics-blocking VPN.

Is devRant using Google Analytics for upvotes (on web)? My privacy protection apps have removed the ++ button because of that on web :(

What do you guys use instead of Google Analytics? I'd like a free (if possible) application that gives me most if not all of the data Google does

tldr: I am looking for recommendations for a basic website for my parents. GOTO question;

Pre-Story:
My parents have a small (offline) business. They have a website to give some general information and list their weekly offers.
When I felt that what has come out of the website-building tool (you know, clicky clicky stuff) looked a bit too early 2000's and is a total ripoff for what you get (almost 20€ per month), I created something with Google Sites for them. Feel free to roast me, but web development is not my field and now it looks much more modern, is mobile friendly and does what it is supposed to do. Weekly offers are edited in a google sheets file, which is embedded in the website. Not great, but this way my mom doesn't have to deal with editing a tables on the page - trust me, it won't look good. This also meant they could downgrade the hosting package to discard the clicky-tool and just the domain (maybe 1€ per month). The website itself is hosted for free by Google.

Some time ago GDPR became a thing and then I was tasked to have a look at it. (side note: I don't want to rant about being responsible for it, that's fine. My parents don't really ask me to do a lot for them.) You can't enter any data on the website, it's just very basic stuff and data protection wise there's just the "usual" stuff (cookies, embedded tools, logs). I added another site with a halfway complete privacy policy. Regarding the whole cookie issue (do not enforce unnecessary cookies) I couldn't find an easy solution. It's not 100%, but what can you really expect from a small business like this? I've seen worse.

Now to the question:
Can you recommend a good alternative to the current solution (Google Sites)?
It should be cheap (<3€/month incl. domain) and my parents should be able to make some basic changes (just text in predefined locations). I am not afraid to get my hands dirty - I can deal with some HTML, CSS, JS - but I don't want to sink a lot of time into this. No need for analytics or the like. Maybe a newsletter would be cool (with the weekly offers), but that's just a random thought of mine and definitely not necessary.

Thanks for reading :)