So someone is constantly ddos'ing the privacy/security blog.

Just wondering if they really think that 500 hits a second will bring the site down?!

500 h/s consumes about 0.1 percent CPU and 1mb/s.

At least give me a challenge 😥

I just got a text from T-Mobile telling me about their updated privacy policy and that I can “opt out.” So, naturally I do exactly this.

After a little bit, I land on their “Do not sell my data” page and discover that, not only does it have 175+ trackers,
it doesn’t even fucking work. Also, on the desktop version of the site, the very control allowing the user to opt out of having their data shared/sold doesn’t even render.

These are all absolutely inexcusable.

A dating site for devs/sysadmins (etc) with privacy in mind.

Just a quick update (been a little) on the privacy website!

Although both the frontend and the backend need quite some work, I managed, with the help of some other guys, to get everything (only for the IM section yet for now) loaded from the database instead of hardcoded! Yes, that also means that the tiny icon colors are either red or green based on database values :).

Going to keep working on this tomorrow in the hopes I can also get some other subjects ready.

Thanks!

Was programming on the privacy site REST api.

Needed a break and started searching for a good movie or documentary.

Found a documentary about big data/mass surveillance.

I now have loads of motivation for programming on this again as this showed me the importance of secure services/software.

I'm currently programming on the cms REST api for the privacy site (its finally getting somewhere by the way) and I just noticed that I'm programming way cleaner and WITH comments.

My subconcious is probably keeping the fact that the entirety of devRant will see my code in a not too far future 😅

I really need to get my lazy ass up and get the fuck to work on the privacy site.

Yeah let's fucking do that. I've got a nice special beer as motivation as well!

Hello devRanters! A new update on the privacy website as I've had time to work on that last weekend.

For the picture: everything except for the images (although the URI's are in the database) is coming directly from the DB!

Also got a thingy working which can show one app on a single page including it's pro's/cons etc that you see on the main page but also (still have to write that part though and no screenshots yet as I've only done the backend!) sources (links to proof etc), a description and a guide on how to use that app/service!

I'm finally getting somewhere :)

Working on the privacy site.

DAMN frontend can be a FUCKING pain in the ass!

I JUST WANT TO GET A SIMPLE BOOTSTRAP PAGE WORKING, IS THAT TOO MUCH TO ASK FROM A BACKENDER? 😭

Uncle- What do you do?

Me- I'm a software engineer

Uncle- My brother's friend's son is also a software engineer.

Me- (so what am I supposed to do about it?) yes that's nice

Uncle- I have a great idea, u should implement, I'm just telling you, it is a revolutionary idea

Me- (oh fuck, not again) yes tell

Uncle- you should make a matrimonial site which tracks what people do on internet and tell their to-be-spouses about it

Me - (yeah, I'll get sued for breach of privacy, and it has got nothing to do with my current line of work, and will probably cause divorces before marriage) yes great idea uncle

Uncle- see I told you this billion dollar idea, u should do hard work and make it

Just WHY in god's name do all uncles think laptop is a magic box in which I just have to type their idea in and it will spit out a website/software in 2 minutes. I don't go around advising them about their line of work.

Programming on the privacy website together with 404response, this is awesome!

It's great to have someone who's good at frontend while you suck balls at it so that I can fully focus on the backend :D. (ewpratten if you still want to you can join 404response, he can explain you everything he's doing and how you can help)

Hey devRanters! A tiny update regarding the privacy tips etc site.

So as ewpratten doesn't have much time right now, I'm doing frontend as well for now.

Since some people also offered to contribute content, which I did not expect, I am also writing an invite/registration (based on invites) as we speak. So, this way, I can invite anyone (based on email address) into the CMS so that they can contribute content as well!

Regarding frontend, I'm introducing a system with icons. Icons? Yes, icons, let me explain:

Every application/service will get a couple of default filtering thingies. (not like clicking something and it'll filter anything out, yet) It'll enable users to see what an application does or does not. What the FUCK do you mean? Alright, so, as example, lets say open source. next to each application (read application/service) listed, there will be an open source icon. If the application is open source, this icon will be green, otherwise it will be red.

This will allow for a quick way of filtering stuff out.

For example, if you're only looking for open source stuff, you can quickly filter stuff out where the open source icon is red!

This will apply to things as open sourceness, metadata saving, usage of good crypto technology and so on. So you'll be able to quickly filter out the stuff you want to use (by eyes) through those filters!

Please let me know what you think and if you have ideas, I'll be glad to hear them!

Hai devRant! Working on the privacy app and want opinions on the page for details on specific apps (as in, applications so web/app/mobile or even embedded?!).

Yeah I know that the aligning is deffo not perfect but hey, gotta start somewhere :). Detail: everything you see here (the content and actually also the icon path) is rendered from the database already.

Tips/opinions?

Hello again devRanters! This is linuxxx again. A quick update regarding the privacy site!

Right now we're up to the following:

Ewpratten
- Converting what we have right now on frontend to Bootstrap.
- Working on a page with a description as to what this is going to be exactly.

linuxxx (me)
- Converted the static stuff we used before to a simple MVC based PHP web application.
- Created a DB scheme for the custom CMS I am going to write for this.
- Starting to work on the custom CMS right now!

We'll update as soon as we've got a well working description/introduction page :)

We won't be creating rants every day/new tiny feature/change or anything but as this is our first productive night, it seemed like a nice idea to update what we already got done/started on :).

Stay tuned!

Freaking tech support.
Freaking sparkhire.

Their 'one-way interview' bs only supports flash. Flash. in production. in 2019. Flash died years ago, and its support ends next year. What the crap?

Anyway, I finally decided I should do the interview since they already have all of my information anyway. Thanks, "privacy-conscious" third party. Totally appreciate it.

I spent half an hour and couldn't get flash working on their site (but all other sites were fine), so I contacted their support. I gave them all the relevant specs (inc. ofc browser), the steps to reproduce, and all of my attempts at fixing the issue.

To their credit, I recieved a response within a few minutes. To their discredit: their response was: "What browser are you using?" This question was followed by my report (including, ofc, my browser and all the other overlooked details), immediately followed by a "debugging info" section appended by their support service that also included my browser, os, and other specs.

Learn to fucking read.

Their suggestion? Use google chrome. Barring that: record your 20-30 minute video by holding your phone in front of your face the entire time. I am so not kidding.

They also asked what page i was having difficulty on. You guessed it: the page url was also included within that "debugging info" section.

It wasn't a form letter, either. I'd understand if it was all automated, but it was a real person who was really typing up the emails, and really didn't bother reading a damned thing.

I did end up getting flash working, but their "tech support" (script-reader) was entirely useless.

I want to be PROGRAMMING on the freaking privacy site already, not having to search for icons, download them in the right color/format etc.

Fucking hell. (although finding good/fitting icons is a funny challenge though :P)

Currently working on the privacy site CMS REST API.

For the curious ones, building a custom thingy on top of the Slim framework.

As for the ones wondering about security, I'm thinking out a content filtering (as in, security/database compatibility) right now.

Once data enters the API, it will first go through the filtering system which will check filter based on data type, string length and so on and so on.

If that all checks out, it will be send into the data handling library which basically performs all database interactions.

If everything goes like I want it to go (very highly unlikely), I'll have some of the api actions done by tonight.

But I've got the whole weekend reserved for the privacy site!

Alright so the security blog is coming up soon (as in, days probably) and I'm working hard together with 404response on the privacy site.

I do want to gain some insight into visitor numbers and so on but OF COURSE, commercial/closed source options are a no-go for me!

I am thinking about maybe using Piwik with all the privacy options enabled Also self hosted obviously. What do you guys/gals think?

Creating an anonymous analytics system for the security blog and privacy site together with @plusgut!

It's fun to see a very simple API come alive with querying some data :D.

Big thanks to @plusgut for doing the frontend/graphs side on this one!

Hello! A tiny update on the privacy site thingy. (linuxxx here yas).

I've finished the preview page (description of what will be on the site really) and slowly preparing for deployment.
In the mean time, since @ewpratten is very busy at the moment, I'm giving the frontend part a shot myself! Working on the general layout/presentation right now and I will show a preview as soon as I have anything solid enough to show :).

Also working on the custom CMS which is going well!

I am kind of hestitant to publish the preview page because I am not a frontender and I know that I'll get all criticism on here so please, please go easy on me! Also, just in general, if you find any kind of flaws in the web app or wherever, please report them to me! As for frontend, I won't fix anything because I've got bigger priorities (like creating the actual site itself xD) but general feedback would be appreciated :). And as I said, I'm a backender so don't judge me too hard on the frontend!

Alright now let's gather some courage to actually publish this thing 😅

End to end encrypted (maybe decentralized?) social network including shit like voice/video/group calls.

Privacy site I'm working on right now.

Yeah that's it for now :)

Working on the privacy site, someone gave me a good SQL example for the 'filtering' (renaming this to capabilities) feature and here I am, hardly knowing any SQL more than basic selects 😥. Well, good luck to me I guess :/

Wanted to get the privacy site cms REST API ready for programming again but hadn't put it on gitlab yet.

After some nervous searching I found it again 😅

This weekend I hope to get very far :)

" this page uses cookies"
"We've updated our privacy policy"
*30 sec full screen ad* OR "please turn off your adblocker and refresh"
"Would you like to take a survey?"
"Click to read more"
"You've reached your free articles for the month. Please subscribe!"

Jesus fucking Christ! Is it such a sin to read articles in peace? How does anybody use your shitty site. How does anybody PAY for your shitty site?! Fuck your articles. Why do companies think this is a good model?!

Several minutes waiting for site to work after clicking on "required cookies only". Is this really what privacy laws were aiming for?

I wrote a node + vue web app that consumes bing api and lets you block specific hosts with a click, and I have some thoughts I need to post somewhere.

My main motivation for this it is that the search results I've been getting with the big search engines are lacking a lot of quality. The SEO situation right now is very complex but the bottom line is that there is a lot of white hat SEO abuse.

Commercial companies are fucking up the internet very hard. Search results have become way too profit oriented thus unneutral. Personal blogs are becoming very rare. Information is losing quality and sites are losing identity. The internet is consollidating.

So, I decided to write something to help me give this situation the middle finger.

I wrote this because I consider the ability to block specific sites a basic universal right. If you were ripped off by a website or you just don't like it, then you should be able to block said site from your search results. It's not rocket science.

Google used to have this feature integrated but they removed it in 2013. They also had an extension that did this client side, but they removed it in 2018 too. We're years past the time where Google forgot their "Don't be evil" motto.

AFAIK, the only search engine on earth that lets you block sites is millionshort.com, but if you block too many sites, the performance degrades. And the company that runs it is a for profit too.

There is a third party extension that blocks sites called uBlacklist. The problem is that it only works on google. I wrote my app so as to escape google's tracking clutches, ads and their annoying products showing up in between my results.

But aside uBlacklist does the same thing as my app, including the limitation that this isn't an actual search engine, it's just filtering search results after they are generated.

This is far from ideal because filter results before the results are generated would be much more preferred.

But developing a search engine is prohibitively expensive to both index and rank pages for a single person. Which is sad, but can't do much about it.

I'm also thinking of implementing the ability promote certain sites, the opposite to blocking, so these promoted sites would get more priority within the results.

I guess I would have to move the promoted sites between all pages I fetched to the first page/s, but client side.

But this is suboptimal compared to having actual access to the rank algorithm, where you could promote sites in a smarter way, but again, I can't build a search engine by myself.

I'm using mongo to cache the results, so with a click of a button I can retrieve the results of a previous query without hitting bing. So far a couple of queries don't seem to bring much performance or space issues.

On using bing: bing is basically the only realiable API option I could find that was hobby cost worthy. Most microsoft products are usually my last choice.

Bing is giving me a 7 day free trial of their search API until I register a CC. They offer a free tier, but I'm not sure if that's only for these 7 days. Otherwise, I'm gonna need to pay like 5$.

Paying or not, having to use a CC to use this software I wrote sucks balls.

So far the usage of this app has resulted in me becoming more critical of sites and finding sites of better quality. I think overall it helps me to become a better programmer, all the while having better protection of my privacy.

One not upside is that I'm the only one curating myself, whereas I could benefit from other people that I trust own block/promote lists.

I will git push it somewhere at some point, but it does require some more work:
I would want to add a docker-compose script to make it easy to start, and I didn't write any tests unfortunately (I did use eslint for both apps, though).
The performance is not excellent (the app has not experienced blocks so far, but it does make the coolers spin after a bit) because the algorithms I wrote were very POC.
But it took me some time to write it, and I need to catch some breath.

There are other more open efforts that seem to be more ethical, but they are usually hard to use or just incomplete.

commoncrawl.org is a free index of the web. one problem I found is that it doesn't seem to index everything (for example, it doesn't seem to index the blog of a friend I know that has been writing for years and is indexed by google).

it also requires knowledge on reading warc files, which will surely require some time investment to learn.

it also seems kinda slow for responses,

it is also generated only once a month, and I would still have little idea on how to implement a pagerank algorithm, let alone code it.

FUCK!
After submitting a registration form I noticed the site is served over plain HTTP. Their marketing site is served encrypted, but login and register are not! What the fuck!!!

Fuck everyone who does this stupid fucking shit with disregard to basic security features! Their goddamn bullshit privacy policy is bragging about how it's top priority to protect their customers' information and shit like that. Get the fuck out, cunts!!

I contacted them so I might have a continuation to this rant if I'm not satisfied with their answers.

Goddamn it!

i'd rather burn a site to the ground to preserve it in its current state than let it devolve into a place for SJWs to basically outlaw everything because they're special snowflakes. It's about breaking video games, you don't need to say "well you can't use he/she/him/her pronouns ever, you can't acknowledge binary genders, you can't say the word 'retarded' even when referring to the dictionary definition of the word (synonym of regression), you can't send PMs at all because privacy is against God, you can't say/reference God or Christianity because #NotAllReligions"

just fuck off. We break Pokemon games, we don't plot to genocide the white race because all whites are cis racist Nazi cucks like you do goddammit

;-;

I am a junior web developer, currently working in my first job for a small company, I was hired because I have an interest in meteor and modern web dev.

When I say small I mean I am the only full time js dev.

So the project we are working (my first ever professional project from start to finish) is a travel booking web app (being a little vague, for the sake of privacy). I am the lead developer, as a new programmer of a project that is far from trivial. There are no other javascript devs in office, no sort of code review. We have an outsourced dev but as I got in a flow with one dev my boss supposedly told him to do it part time (without discussing with me), but haven't heard anything from him, so assuming he's just disappeared (probably annoyed at being treated like a commodity).

Boss has set up the stages, and forces me to move on to the next stage before that stage has been finished. I will have to go back over the whole thing to finish things off.

He will only hire cheap juniors, one front end guy with barely any experience is styling the site.

He is used to churning out WordPress and Magento sites.

Wish I had a senior I could learn off.

I want to stick at this project and see it through, but i can only see it ending in a train wreck.

At the same time I want out, I want to work under a better team with senior programmers and better code review.

I just have to do my best and see how it goes I guess

To everyone freaking out about how bad Microsoft buying GitHub would be for "privacy". I want you to know that GitHub already uses Google and Facebook analytics on their site.

ARGH!
Since that privacy cookie policy change thingy, every goddamn site pops up the dialog asking about it.

I just want to fucking read the page, quickly; get off my screeeeeeen!

There should be a standard to add something that lets the browser tell the page if you accept cookies or not, and which options to use; or at least make all the sites use a specific attribute for the elements of the div, so it can be automated (I know this is a dream).

Because everyone else is ranting about this too:
I'm not afraid of Microsoft wanting to monetize everything or that they will restrict site access to Microsoft Edge only. What I am afraid of is that they change the privacy policy.
Who knows what they are up to?
I hope GitHub is awesome enough to decline the offer.... Let's see.

Salespeople telling clients "Your site doesn't need a privacy policy/cookie policy since you don't actually sell anything on your site."

Wrong wrong wrong WRONGITY WRONG WROOONNGGGG!!!!!

Client to PM to me: "Well Jim said we don't need those on this site."

Me: "Well Jim is misinformed, since we use Google analytics, Facebook Pixel, and contact forms, you need to have both a privacy and cookie policy."

PM to client: "We'll find you a template you can use to get started, it'll cover most of what you need."

Me to PM: "we will do no such thing, we can send them a few links explaining why they need these, but they should consult a legal professional and cover their asses for their own business practices. I can provide any technical details they may need like what data the cookies collect if necessary."

PM to me: "well I'll just find something for them then."

*In my head* please just go crawl in a hole and die.

My org (of which i'm basically CTO) has this administrative tool that a team uses to combat spam and scams, which is quite the problem for us.. the tool was written like 9 years ago, by my predecessor, very quick & dirty and unaesthetic and without input from those who would use it as far as interface or UX... it got modded a little a few years later by a kind of amateur coder who was at the time on the spam control team, and now there's this new maybe slightly less amateur coder guy on the team who has written this amateur tool that scrapes data off our site and massages it and stores it on his own server and then provides a better interface, or so they say.... this is all because for a couple of years people didnt want to "bother me" with a request to improve our internal tool, they thought I was "too busy" doing other things... so instead this outsider has built this stupid thing that lives on his own personal server and so now we have these problems to do with performance, security, privacy for user info, etc etc... someone please shoot me....

I am SOOO fucking sick of being asked if our website and gaming servers are going to be GDPR compliant. All these game owners in a panic changing everything they do just to conform to this law.

Fuck GDPR. In all reality COME AT ME BITCH. The EU wants to grow a pair of balls and act like the world internet police? Bring it the FUCK on. You can't even stop pirating in your own country, so how the FUCK are you going to regulate and enforce this law on HUNDREDS of THOUSANDS of servers, when your punk ass government can't even shutdown a single torrenting website.

Give me a fucking break, and shame on you pussies for allowing it. All you people running around scared acting like your private gaming servers are important. I give a shit less how much work you put into your server. I have put more work than most anyone else, but you don't see me trying to act self important as if my gaming server is some fortune 500 company.

Your server isn't important and neither are you. The government doesn't give a shit about your server so can we all just stop acting like this fucking matters. NO ONE FUCKING CARES ABOUT YOUR SERVER.

NO ONE is going to come and sue you for not complying. GDPR is for business, and anyone that wants to argue no look it says right here it applies to all is a fucking MORON. Do you idiots stop and think or do you just believe everything typed out on paper.

THEY CANT ENFORCE THIS ON EVERYONE. They don't have the resources. So use your fucking heads and stop being so fucking scared of a law that has no resources to stop you. THEY CAN"T DO ANYTHING. EU and whoever made their polices, I DARE them to try and touch my server, I WANT them to start something with me, just so I can show the rest of the world why the Internet is still the wild west and why they have no power over me.

You think pirate bay is the only one who knows how to hide their server? You think pirate bay is the only one who keeps backups of their server to be able to re release in an instant somewhere else in the world? Bitch get real this is the internet, a place where a 5 year old can buy hand grenades from the Red Silk Road, and you wanna talk to me about your privacy? Go fuck yourself.

It's not my problem some douche bag went onto a site that used his personal information in the wrong manner. So how about you do what everyone else does and browse ANONYMOUSLY. But no it would be to easy for governments to make their own citizens responsible. Instead they have to hold all of YOUR hands, because you people are to stupid to protect yourself.

Wake the fuck up world, and stop being a bunch of whining little brats who cry for the government to bubble wrap your world so you can live safer. Natural selection is long overdue for a lot of morons still breathing air.

User: Hey, guys. I'm uploading those docs you requested to your website, but I noticed that my connection to your site is not private.

Company: Thank you for your question. Please, don't worry, we have a privacy policy on our website.

User: ...

We need to create simple form for colection few particular people data for some bounty programme.

We have ready-made website that does similar stuff, but it was outsourced and we have compiled javascript (sidenote - im only person in this place who understands f**ng javascript but hates it deeply)

Anyway, they come to me, and say that creating this google doc will take them few minutes and it seems that editing few divs in the site and creating second one with another subdomain will do the trick.

I tell them that it will take a lot of time to reverse engeneer that compiled react.js website to change few divs. But they insist.

So we start out, I pop up the terminal, copy over site, add nginx config for it, apply SSL to it, we are already good 5-10 minutes in, first roadblock - CORS. At this point I tell them that with google form they would be already done.

What I hear?
But we will need to make again privacy policy

Me:
Can you just link privacy policy from this site?

They:
Oh... it makes it easy now.

My internal voice:
next time try to use brain....

tldr: I am looking for recommendations for a basic website for my parents. GOTO question;

Pre-Story:
My parents have a small (offline) business. They have a website to give some general information and list their weekly offers.
When I felt that what has come out of the website-building tool (you know, clicky clicky stuff) looked a bit too early 2000's and is a total ripoff for what you get (almost 20€ per month), I created something with Google Sites for them. Feel free to roast me, but web development is not my field and now it looks much more modern, is mobile friendly and does what it is supposed to do. Weekly offers are edited in a google sheets file, which is embedded in the website. Not great, but this way my mom doesn't have to deal with editing a tables on the page - trust me, it won't look good. This also meant they could downgrade the hosting package to discard the clicky-tool and just the domain (maybe 1€ per month). The website itself is hosted for free by Google.

Some time ago GDPR became a thing and then I was tasked to have a look at it. (side note: I don't want to rant about being responsible for it, that's fine. My parents don't really ask me to do a lot for them.) You can't enter any data on the website, it's just very basic stuff and data protection wise there's just the "usual" stuff (cookies, embedded tools, logs). I added another site with a halfway complete privacy policy. Regarding the whole cookie issue (do not enforce unnecessary cookies) I couldn't find an easy solution. It's not 100%, but what can you really expect from a small business like this? I've seen worse.

Now to the question:
Can you recommend a good alternative to the current solution (Google Sites)?
It should be cheap (<3€/month incl. domain) and my parents should be able to make some basic changes (just text in predefined locations). I am not afraid to get my hands dirty - I can deal with some HTML, CSS, JS - but I don't want to sink a lot of time into this. No need for analytics or the like. Maybe a newsletter would be cool (with the weekly offers), but that's just a random thought of mine and definitely not necessary.

Thanks for reading :)