Ten Important Things You Should Tell Your Friends About Two-Factor Authentication

It was never about security. It was always about collecting and selling high-value personal data. Here comes the proof...

It's hard to believe, in a world where tech platforms increasingly mandate two-factor authentication, that there could still be people in this world who believe it's all about our "security protection" rather than the tech industry's bank balance. Sadly, however, the misconception widely persists. So if you know someone who still thinks 2FA is a security measure, here's a list of ten things they urgently need to hear...

The Privacy Implications of Google's Switch to First-Party Behavioural Targeting

With this sly regime going into the wild next month, the phasing out of third-party cookies will be no loss to Google. In fact, it will be a net gain.

Have you been puzzled by Google's casual resignation to the dwindling life of third-party cookies? What about the brand's shrug at anti-tracking initiatives like Mozilla's Total Cookie Protection? I mean, Google is Mozilla's primary funder. So at a glance it makes no sense at all that Mozilla's Firefox browser would roll out a system which limits the very tracking cookies Google uses to serve targeted ads...

Well, as with every other seemingly good-natured gesture that grandstands its way out of Silicon Valley, it's a trick. Of course it is. Just weeks after Firefox finally provides a default shield against cross-site tracking cookies (something it could have done 15 years ago), Google waltzes in with a new behavioural ad-targeting regime which... Yep, you guessed... Doesn't need cross-site tracking cookies. Not that any of this is choreographed, you understand... Sigh, groan, sigh, shake of the head, roll eyes to fade.

Babylon by Laptop: The Tech Service Supergrass

Tech giants still insist that this is about marketing, but clearly, you do not need someone's retina-scans, fingerprints or digital forensics to sell them a food mixer. When corporations start angling for this kind of data its intended destination is a police database.

If you know your reggae history, you'll surely have noted the sly twist on the Bob Marley album title Babylon By Bus. Just in case anyone's unfamiliar with this particular context of the word "Babylon", it's a Rasta synonym for authoritarian forces of control and/or a generally corrupt system that works against the power of good.

Sometimes it refers specifically to the police. Sometimes to a collection of state agencies. Sometimes to an entire ecosystem of oppression, including all of its sympathisers. But it's a great term around which to build this article, because it so perfectly places all subjugative forces into one basket, and removes the distinction between government agencies and private corporations who play the exact same role.

The DIY Superguide to Blocking Email Trackers

Get your inbox officially a-rockin', and tell email trackers not to bother knockin'.

Data is worth a mint, and unsurprisingly, there's now a very long line of companies dreaming up sly ways to get their sweaty fingers on it. One of the more recent additions to the ever-growing list of data-ruses is the "email protection service". In summary, you give a self-styled and completely unaudited "pRiVaCy BrAnD" access to your entire email flow, and they remove the trackers before sending the email to your inbox.

This would be a fantastic idea if you could actually trust tech companies. Unfortunately, however, tech companies are among the least trustworthy entities in the entire universe, and self-styled "pRiVaCy BrAnDs" are no exception. In fact, the only two things you can ever trust self-styled "pRiVaCy BrAnDs" to do are...

• Collect and exploit data.
• Pretend that they don't.

It's therefore most unwise to use "email protection" services. You're allowing a totally unnecessary and totally opaque third-party unrestricted access to your mail stream. And if the "protection" service is free, the only thing the service provider can possibly monetise is your data.

But don't worry. Blocking email trackers on your own device, without releasing your email flow to any third party, is fast, simple and reliable.

Shill City: The Dark World of Privacy Tech Marketing

Privacytests.org - a performance table site which ranks Brave as its best-performing browser - is maintained by the Senior Research and Privacy Engineer at Brave Software. But sure, let's all take this quagmire of shilling and sockvertising seriously.

There should never be any trust where brands are concerned - especially in the tech genre. But after it was revealed that the self-styled privacy brand Startpage had bribed its way back into the recommendation resource privacytools.io’s listings after being legitimately booted out, the focus of suspicion split in two. Not only were the “privacy brands” untrustworthy - at least some sources of recommendation were a sham too.

As the seriousness of the privacy debate escalates to uncharted levels, perhaps this is a good time to ask how many of the voices in the privacy arena are being incentivised by brands. Perhaps, indeed, it may be better to ask how many of them are not being incentivised...

Lynx Browser: The Land That Time Revived

"If you don't perceive using the Internet in the 2020s to be a constant fight, you have absolutely no online privacy whatsoever."

Lynx browser, browsing the post Cyber Freedom: No Gain Without Pain, from my Neocities site Backlit.

It might look scarily primitive at first glance, but Lynx browser - a product as old as the World Wide Web itself - could not be more of a friend. And neither could it be more relevant amid the surveillance dystopia of the 2020s. If you find it hard to keep up with the latest content-blocking customisations... If your brain is fried with endless reports of new tracking technologies... If you're sick of seeing a page of static text hang your system because some pillock of a front-end dev decided to hit your RAM with a one gigabyte JavaScript object... Well, Lynx is here to take the confusion out of dodging Big/Stupid Tech.

New "Protection" Extension Blows The Lid Off The Startpage Privacy Charade

"Out front, we find a grand, feelgood gloss, extending around us a warm hug of protection. But behind the curtain, it's just another cybertech company pimping us out to the preds."

Google Tag Manager hitting the firewall after Startpage Privacy Protection waved it through without even a cursory mention.

For years, we've been wondering whether the Startpage search engine might warrant a little more scrutiny. Whether the notion of "actual Google without the tracking" should perhaps be tentatively subjected to the old adage:

"If it sounds too good to be true... It probably is."

But Startpage's recent release of a so-called "privacy protection" extension for browsers, might just have burst the brand's carefully-cultivated integrity bubble for us.

The Problem With Tracker-Blocking Browser Extensions...

"In the end, there's way too much money in surveillance capitalism for any of these pathological stalkers to simply sit back and allow us to block them. They're on us today; they'll be on us tomorrow."

If you've ever installed a content-blocker (often known as a tracker-blocker) as a browser extension, you were probably pretty confident that it would block trackers. Like Domestos killing germs. One squirt, and it's goodbye bacteria. But blocking silent online trackers is a complex affair. Much more difficult than blocking adverts. And that means you're probably being watched by the bulk of Big Tech - even with the eminent extension uBlock Origin guarding your fort.

Reputation Laundering: Privacy-Washing in Close-Up

"A measure of our acceptance of ads-in-disguise if ever there was one. We see the ads. We just don't realise they're ads."

Photo by Jacek Dylag on Unsplash (image cropped)

Over the past few days, I've looked on in bewilderment as yet another new… ahem, "private" search engine entered the market. This one's called You.com, and it's an annoying, heavily-bankrolled spyware den with conditional access, forcible key-logging (i.e "search suggestions"), micro-monitoring of users' page actions, and in default mode, both Bing and Azure loading their trackers on the page. Yet people have taken the brand's "private" headline seriously, and the buzz appears to be flying - much to the frustration of one or two long-established rivals.

I was wondering how comical the privacy-washing genre would have to become before the first wave of privacy brands started grumbling…

Dark Tracking: Understanding and Blocking Service Workers

"Service workers are basically app downloads that take place entirely at the provider's whim and under their control. Not only do we not know what the app does - we don't even know we're downloading it. Meanwhile, lawmakers think they saved online privacy with cookie banners."

The Application tab in Chromium browser's Developer Tools allows you to inspect what a service worker is caching. Above you can see the scripts dropped into my local code cache by the Tutanota service worker.

Quote the term "service worker" to your average internet user, and they'll probably envisage some abused soul being repetitively ear-bashed by permanently angry customers in a call centre. But in the tech world, a service worker is also a particularly surreptitious facet of browser technology…

WHAT ARE SERVICE WORKERS?

Service workers are JavaScript programs which expand a simple web connection into a provider-controlled online/offline relationship. They're downloaded to and installed on the user's own device - often along with a raft of cached paraphernalia they usher through the door behind them - without consent or (in most cases) knowledge. The functionality of a service worker can be likened to that of an app. But an app is installed and controlled by you. The service worker is installed and controlled by a website or platform, behind your back. That's already a problem.

Apply a Custom Light Mode To All of Nitter - No Cookies or Extensions

"There's a neat hack in Firefox and other Firefox-based browsers, which allows you to re-skin all Nitter instances with a light mode in one go. No cookies, no extensions, no dependency on specific instances."

We all love browsing and searching Twitter without having to submit to the platform's scourge of JavaScript and microtracking, right? Well, if you do, and you're already using Nitter for that purpose, I've got a quick and simple DIY hack which can help make Nitter look a little more inviting to fans of Twitter's default light mode.

WHAT IS NITTER?

Nitter is a decentralised front end for Twitter, which delivers all available logged-out Twitter content through a proxy, providing an escape from Twitter's increasingly oppressive monitoring tools.

Vivaldi Browser: Privacy Review

"In the long run, there's only so much mileage in these brands persistently directing the public's thoughts towards what is actually, in truth, their products' worst attribute."

In Bodhi Linux, Vivaldi 4.3 forced direct connections to certificate authority domains before allowing visits to encrypted pages.

The privacy bandwagon is in town, and the cart is pretty crowded as it rounds the corner onto High Street. As each jostling brand throws its surface-scrubbed privacy parcels out to the roadside gathering with gleeful abandon, open hands grab at the shower of generous gifts.

The public broadly accepts cybertech's privacy claims at face value, and this has created a digital Gold Rush, in which all manner of companies wave brightly-decorated incognito masks at Google's userbase, in the hope of enticing a lucrative mass exodus. But when Google's users jump across into this wonderful new world of incognito, it slowly dawns on them that Google has made the jump too - in an incognito mask of its own.

Content Podding: How to Build Portable, DIY, Offline 'Blogs', and Why You Should

[UPDATE: I've since built an app to create content pods and other distributable writing formats totally offline. You can find out more and get the download links in Take The Web Offline With Lit.OTG.

I've left the original post below.

The Original Post...

"An HTML web page can be incredibly simple, and it can be created entirely offline with something like Seamonkey Composer. I'll move onto that shortly. In fact, I'll summarise the whole creation process."

A portable, offline version of the NRGCult post "I am Suing the Feminist Metal-Bending Channel".

Content creators… Imagine producing a website or blog without the involvement of any remote service. Imagine completing the whole process on your local drive, without any signups, without any terms, and without any conditions. Imagine being able to send your DIY website, or collection of web pages, directly to people of your choice. By email. Or on CDs, or on DVDs.

Content consumers… Imagine being able to read content in total privacy. Imagine that content being delivered to you in a format that doesn't allow your interests to be profiled. Imagine that content being futureproof and immune to censorship. Imagine being the gatekeeper of that content, so you don't have to rely on a bunch of massive tech companies graciously allowing you to find and/or access it.If these ideals appeal to you, then let me welcome you to the world of portable content.

Portable content is not attached to any specific web service. You choose how you want to deliver or receive it. It's extremely difficult for Big Tech to censor, suppress or ban, and it's totally impossible to interfere with when it's distributed on disc media at functions or in other offline situations.

The Great Firewall Swindle

"This is what the broad tech industry wants. Products that are useless for 99% of people. Because if the firewall works properly, the tech industry doesn't get its saleable data."

A good, communicative firewall at work. This is Opensnitch reporting Systemd Timesync's attempt to contact ubuntu.com in Bodhi Linux. This is one of the network connections made without user consent or knowledge in Ubuntu-derived Linux operating systems. You can argue that the connection is in this case harmless or useful, but it's nevertheless an instance of the computer making its own networking decisions, on the quiet. The user's awareness should never be bypassed in this way. Without a good firewall, who's in control?

It amazed me, about eighteen months back when I first began my shift from Windows into the world of Linux, that so many in the Linux community said firewalls were unnecessary. It amazed me that so many Linux distributions came with the firewall deactivated. It amazed me that the most common Linux default firewalls are uncooperative command-line routines. It wasn't, so it turned out, that there were no good options. It was that the package managers were choosing not to include one.

I've loved the improvements in quality of digital life that Linux has brought me. For the first time in many years I've felt that being 100% in control of my computers is within reach. But the firewall situation struck me as odd. Here was a breed of operating system that traded on improved privacy and delivered generally good transparency as compared with the ironically ever-opaque Windows. And yet Linux rarely came ready to run with the most basic privacy protector of all - a firewall that any home user could control. Was this a conspiracy?

Why We Can't Opt Out of Surveillance Culture

There's only one reason why we're implored or forced to keep software "up to date", and it's not "security". It's so the tech industry has an instant push system for each new Big Brother powerplay as it's released. "Up to date" has never been a real necessity. It's a manufactured necessity. A brainwash.

Remember a time before browsers blocked important pages? The more updates you accept, the more freedom you lose...

"Unsupported browser - access denied!"… "Your security is at risk - access denied!"… "Your TLS version is out of date - access denied!"… "Your system is too slow - access denied!"… "Certificate invalid - access denied!"… "Page data cannot be authenticated - access denied!"… "Your connection is unsafe - access denied!"… "Your device has exhibited unusual behaviour - access denied!"… "This site cannot verify that you are human - access denied!"…

Do you ever get the feeling that someone's throwing obstacles at your attempts to use the internet?

That's because they are. The inexhaustive range of artificial barriers I've cobbled together above illustrate just how much our agency to freely roam the internet is waning. More and more, we're finding that software and hardware needs the approval of powerful data companies in order to function properly in cyberspace. Among other things, that means we can no longer use the technology we want to use. We have to use what we're told to use.

And the end game? Our submission to 24/7 surveillance. If a piece of technology doesn't afford tech powers the means to spy on us, it gets blocked from the internet. Most often, the block is not the decision of individual websites. It's a collusion between the browser providers and a range of immensely powerful tech corporations who have appointed themselves as the Internet Police. A besuited, shiny-shoed middle-mafia has formed between you and the sites you seek to visit. And if either you or the sites ain't playin' ball with the whims of Big Tech, more now than ever, it's access denied.

Beneath the hard wall of blocked access, there's then a wider-reaching soft wall. A wall in which search engines - the tools we use to source relevant content - are algorithmically pushing us towards the "right kind of content", and away from the "wrong kind of content". Anyone who thinks I'm chasing some wack conspiracy theory should check this…

Optimising Your Online Privacy With Self-Minimisation of Data

"Corporate spying, at the level it's now reached, is creepy, stalkerish, manipulative, predatory, warped, perverted, and abusive of human rights. Even if it carries no demonstrable collateral harm, you don't need to feel it's something you should willingly and happily accept."

The easy way to write a post about online privacy would be to list a range of so-called “privacy respecting” alternatives to Big Tech. But it's become increasingly obvious that at least some of these alternatives are a far cry from what they claim to be, and are actually part of the very system they profess to oppose.

At best, simply trusting services because their marketing says “we're all about your privacy”, when some of the worst privacy policies in the world open with “Your privacy is important to us”, is a wildly superficial and somewhat naïve approach.

The true key to optimising online privacy lies in disrupting the core tenets of tracking. Tenets as simple as product allegiance, for example. By sticking with one brand, one browser, one login, we make ourselves frightfully easy to monitor. Whilst, say, a VPN is touted as a route to better privacy, it allows a single provider to log the entirety of a user's online activity. And there's nothing other than that provider's word to say that the available information will not be packaged and sold to the Great Inscrutables.

DuckDuckGo Gets BLOCKED by Privacy Protection Routine

"Unlike when you load other “private search engine” homepages, you're not alone with DuckDuckGo. You're actually connecting to the Microsoft cloud hosting service... And that means Microsoft knows both who you are, and what you searched for. Oh dear..."

If you read my posts regularly, you'll know the issue that prompted the title of this post would have come as no surprise to me. But it's finally happened. DuckDuckGo - the search engine that presents itself as a paragon of privacy - has been blocked by a Firefox browser extension designed to protect users from the grip of the big six megatrackers. Namely: Amazon, Apple, Cloudflare, Facebook, Google and Microsoft. And as regular readers will have guessed, the megatracker responsible for DuckDuckGo's blocking, is Microsoft.

Big Silence: What “Privacy Respecting” Services DON'T Tell You About Their Data Handling Continuum

"This contradiction, enabled by a loophole in data protection law, allows “ethical tech” companies to be considerably LESS transparent about the entirety of the data-handling continuum than “big tech” companies."

Image by Bob Leggitt @ Planet Botch

It's a wonderful development that more people are starting to care about and reject aggressive surveillance, as they steadily recognise the very real societal rot that unrestrained corporate spying and monitoring can cause.

Surveillance fears ultimately stifle freedom, and in some areas reduce public safety. We might be less likely to upload a profile picture online because of face recognition tracking in the offline world. We might limit our learning because we fear the consequences of searching for information on sensitive subjects. We might even decline to visit a doctor for an embarrassing or stigmatised physical or mental condition, because of the sharp rise in health service data-sharing with inscrutable private companies.

Simultaneously, we're at higher risk of indentity fraud, as surveillance giants like Facebook warrant themselves more and more personal data, whilst increasingly displaying a "shit happens" attitude to being hacked.

For the sake of freedom and safety, we desperately need an alternative to surveillance-crazed tech, but do we really have one?

Brave Search: Industry Revolution or Ad Bar in a Face Mask?

"Depending on what you search for, you may in fact be getting 100% of the results sourced from Google."

Photo by Elena Mozhvilo on Unsplash (image modified)

It's been heralded as game-changing in that it headlined its post-intro fanfare with a non-Google, non-Microsoft search index. But now that it's made its beta version public, does Brave Search look like the wise choice it promised to be in the pre-launch posturing? Is this a revolution in web search, or is it basically a 2008 ad bar in a face mask?

One of the problems with the discourse about privacy is that we can get so focused on who is or isn't getting their hands on our data, that we lose sight of the bigger issue. Namely, the corruption of information integrity that advertising companies have a lucrative incentive to engineer. And one of the problems with Brave is that however much it screams the word “privacy” into our faces, it's still an advertising company, whose primary goal is to show us ads. Just like Google. Just like Facebook. The methods and data-gobbling capacity may be different, but the funding still comes from people whose only concern is that we buy their shit.

So there are really three questions hovering over Brave Search.

1. Is it what we thought it would be?

2. Given that user privacy and online commerce roundly detest each other, does it really offer good privacy?

3. How much does the company's advertising focus interfere with the integrity of the results?

Why I Uninstalled Brave Browser

"The company knows those megatrackers shouldn't be there. It's already evolving from privacy by default to privacy for sale."

Photo by Tim Mossholder on Unsplash (image modified)

I've split up with my browser… No, it's okay, I'm fine… I'm picking up the pieces. I mean, obviously, you don't end a relationship without some personal impact, but… No honestly I'm fine… I really just don't wanna talk about it… Well, except to say…