Developers, we can clean the Web of Google surveillance one site and one service at a time. What do you say?
but, Aral, they gave us a lot of money
are we SURE they're evil? I mean, like, evil's relative, right, and like if people are nice and give you money how could they be evil?
(seriously though, cut the leash the corps have on the internet)
@aral What do you think about creating an "ethical ads service"?
Which from my perspective would be some kind of json file or API and a JS snippet people can embed on their pages which would provide ads for ethical companies and products. Just a picture, a link and a little text.
This would be privacy friendly as every page could host themselves and I think informing people about a product, which was the original idea behind "ads", would help to spread them :)
Thankfully if ads aren't tightly coupled to huge amounts of data processing and analytics then there's no reason for them to be any more complex than just passive content, images/text/video, so moving to a much safer means of displaying ads is totally possible.
Sheogorath's suggestion was "Just a picture, a link and a little text" after all!
Yes, this suggestion was pretty much by this reason.
Active content always causes problems. That's why I suggested to use passive one. Also self-hosting to make it more privacy friendly.
In my initial idea it is not mandatory to sell ads. Instead everyone can decide for themselves what kind of ads they want to show. The original project would just provide a repository of possible ads which hopefully has ethical standards.
But maybe monetizing it, would also help.
To mitigate the risks for users, browsers' vendors could make several simple modifications to their software.
There is one major problem which you are definitely aware of: It would break the entire modern web.
And "opt-in" especially for security topics is not more secure for a majority of users. Ever seen users visiting an intercepted HTTPS page? Guess why HSTS forces browsers to remove "opt-in" for insecure connections…
Security has to come by design, not by enduser decision.
To fix the issue we need to completely separate the #Web as a content distribution platform (aka the #HyperText in #HTTP and #HTML) and the Web as a distributed application platform: nobody should be able to embed a #surveillance application inside a journal article (thus no #JS nor #WASM should be allowed).
I guess my definition of "breaking the web" is different than yours. To me It's about designing a webpage following modern web standards (which definitely includes JS) and it looks and behaves in all major browsers basically in the same way.
Which is no longer true, as soon as you remove JS out of this. Which in conclusion means it's broken.
Yes definitely a different definition.
To me "looks the same ON ALL MAJOR BROWSERS" means it's broken, as all major browsers are controlled by what 2 US corporations? #Google controls #Chromium and #Firefox and is going to control #Microsoft's default browser too. #Apple controls #Safari. Together they render over 90% of the _world_ #Web traffic.
That's REALLY broken, don't you think?
To me, the definition of NOT broken would be "usable and accessible on every browser", in a world where a single person could aspire to implement a standard compliant browser alone from scratch in a couple of year.
Today everybody complains because the #Web is centralized on the server side.
But what about the client side?
The situation is even worse!
But nobody want to see this.
The security opt-out button should be labeled "I don't trust _ anyways", people in general won't read the rest of your message so have the button they're looking for instruct them how to behave.
My point is more that there shouldn't be a button to opt-out from security. (which is the case for HSTS)
And the same should be done to whatever solution comes up to make JS more secure/replaces it. I recently saw a talk about USB-Guard stating that asking the user security questions, results in more than 50 percent wrong decisions. Means you can throw a coin to get a better quote.
Sure, no code should be automatically executed from unknown third parties.
However, as of today, the mitigations we are talking about (of which disabling #JS by default is just one and absolutely not enough, even if the most controversial) are cheap and fast to introduce.
I don't see anything wrong with anonymized analytics by a company why has neither abused nor leaked personal data
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!