Hi Zig Forums, it's been a while since the last thread about this project, so I thought I would make a new thread because I've been more active in editing the website, and I have more free time now.
The Online Spyware Watchdog is a website I have been working on, on and off for a while, you can visit it here: spyware.neocities.org/
This is a website that is supposed to be a resource for learning about spyware- software that collects information about its users. It basically exists right now as a collection of articles that describe specific software, assigns it a "Spyware Score", and then has a detailed explanation of how that software spies on you. The idea of the website is that it's a living document, and that new articles and changes to existing articles are contributed to the website over e-mail. So, it's supposed to be a place on the internet that consolidates all the information about how a certain program is spying on you into one article- you'll notice that if you want to find out all of the ways that a program like Discord spies on you, the information is spread out across the privacy policy and several threads and forum posts that explain other spyware features that the privacy policy doesn't mention. This website is supposed to have a synopsis of all of that information so that people can be more aware of it.
Lately, the website has been getting a lot of traffic, a lot more than it was getting earlier, I think this is because a few weeks ago RMS created a page about why Discord is bad on his website linking to an article on the website: stallman.org/discord.html And then there was the controversy about Discord among Zig Forums users which happened more recently which probably drove a lot of traffic to the site as well. The website has had almost 40k total hits when i'm writing this. So since a lot of people are looking at the site, I thought I would fix it up a little (I've been working on it more and adding new articles lately) and make a new thread for it.
I didn't want to make the OP too big, so here is another post with some explanations of questions that I think would come up a lot in the thread:
A wiki, or git, or something would work better, but at the scale that the website is updated (maybe a few outside contributions per week) it's not an issue. You would have to have someone reveiw your edits anyway, so it wouldn't make the site update faster.
Sorry, I want to make it look better and i'm working towards that slowly. A lot of people have a lot of diffrent opinions on what the website should look like so I havent really changed the style of it much, I only recently fixed it up to use a global CSS file for the whole site. I'm not any kind of web developer, I only know the basics of HTML. I personally think that it looks OK, I agree that it could look better, but to me excessivley talking about the fonts and stuff kind of sounds like bikeshedding. (you can set up a custom user CSS file, right? I think some websites let you choose between certain "themes" with CSS ( but I dont know how to implement that yet) so maybe I will that in the future.
William Phillips
tell them there face looks like shit, change it Your site looks good to me
Lucas Cooper
UI looks refreshing to me to be honest. ((("""User friendly"""))) and/or mobile friendly UI is one of many modern cancers of the internet. Maybe change the background to a solid one and that's it, don't waste effort on it
Christopher Brown
(checked) (double-checked) They're probably shitposters or autists bitching because it looks like something from 1994. If you're gonna be the one solely updating this website, then just use what works.
Since you plan to update this site, I got some suggestions for to help informing users of your website.
Examples - untoggleable automatic updates, phoning home, connecting to analytics, etc. Common spyware tactics and scenarios that can be pointed out on their own. Examples - wireshark, firewall configurations, blocklists, etc. Tools and techniques you can use to defend yourself from spyware. Something for the future if you manage to have a lot of content on your site, I'm probably just repeating what you already have planned, but it's a thought.
If this sounds like a case of "redoing the basics" I understand, but some people that use this might not know this stuff.
>((("""User friendly"""))) and/or mobile friendly UI is one of many modern cancers of the internet. Software that is truly user friendly doesn't get in your way when you use it. The problem with this kind of modern website design is that they aren't about being friendly, they're about (((The User Experience^TM))). Also, being "Mobile Friendly" is just a way for them to be cut corners on an already cheap job so they don't have to implement two versions of the same website.
Benjamin Sanchez
I wont be creating all of the content (a few articles and passages in some of the articles are written by a couple of anons) but I will be the one who actually stitches the HTML together. The idea is that anyone can contribute to the site and help keep the articles relevant and expand the catalog.
I think that your ideas are pretty good about articles that warn people about how to identify and mitigate spyware. These are articles that I've thought about making , but haven't started yes- you can see the articles that aren't finished here: spyware.neocities.org/articles/index2.html
It's mostly stuff about web browsers right now because those are easy to write about.
Jace Phillips
You need to run your pages through a spellcheck. There's glaringly obvious ones on every page.
Oliver Carter
That's good advice. The text is a little hard to read in parts because of the background.
Otherwise, it's fine. Most people focus far too much on style over content. As a result, the web is stuffed with very pretty, but absolutely bloated and useless websites.
The entire website, with all of the images and pages, are 1mb, so 0.1% of how much I am allowed to store for free on neocities. It's pretty nice.
Also, i've changed the background so that it looks like pic related, I agree with you guys that it needed to have a more solid background, this is easier to read for me as well.
RMS featured your article on his website? You really should be proud. Sure, but keep it as simple as possible. I would recommend to take inspiration from the Dark Theme on stallman.org or textfiles.com/directory.html
John Gonzalez
Cool project.
Josiah Miller
Host that shit on IPFS
Andrew Anderson
The 90s look is charming. If you really need to do or just want to use a more complex design (multicolumn , modal dialogs , responsive) i'd just use bootstrap , either v3 or v4. It's gonna make the page like a generic modern page though and some shitposters are gonna screech but it's really simple to use without knowing css. The responsive grid alone is enough to make it worthwhile.
Adrian Butler
OP, I love how you designed your website. It brings me back to 1996. Keep up the good work!
Don't change a single thing about the layout. It's perfect! Simple and to the point.
Hunter Evans
nice site, i like it. thank you. (also yes, refreshing design) one tip for the articles: if this is meant for a general audience and not just 8ch/4chan, then maybe put "tracking" higher on the list of issues than "not open source". While closed source is suspicious, tracking features are outright proof of spying.
Isaiah Turner
protip: timestamps. policies change, so it would be good to know when these facts were last checked
Charles King
I noticed some pages had "Version tested" but others did not
Grayson Jenkins
bootstrap is the definition of bloat.
Nathaniel Stewart
I'd prefer the content of the articles to be in the center of the page, but other than that it's nice. Simple and effective.
Easton Richardson
fuck you
Hunter Collins
hello rettid OP, your site is good, but you need to be more elaborate on Telegram, while being (((open source))) it is not free software and is too harmful to be considered non-botnet.
Dylan Rivera
>(((open source))) Stop misusing echoes. Don't decrease their meaning to nothing more than "random shit I don't like".
Camden Mitchell
thanks for reminding me this exists hit "next" button nothing happens, just goes back to the same page with all fields cleared pure virtue signalling. now ill go back to my other 10 shithosts
Adrian Lopez
What's wrong with IPFS? It's literally one of the best ways to host a static or semi-static website right now.
Liam Parker
Open Source is an exact term used by jews and other cuck-licenced subversives to present their "heh-he we slapped a bunch of proprietary binaries with this poorly written code and put it on github, oops would you forgive us the fact we can't use git properly, all commits are outdated and software is not reproducible, who needs those sources anyways, download our apk on google goy market". I'm not even touching T*legram's joke "secret chats", shitty PR tactics and virtue signalling for Russian and Iranian audience, super secure central server (((in the cloud))) and phone number verification of course. Don't be a good goy and use XMPP instead. Free as in freedom.
I've started adding them to articles as I edit them. So you might notice some pages giving a date.
You're right, that the article about Telegram isn't the whole story- although I think you know a bit more about these problems than I do. If you want, you can edit the telegram article, and email me a version that is better. If you don't have time I will eventually get around to it.
The question about something being spyware isn't if it's free or open source- but if you can read the source code that you're executing to find out if it's spying on you. But I do agree that obfuscated, outdated source code isn't acceptable.
Dylan Scott
neocities is static web hosting.
Aaron James
I agree with this but I just use "open source" to mean something I can compile from source. telegram requires phone to sign up? i want to make a site listing non-internet services like google, microsoft, facebook, yandex, and games that do bullshit like require you to get an SMS from them before using. also sites that block IP addresses for no reason, sites that have a small whitelist of allowed emails, sites that use recaptcha, sites that require another non-internet service such as gmail or facebook to sign up, etc
Jace Wright
You could host it on Github too.
Anthony Miller
It's difficult to talk about "open source" or "software freedom" because specific groups, the Open Source Initiative, and the Free Software Foundation, try and enforce a monopoly on what those words and concepts mean. So, if you have a different opinion of what those things are, you will inevitably butt heads with people who want everyone to follow the meanings enforced by this monopoly.
To be able to know if a program is spyware or not, you have to be able to compile it from source- it does not need to meet any of the other requirements that it would need to meet to be called "Free Software" or "Open Source Software" according to the definitions of the FSF or OSI. So, I don't like to use the words "Free Software" or "Open Source Software" on my website because it implies that a program needs to meet all of the requirements set by those organizations to be called "Free" or "Open" for spyware concerns to be alleviated. If you can compile it from source, that is the only thing needed.
Although, I don't want to say that just because a program allows you to compile it from source, it isn't spyware. It just ensures that you can be aware of all spyware features, and that there is no spyware hidden inside of a binary blob.
Adam Moore
It's not a monopoly on the meaning of a word. It's their clarification on what they mean when they say the word. If you have a different meaning, that's your choice but don't be surprised when people get confused about your meaning.
Parker Bailey
Hosting on github is pretty easy tbh.
Logan Nelson
Should he add a CoC up his ass too? I've heard GitHub has a tool to make that easy.
Evan Hill
It is. Just tell them you want a CoC up your ass, and they'll send around a Bay Area girl (male) to give it to you.
reading through the forum it doesn't appear opt-in at all, and the developer appears to love sucking glowinthedark nigger cock all day and night long uncontrollably.
it the level should be bumped up to high. the "opt-in" is opting out by digging through a configuration file or flippling a compile-time switch.
these GZDoom spying niggers also pushed out all of the data collection BEFORE adding the dialog box to turn it off. they are going to sit and collect all the data they want, and THEN add the botnet opt-out dialog. These GZDoom niggers are terrible.
Jeremiah Walker
>Ruby and Rails
Bentley Thompson
it's too hard for the gzdoom developers to make a confirm dialog on linux, they are forced due to lack of resources to datamine everyone who installs gzdoom these fucking niggers it's literally 4-5 lines in C with gtk to pop a confirm dialog. 99% of linux users who are running a GUI will have gtk installed. they already list gzdoom as a requirement to build from source. Never install GZDoom, not even once. This should be labeled as extreme botnet spyware.
*they already list gtk as a requirement to build from source
Elijah Edwards
When everyone uses a word in that way, because of an organization promoting that meaning, its a monopoly (although I don't want to get stuck on this point). Luckily my website isn't about defining software freedom as a whole, but profiling one very specific type of software freedom. So, I don't have to worry about using words like "software freedom" and only have to worry about words like "spyware" which isn't in any of the software freedoms that the FSF and OSI describe.
If I end up changing hosts (probably not for a long time), I will possibly use git for article submissions, but I will not use GitHub for hosting or article submissions. I think that the other posts on this thread should explain it: GitHub is a very political platform that is pro-censorship.
Didn't they say it was opt-in? I specifically made that article to try and create a precedent for a spyware that could fit into the "Low" score. If you read this post later in the thread:
Even if this wasn't opt-in, that could only push it up to "Medium" since while I agree completely that GZDoom is spyware, compared to the other spyware that I wrote about, it couldn't ever be higher than that score. That would imply that something like Vivaldi is less of a spyware than GZDoom. Also because, I don't want to inflate the ratings of the software. (Think of review sites, where the average score is 7.5 and not 5 out of 10)
Look, I know that you guys are mad at me for not giving it a higher rating- but since you all seem to know a whole lot more about the situation that I do, it's probably for the best that one of you emails me an edited version of the article that properly explains the level of spying it does on its users, since I don't want to get things wrong a second time. For now will move it into the "unfinished articles" section of the website until either I get around to fixing it, or someone else emails me a version that is better. Feel free to put copious amounts of block quotes and/or screenshots of the forums where the developers explain their anti-privacy viewpoints.
David Gutierrez
read later on they already took the stolen data that was not agreed to and used it
Why not literally add an option into the option menu of the game itself. I don't think it would even be that hard to do.
Dylan Green
also just because someone removes the botnet the score should not be lowered. they can no longer be trusted.
would you lower the score on that stupid flight sim mod company who literally installed chrome password crackers and uploaded everyone's chrome passwords under the guise of trying to catch pirates? they claim they removed it now, but their score shouldn't be lowered either.
Luke Stewart
because they want to continuously datamine and are bitching an moaning that it's too difficult as an excuse.
David Thompson
You don't need to convince me anymore, I am agreeing with you... If you look at the page again, on my site, it clearly says that the article is being rewritten, and I changed the wording to clarify that it is not an opt-in feature.
Also I am still trying to judge, whether the "low" score is a bad score to give it or not. It's true that GZDoom is spyware, but if I say that it is "Medium", then I am putting it in the same place as much more egregious software that does things like phone-home every 24 hours. It's not that think what GZDoom is doing is acceptable, its just that when I give this program a score of "Medium" that would devalue the meaning of the "Medium" score.
Apparently neocities has IPFS already, but I don't really know how to open these URL's.
wow didn't know that. It works kind of ok for individual pages, but neocities' IPFS version is kind of shit because resources (stylesheets, images etc.) don't get linked properly and you can't see them.
Jackson Baker
modal dialogs are harmful. there's not even one valid reason to ever use one
Isaac Jones
Everything is a fucking botnet. I am using opera for 10 years. I am fucked beyond saving.
I decided to put the GZDoom article back up, I think it more accurately depicts the situation now. I kept it as "low" just because it doesn't have enough botnet in it for me to justify it getting another rating. Also, one of the contributors to the site finished the Pale Moon article, you can read it here:
I'm probably going to try and sort the catalog page into categories, soon. I think that I want a few more articles before that is needed, though. If you guys still have issues with GZDoom that you think aren't being presented well enough on the site, edit the article yourself and email that to me (that's kind of the point of the site anyway- that anyone can share knowledge about spyware)
Nolan Jones
REEEEEEEEEEEEEEEEEEEEEEEEEEEEEE i hate retarded shit like palememe's startpage. why do people even do this shit, it just makes the software crap, regardless of privacy issues.
Colton Thompson
Could someone please test SeaMonkey? Thanks.
Eli Turner
I guess this proves that (highly monolithic) free software is just as easy to compromise. You guys ought to be worried about systemd and the Linux kernel now.
Thomas Hill
I was going to stop bumping the thread, since it seemed to die off, but since it's already at the top of the catalog I might as well bring up that more articles have been added:
The iTunes article of course is a bit short, and probably doesn't capture the full extent of spyware hidden in that program, but it is a good start for someone who can do a more detailed analysis of the software to edit into something better. It at least portrays the level of data collection iTunes does and so I think it's good enough to show now.
The browsers.html article is a little different since it compares all of the web browsers that have been reviewed up against each other. Maybe such a tier-list is one that not everybody will agree with, but anyone can submit amendments with good rationales about what should be where on the list, so it should straighten itself out after that if there is something wrong.
This thread was successful in getting a lot more eyes on the website, and a lot of good feedback but unfortunately no new people submitted articles or amendments to the site because of it- hopefully in the future maybe in the future more people will want to write for the website.
Does systemd or linux contain any telemetry? You would think that such software wouldn't...
Tyler Cruz
I have no problem with monolithic free software because I will always have the freedom to change any part of it, no matter how complex it is.
When we talk about some critical shit like a browser, no, it's bullshit — users which are tech illiterate won't do manual updates, I've seen it countless times.
This should be fixed now, sorry I've been trying to keep the Unicode from sneaking in but it renders correctly on my browser so I miss it sometimes. I'll try and fix this problem in the future.
Charles Collins
You're doing it wrong. 0/10
Elijah King
The articles are written in English, so there isn't any reason for it to use Unicode. Unicode only gives the website compatibility problems without any real benefit beyond apostrophes that look different and slightly longer dashes.
Thomas Cox
Proper punctuation requires Unicode. Only in your horribly broken mental image of the reality.
Connor Powell
ASCII has all of the punctuation marks English uses- so I don't know what you mean.
Jack Butler
Factually incorrect.
John Phillips
Cancermojis are not English punctuation.
Owen Lewis
I didn't talk about them, you dinghole
Justin Cooper
Then, talk about punctuation marks that you need to use Unicode for. Don't just say "Factually incorrect." because that isn't how to explain it when I don't know.
Jason Foster
If you're hellbent on using the spellings "resumé" and "mediæval", or insist on using dashes, maybe.
Jayden Nelson
— – … (yes it's a single character) ≤ ≥ ≠ ÷ ✕ these were just a few examples
Samuel Barnes
But, why use Unicode for such things that can easily be constructed in ASCII? A good reason would be something that requires Unicode to express- maybe you have a point with your math symbols, but this website doesn't have a need to show math equations.
That being said, I am not going to object to anyone who wants to put a Unicode tag on their articles, or amendments to other articles, since it really doesn't have any harm to the site, so maybe I was being a little silly saying that it "should be ASCII" as if Unicode is not allowed. I just don't see any need for me to maintain or enforce this Unicode style (I can't even type those letters), so I won't spend time changing the dashes on all of the articles since that doesn't seem like a good use of time to me. You are of course welcome to go through all of the articles and change all of the dashes to long Unicode dashes and add the Unicode meta tag to the top, and then email your edited versions of the articles to me, and I'll put them up.
Landon Foster
This is only a problem of your sub-par keyboard layout. But it's easy to solve on most modern OS. Do you mean to send the HTML files? You write HTML by hand? Anyways, it's doable. Maybe I will do this.
David Morris
I have no issue with Discord tbh.
Logan Clark
sent you the edited chrome page, check it out
Grayson King
Okay, I have updated the chrome article, and yes I write all of my HTML by hand, neocities has a text editor on its site and I mostly use that for this website, I don't know what anyone else who writes for the site uses though. I am not really a web developer at all, so that's the reason that my way of doing things is so amateurish, because I don't know much beyond basic HTML constructs. When I say at the bottom of every article, to email me amendments and new articles, I just mean emailing HTML files so that I can merge them in by hand.
Thanks a lot for helping out with the site, I do appreciate it.
Isaac Jones
No, he's doing it right. Adding more complexity for the sake of itself is part of the reason you have all this botnet shit to begin with. ASCII symbols are good enough here. Ironically I've been on retro computer sites where the dude writes his webshit in unicode, and when you view the document on an actual retro computer, it looks like ass.
Charles Jones
don't all blink-based browsers download a binary blob on first run, i think that feature was specifically removed from ungoogled-chromium before it was abandoned
Sebastian Hernandez
I heard about this from a friend as well, as long as there is more info and a way to verify that it happens on all of the blink-based browsers that currently have articles on the site , then that should be included...
I looked it up and apparently the name of "hotword-x86-64.nexe". I have both google chrome, chromium, and google chrome canary installed but only google chrome seems to have downloaded this blob. Maybe I should download the other blink-based browsers and check for it coming up.
Ironically, writing for this website is damaging to my privacy, because it involves installing a ton of malicious programs and seeing what data they report about you.
Leo Hall
This is not a retro-computing resource. Unicode is a world wide accepted standard and it's necessary for correct representation of any natural written language (compared to dumbed down versions with incorrect punctuation, etc.). Deal with the facts of the year 2018, kid.
Dominic Thompson
Use a VM. Or maybe, if you have spare computers, install an unlicensed copy of MACROSHIT WANGBLOWS with none of your data and use that.
Liam Nelson
I made my case, so enjoy your botnet since you want to indulge in it so badly.
Mason Carter
wut?
James Carter
that was a few years ago and it appropriately caused a shitstorm, google initially on their bug tracker claimed that nothing was wrong of course and just shut up and eat the binary blob but changed course after the outrage and removed it before debian and every other distro removed chromium from their repositories.
google saying shut up and take the blob Comment 14 by [email protected], Jun 19 2015#11: "If the software downloads and installs a closed-source binary, how do we know when it runs and when it doesn't?"Because the open source software has complete control of when the binary runs. You can look in the source code to see when it decides to start up and shut down the hotword module (I gave instructions on how to do that in the other bug).Providing an extra step to install the module would be unnecessary friction for our users. There is literally no difference between downloading the module (without running it), and not downloading it, except a tiny amount of bandwidth saved. There is no difference from a privacy or security standpoint, because unless we run it, it can't do anything, no matter what behaviour it might contain within.#13: "Once the blob is on the system the security risks have been increased". From our perspective, the blob is just another part of the Chrome codebase (just with a weird delivery mechanism). You could make a similar claim for any feature of Chrome, "it shouldn't be installed unless I ask for it." But that's not how software works. We don't download individual features of an application on demand. It's your choice whether to enable a given feature. But users generally don't get a choice of *which* features are downloaded when you download software. That's just never been the way software has worked.
google shutting it down Comment 24 by [email protected], Jun 19 2015Labels: Restrict-AddIssueComment-EditIssueThe bug tracker is for tracking technical development work, not debating policy or, even more, ranting about how Google is evil and you're deleting all Google software from your devices.Closing to additional comments.
google removing the hotword module from chromium due to MSM picking it up and causing outrage Project Member Comment 25 by [email protected], Jun 24 2015The following revision refers to this bug: chromium.googlesource.com/chromium/src.git/ /a38832be9fef269ae1f3a191a9b69432aaf680c4commit a38832be9fef269ae1f3a191a9b69432aaf680c4Author: mgiuca Date: Wed Jun 24 01:25:14 2015Remove hotword installation code at compile time if hotwording disabled.If enable_hotwording is false, the code to download/install the hotwordshared module is compiled out.(This should not change behaviour; it was already disabled at run-time,this just removes the installation code from the build.)
Maybe it turned into a little bit of a rant at the end, but I think it's important to write things like these, because I can't find the same opinion anywhere online besides a few posts on Zig Forums now and then, and those aren't a permanent resource for people to learn about those ideas.
It being 2018 doesn't make Unicode necessary for this site: also, the punctuation is correct either way.
That's a good idea, but why are you responding to yourself as if I responded to you, writing it off? I don't understand.
I actually received an email once that, among other things, linked to a GitHub account that automatically uploaded obfuscated JavaScript code that it extracted from Discord every time it updated, claiming that this "solved the problem" of Discord not being Open Source. (this is it , if you're curious: github.com/DJScias/Discord-Datamining)
Parker Morris
(me) is not the same person as .
Austin Murphy
No. Whatever you do don't add more js and css into it. It's fine now. You should just add a small icon next to each program under "browse articles".
