Archive for April 20, 2022

Wednesday, April 20, 2022

Removing AMP By Default

Brave (via Tim Hardwick):

Brave is rolling out a new feature called De-AMP, which allows Brave users to bypass Google-hosted AMP pages, and instead visit the content’s publisher directly. AMP harms users’ privacy, security and internet experience, and just as bad, AMP helps Google further monopolize and control the direction of the Web.

Brave will protect users from AMP in several ways. Where possible, De-AMP will rewrite links and URLs to prevent users from visiting AMP pages altogether. And in cases where that is not possible, Brave will watch as pages are being fetched and redirect users away from AMP pages before the page is even rendered, preventing AMP/Google code from being loaded and executed.

De-AMP is now available in our Nightly and Beta versions and will be enabled by default in the upcoming 1.38 Desktop and Android versions, and will be released on iOS soon after.

DuckDuckGo (via Kim Lyons):

NEW: our apps & extensions now protect against Google AMP tracking. When you load or share a Google AMP page anywhere from DuckDuckGo apps (iOS/Android/Mac) or extensions (Firefox/Chrome), the original publisher’s webpage will be used in place of the Google AMP version.

Previously:

Plenty of Tracking Despite App Tracking Transparency

Dan Goodin:

Last week’s research paper said that while ATT in many ways works as intended, loopholes in the framework also provided the opportunity for companies, particularly large ones like Google and Facebook, to work around the protections and stockpile even more data. The paper also warned that despite Apple’s promise for more transparency, ATT might give many users a false sense of security.

“Overall, our observations suggest that, while Apple’s changes make tracking individual users more difficult, they motivate a counter-movement, and reinforce existing market power of gatekeeper companies with access to large troves of first-party data,” the researchers wrote. “Making the privacy properties of apps transparent through large-scale analysis remains a difficult target for independent researchers, and a key obstacle to meaningful, accountable and verifiable privacy protections.”

The researchers also identified nine iOS apps that used server-side code to generate a mutual user identifier that a subsidiary of the Chinese tech company Alibaba can use for cross-app tracking.

[…]

They noted that Apple also exempts tracking for purposes of “obtaining information on a consumer’s creditworthiness for the specific purpose of making a credit determination.”

Nick Heer:

If anything, Goodin underplays this rather scathing report (PDF), in which researchers describe finding minimal changes in app-based tracking after the implementation of App Tracking Transparency.

[…]

But ATT was not as aggressive an anti-tracking measure as Apple may have hoped for or portrayed in its advertising. While IDFA use dropped, other attributes about a user’s phone are collected more often. Plenty of apps and SDKs are still tracking users without their consent or knowledge — most often, sending data to Google and Facebook, but also Unity, Verizon, and Oracle.

Previously:

How We Lost 54k GitHub Stars

Jakub Roztočil (via Hacker News):

Due to an unfortunate sequence of events, I accidentally made the project’s repository private for a moment. And GitHub cascade-deleted our community that took 10 years to build.

[…]

It’s a peculiarity of GitHub, to put it mildly, that making a repo private permanently deletes all watchers and stars. I was even aware of this, and I obviously had no intention to make httpie/httpie private. So, why then?

The proximate cause was that I thought I was inside a different repo; one with no content and zero stars.

[…]

The problem is that the [confirmation] box looks exactly the same for repos with no commits and stars and for repos with a decade-long history and 55k stargazers and watchers.

[…]

The GitHub team themselves accidentally made the GitHub Desktop app repo private once. And they restored everything for themselves within hours.

Previously:

GitHub Deleting Contributions From Russian Developers

Jesse Squires:

According to various reports ([1], [2], [3], [4]), GitHub is suspending accounts of Russian developers and organizations linked to or associated with organizations sanctioned by the US government over Russia’s invasion of Ukraine.

[…]

It is unclear to me what GitHub’s intended result was with these account suspensions, but it appears to be incredibly destructive for any open source project that has interacted with a now-suspended account. On a service like Twitter, you can visit the placeholder profile of a suspended account and see a message communicating that the account is suspended, and other users’ @mentions of the account still link to the suspended account’s profile. On GitHub, that’s not how it works at all.

Apparently, “suspending an account” on GitHub actually means deleting all activity for a user — which results in (1) every pull request from the suspended account being deleted, (2) every issue opened by the suspended account being deleted, (3) every comment or discussion from the suspended account being deleted. In effect, the user’s entire activity and history is evaporated. All of this valuable data is lost. The only thing left intact is the raw Git commit history. It’s as if the user never existed.

Previously:

DuckDuckGo, youtube-dl, and Bing

Ernesto Van der Sar (via Hacker News):

Privacy-centered search engine DuckDuckGo has completely removed the search results for many popular pirates sites including The Pirate Bay, 1337x, and Fmovies. Several YouTube ripping services have disappeared, too and even the homepage of the open-source software youtube-mp3 is unfindable.

[…]

The most surprising omission, by far, is that the official site for the open-source software youtube-dl is not indexed by DuckDuckGo. This site certainly doesn’t host or link to any copyright-infringing material.

Jesse Squires:

This is quite the predicament. Seemingly, everything is fine. Yet, for some reason my website has been delisted from Bing. I’m perplexed. But to be honest, I’m not that concerned about Bing — I really just want my site indexed by DuckDuckGo again.

[…]

All of this emphasizes the frustrating lack of transparency around search engines and how they work. It is infuriating to be essentially helpless trying to debug and resolve issues with your site not being properly indexed. I will forever lament that search was not a core component of the Internet itself, but was instead a feature that private corporations had to bolt on top.

Gabriel Weinberg (Hacker News):

First, there is a completely made up headline going around this weekend. We are not “purging” any media outlets from results. Anyone can verify this by searching for an outlet and see it come up in results.

Similarly, we are not “purging” YouTube-dl or The Pirate Bay and they both have actually been continuously available in our results if you search for them by name (which most people do). Our site: operator (which hardly anyone uses) is having issues which we are looking into.

Jesse Squires:

However, this doesn’t explain the fact that even a search for my name or website without using the site: operator yields no relevant results.

Ernesto Van der Sar:

Interestingly, both YouTube-dl and Thepiratebay.org still don’t show up on Bing.

[…]

A DuckDuckGo spokesperson confirmed to TorrentFreak that the issues are related to Bing data.

Ernesto Van der Sar:

It’s understandable that DuckDuckGo wasn’t happy with the coverage. However, the problem was real. And since it’s emanating from Bing, other smaller search engines that rely on that data may be affected as well.

“Since these occurrences originated on Bing, they were passed down to our results, as well as other Bing syndication partners,” Goodman clarifies.

For DuckDuckGo, it may be tricky to resolve the issue permanently as long as it relies on Bing.

[…]

While looking into these issues, we noticed that Bing also affects DuckDuckGo in other ways. From what we can see, the DMCA removals also spill over, including the inaccurate ones.

Previously: