Reminder: web bloat is hazardous

Covering technology based topics including cryptocurrency, 5G, nanotechnology, IT, transhumanism, AI, surveillance and cyber security.
Post Reply
User avatar
BananaMulcher
Posts: 781
Joined: Sun Apr 04, 2021 1:41 am
Location: 🏴‍☠️
Has thanked: 322 times
Been thanked: 784 times

Reminder: web bloat is hazardous

Post by BananaMulcher »

It is pretty common knowledge that javascript is a huge attack vector, and recommended to disable or block unless you're using a site which absolutely needs it. However, CSS may also be worth blocking by default. Here is an old post detailing how it can be used to record user session mouse movement, no javascript necessary. Or, for the non-technical, this kind of tracking can be mitigated by navigating by your keyboard instead.
"It will make things difficult, if it becomes known among the peoples of the Weave that they have among them a new ally who happens to be immune to our particular kind of gentle persuasion."
User avatar
BananaMulcher
Posts: 781
Joined: Sun Apr 04, 2021 1:41 am
Location: 🏴‍☠️
Has thanked: 322 times
Been thanked: 784 times

Re: Reminder: web bloat is hazardous

Post by BananaMulcher »

Some sites have been found to port scan your computer upon visiting, or requesting certain pages. This, again, is possible via script which will load and run automatically unless you take blocking measures. A list of the perpetrators was shared by an article covering the TreatMetrix suite responsible for enabling this. The suite is sold under the prospect of "protecting" against fraud. For the greater good. Sound familiar?

If you visit, or have visited, the following sites, you were probably subjected to a port scan attack;
  • Ebay
  • Citibank
  • TD Bank
  • Ameriprise
  • Chick-fil-A
  • Lendup
  • BeachBody
  • Equifax IQ connect
  • TIAA-CREF
  • Sky
  • GumTree
  • WePay
  • Netflix
  • Target
  • Walmart
  • ESPN
  • Lloyd Bank
  • HSN
  • Telecharge
  • Ticketmaster
  • TripAdvisor
  • PaySafeCard
  • Microsoft
and others. I imagine many crowhousers are already running some sort of ad blocker or content blocker. But if you aren't already, I implore you to check out extensions like noscript, uBlock, or at the very least disable javascript in browser settings.
"It will make things difficult, if it becomes known among the peoples of the Weave that they have among them a new ally who happens to be immune to our particular kind of gentle persuasion."
User avatar
Liberalis
Site Admin
Posts: 1164
Joined: Thu May 07, 2020 9:46 pm
Location: Gaia
Has thanked: 2018 times
Been thanked: 1642 times
Contact:

Re: Reminder: web bloat is hazardous

Post by Liberalis »

Very good advice BM!

I use uBlock origin extension and have used it for years now. It performs great and isn't heavy on cpu.
"In the age of information, ignorance is a choice"
User avatar
ryo
Posts: 214
Joined: Sun Feb 13, 2022 3:53 pm
Location: 🇯🇵
Has thanked: 42 times
Been thanked: 149 times
Contact:

Re: Reminder: web bloat is hazardous

Post by ryo »

I don't think navigating by keyboard would really solve anything.
While you're not using your mouse, the browser still emulates mouse clicks at whatever spot you "click" by keyboard.
Similar thing with touch screens, if you happen to have a Linux phone running Phosh (or anything else that's not Plasma Mobile or Lomiri) as the DE, you can enable the cursor and see it for yourself.
Or otherwise an Intel-based Windows tablet running any desktop Linux distro of choice would do the trick too.

Blocking CSS in addition to JS reminds me to gopher.
Would be better to do so on gopher, because at least you can still choose the background and text colors by yourself.
On HTTP you'd be stuck with black on white, unless you insert colors using inspect element, which requires CSS to be enabled to even change (or you'd do it old skool like inserting color arguments into the body tag, why not?).

Perhaps a better idea than uBlock would be to use uMatrix instead.
Because uMatrix gives so much more control uBlock can't give.

As for web bloat in general, this is modern soydevs at work.
"Oh, this API is giving an error code... I know! Let's install yet another 2 GiB of NPM packages to solve this problem!"
Trying to kill a fly with a nuke like how I'd like to call it.
Personal site: https://ryocafe.site/
Soycial media: https://social.076.ne.jp/ryo
Video channel: https://video.076.ne.jp/c/ryo

I am not on Twitter, YouTube, Gab, Odysee/LBRY, Fakebook, Bitchute, DTube, Steemit, or any some other centralized SNS platform.
User avatar
BananaMulcher
Posts: 781
Joined: Sun Apr 04, 2021 1:41 am
Location: 🏴‍☠️
Has thanked: 322 times
Been thanked: 784 times

Re: Reminder: web bloat is hazardous

Post by BananaMulcher »

ryo wrote: Wed Feb 16, 2022 3:05 pm I don't think navigating by keyboard would really solve anything.
While you're not using your mouse, the browser still emulates mouse clicks at whatever spot you "click" by keyboard.
Similar thing with touch screens, if you happen to have a Linux phone running Phosh (or anything else that's not Plasma Mobile or Lomiri) as the DE, you can enable the cursor and see it for yourself.
Or otherwise an Intel-based Windows tablet running any desktop Linux distro of choice would do the trick too.

Blocking CSS in addition to JS reminds me to gopher.
Would be better to do so on gopher, because at least you can still choose the background and text colors by yourself.
On HTTP you'd be stuck with black on white, unless you insert colors using inspect element, which requires CSS to be enabled to even change (or you'd do it old skool like inserting color arguments into the body tag, why not?).

Perhaps a better idea than uBlock would be to use uMatrix instead.
Because uMatrix gives so much more control uBlock can't give.

As for web bloat in general, this is modern soydevs at work.
"Oh, this API is giving an error code... I know! Let's install yet another 2 GiB of NPM packages to solve this problem!"
Trying to kill a fly with a nuke like how I'd like to call it.
The keyboard mention was intended for readers who may not have the background to be comfortable with something like uMatrix. KB navigation doesn't solve the issue, but it lessens the impact when comparing to mouse movement which discloses a personally unique marker (accel/deceleration, movement speed, common curvatures, etc.) similar to profiling how individuals type.
"It will make things difficult, if it becomes known among the peoples of the Weave that they have among them a new ally who happens to be immune to our particular kind of gentle persuasion."
User avatar
ryo
Posts: 214
Joined: Sun Feb 13, 2022 3:53 pm
Location: 🇯🇵
Has thanked: 42 times
Been thanked: 149 times
Contact:

Re: Reminder: web bloat is hazardous

Post by ryo »

BananaMulcher wrote: Wed Feb 16, 2022 11:20 pm The keyboard mention was intended for readers who may not have the background to be comfortable with something like uMatrix. KB navigation doesn't solve the issue, but it lessens the impact when comparing to mouse movement which discloses a personally unique marker (accel/deceleration, movement speed, common curvatures, etc.) similar to profiling how individuals type.
CSS can't detect mouse movement on the fly unless you hover over a specific element or something, and even then all it can know is whether your cursor is hovering over that element or not, not the exact position.
I gave the source code a try, it works regardless of browser, but it basically confirms what I said above; it only detects whether you hover over the elements or not, the only reason why it knows where your mouse is is because that grid consists of such tiny boxes, and unless you want to make it so you can't click anywhere on a given website, I don't expect this to be used on live websites any time soon.

So while it's a privacy risk, and I recognize that things can evolve to the extend that it can be used on live websites, it's rather minor compared to JS.
Personal site: https://ryocafe.site/
Soycial media: https://social.076.ne.jp/ryo
Video channel: https://video.076.ne.jp/c/ryo

I am not on Twitter, YouTube, Gab, Odysee/LBRY, Fakebook, Bitchute, DTube, Steemit, or any some other centralized SNS platform.
Post Reply