Many well-meaning groups run websites to support people working for social change. Often change that would threaten the selfish, short-term interests of the wealthy and powerful.
Far too many of those websites serve spyware like GoogleTagManager to their visitors, which collect their personal data. This personal data is then fully available to any governments that participates in the "5 Eyes" spy alliance, using tools like #XKeyScore:
There are many names for organizations that collect personal information about their supporters and pass them on to the authorities; none of them complimentary. The most polite one I can think of is "honeypot".
If you run websites that serve radical change-makers, please make sure they're not serving JavaScript from third-party domains. Also, please audit the JS you serve from your own domain - and all it's dependencies - to ensure it's not serving spyware. Do it regularly.
@lydiaconwell
> Like how do you avoid serving JavaScript from third-party domains
In order of preference (mine):
don't use any JS at all. If a site just publishes text, images, or audio/ video, use a static site generator (eg fediverse.party does this).
if your site does something (useful) that can't be done with HTML/CSS alone, host all the required JS on your webserver and serve it from there (eg https://pad.disroot.org/ )
@lydiaconwell The only other thing in those posts that might be worth fleshing out is this;
> please audit the JS you serve from your own domain
People often copy'n'paste chunks of JavaScript code from StackOverflow that seem to do what they need. This is fine, but it needs to be checked for hooks that try to load JS from a third-party server.
Some people download entire third-party JS modules and serve them from their webserver. These modules often depend on other modules, and so on down. Any one of these modules can contain hooks that try to serve JS from third-party domains.
Other people run JS on their server - rather than sending it to a visitor's browser - using things like nodejs and npm. I'm reliably informed that this is a bad idea:
I'll have to think about this. I agree with the diagnosis but I'm not so sure about the treatment plan. Yes, even the good journalists employed by The Guardian are compromised by their owners, advertisers, and editors, as well as the self-censorship that comes with working for a comprised publication. And yet, it seems to me that refusing to link to the useful articles there is like refusing to link to good software projects because they're hosted on GH.
I get the purpose. I'd certainly want to see this boycott consistently applied to every news media to the right of the Guardian too. If not, it's definitely throwing out the baby with the bathwater.
@strypey Not necessarily. I wouldn't call the Guardian something of value.
There's a lot of harm coming from a liberal newspaper that positions itself as the voice of the left. In that sense the Guardian is merely the guardian of what left wing discourse is acceptable and what isn't.
The Guardian has proven itself to be establishment friendly, helping to denouncing ideas that threaten establishment interests, and being uncritical of western foreign policy.
@lydiaconwell
I don't disagree with any of this, as far as it goes. But I'm interested in consequences, not feel-good moralising. Which is one reason I agree with Mark Fisher (RIP) about exiting the Vampire's Castle (Guardian's editorial line on Corbyn is a classic example of the VC at work).
@lydiaconwell
The likely consequence of a boycott that only targets The Guardian is that they lose advertisers to more right wing papers. The result? TG laying off staff and right wing rags being able to hire more. That's a net loss for the left. TG may not be on our side, but many of the writers they employ have been (eg those who worked with WikiLeaks). Whereas the writers at right wing rags definitely aren't.
@lydiaconwell
> There are independent journalists doing very good work. Why not share and support them instead of the Guardian?
Given two options, I take the third. Why not support both, on a case by case basis?
There are journalists at the Guardian (and liberal media in general) doing very good work too. Despite the limitations of their employment. If the Guardian get less hits on their left-leaning writers than their right-leaning one, what do you think will happen?
@strypey I think you overvalue the Guardian. They get their news from the same news corporations all the others get it from - ie. Reuters, Associated Press, etc.
That in itself is one of the filters that prevent newspapers widening their coverage.
The only difference is the opinion pieces and that's where the Guardian tells the left to support Starmer or NATO wars.
@strypey Well, yes. One thing missing in the world is a genuine left wing newspaper. If I had the money and time, I'd might consider setting one up.
I think a free newspaper would be good which takes advertising from local small businesses. You could start it in one city, and if it works, you could expand.
But the online left doesn't do news. Which is a real shame.
@lydiaconwell
> the online left doesn't do news. Which is a real shame
Not since the collapse of Indymedia. My suspicion is that we don't do news for the same reason we don't run giant social media platforms (Indymedia was a hybrid of both). We lack the resources at the local scale, and certain flaws in our political practice make it impossible for us to sustain collaboration at larger scales. IMHO Indymedia was killed by an early example of the dynamics described here:
@strypey I have to say though, that yours is precisely the centrist attitude:
It's like people who still insist in voting for the UK Labour party.
Yes, the Tories are terrible, but Labour is only Tory lite. Supporting that is not an option because it endorses a terrible system that produces no genuine choice.
It's the same with the Guardian I'm afraid. Any endorsement of it will be read as it's doing a good job, therefore no need to be better.
@lydiaconwell
> It's like people who still insist in voting for the UK Labour party
This would be a fair comparison if you could only pick one newspaper to read for 3-4 years at a time. Fortunately news media doesn't work that way. It worked more like that in the print era, when you had to subscribe or buy a whole paper to read one article. But websites have analytics (for better or for worse), they know which articles are getting more eyeballs.
@lydiaconwell
> I'm saying to use dump the guardian so they can't monetise your eyeballs.
Whose eyeballs? The left. Which articles will then get more readers according to TG's analytics? The centrist and right-leaning ones. What will a business that sells eyeballs to advertisers do, if it's left-leaning articles are getting less eyeballs than everything else they publish? Publish less stuff that's left-leaning, of course.
So does your intervention make TG better or worse for the left?
@lydiaconwell
A better intervention would be to promote the use of tracking-blockers ("ad-blockers"), by everyone, regardless of their political biases. That way, TG and the rest of the corporate media don't make any money from surveillance advertising. Regardless of whether people read their articles or not.
@lydiaconwell
> yours is precisely the centrist attitude
Centre-leftists typically think that anyone who isn't them is to the right of them. The radical left does, in fact, still exist, even if we are aging out ;) I've been involved in setting up and running community newspapers and activist new websites (eg the Aotearoa Indymedia). I'm no fan of any corporate media platform. But I also know better than to cut off my nose to spite my face.
The idea that the state-corporate media are "the mainstream" is in itself propaganda. The very concept of a "mainstream" sneaks in another propaganda point; that thinking like a majority is the same as being fair and balanced. I challenge both these notions.
Anyone know of tools that web devs can use to test whether their website is serving third-party JavaScript? What about tools that help them search through their web code and track down the hooks that are pulling in JS from third-party domains?
@strypey To misquote an old programmer's addage: If builders made buildings the way developers make websites, the first woodpecker to come by would destroy civilization.
@strypey this is impossible to do with 100% coverage for multiple reasons but there are several methods that could probably be done to find obvious js.
sites using react or vue or angular et al generate the entire site in javascript dynamically, so to parse it you'd have to run a headless browser before you could detect it using offsite JS. There are still many ways to intentionally or unintentionally obfuscate a remote call.
Add comment