Preach it brother. It's annoying having to play whack-a-library trying to find out what obscure/non-sensical domains need to be whitelisted for basic functionality.
Preach it brother. It's annoying having to play whack-a-library trying to find out what obscure/non-sensical domains need to be whitelisted for basic functionality.
I use the uMatrix to browse the web and I generally have the setting of only allowing Javascript to execute from the domain of the site that I'm visiting. 3rd party Javascript is usually some sort...
I use the uMatrix to browse the web and I generally have the setting of only allowing Javascript to execute from the domain of the site that I'm visiting. 3rd party Javascript is usually some sort of tracking code and is a huge surface area for a malware attack!
But almost always these days I can't browse normal sites without enabling some third party assets, and I'm always picking and choosing through dozens of requests to dozens of different domains.
I love that tildes.net works out of the box and is only serving assets of its own!
JS isn't normally minified to obfuscate it. It's done to make the payload smaller and reduce network data. The best option is to minify and include a source map.
JS isn't normally minified to obfuscate it. It's done to make the payload smaller and reduce network data.
The best option is to minify and include a source map.
Its an extension called uMatrix. It gives you full control over what content is loaded from what domain. It super useful for killing all 3rd party trackers that are littered over the web.
Its an extension called uMatrix. It gives you full control over what content is loaded from what domain. It super useful for killing all 3rd party trackers that are littered over the web.
Almost all sites include scripts and other assets that come from other sites/companies, which do have legitimate uses in a lot of cases but also have negative privacy and security implications,...
Exemplary
Almost all sites include scripts and other assets that come from other sites/companies, which do have legitimate uses in a lot of cases but also have negative privacy and security implications, including effectively allowing those other companies to track users on the site. As an example, the screenshot of reddit in uMatrix that @spit-evil-olive-tips posted shows all the domains that are involved when you're using reddit.com.
The domains at the top (reddit.com, redditmedia.com, redditstatic.com) are all "first-party", they're owned by reddit and the scripts/css/etc. coming from those domains should all be directly associated with reddit itself. In the screenshot, they're all shown in green because @spit-evil-olive-tips has "whitelisted" them, which tells uMatrix that it's okay to load and run that content.
All the domains at the bottom (aaxads, amazon-adsystem, google-analytics, googletagservices, moatads) are all "third-party" ones—separate advertising/tracking services that reddit is using. You can see that there's a "1" in the "script" column for each of them, indicating that there's one script included from each of those domains. Those are in red because they're being blocked and not allowed to run. However, users not using uMatrix or other blocking extensions would have all of those scripts being run in their browser to display ads, track their site usage, and so on.
Direct link to the image, because Imgur albums will not work unless you let them both run JavaScript and store cookies: https://i.imgur.com/8fgRcy6.png
Direct link to the image, because Imgur albums will not work unless you let them both run JavaScript and store cookies: https://i.imgur.com/8fgRcy6.png
Friendly reminder, if you haven't already, to consider donating to Tildes to help keep development and hosting going.
Preach it brother. It's annoying having to play whack-a-library trying to find out what obscure/non-sensical domains need to be whitelisted for basic functionality.
I use the uMatrix to browse the web and I generally have the setting of only allowing Javascript to execute from the domain of the site that I'm visiting. 3rd party Javascript is usually some sort of tracking code and is a huge surface area for a malware attack!
But almost always these days I can't browse normal sites without enabling some third party assets, and I'm always picking and choosing through dozens of requests to dozens of different domains.
I love that tildes.net works out of the box and is only serving assets of its own!
Even better,
tildes.jsis unobfuscated and annotated!JS isn't normally minified to obfuscate it. It's done to make the payload smaller and reduce network data.
The best option is to minify and include a source map.
That's a good start ;)
No external javascript libraries needed to be whitelisted for Tildes.net to work.
Its an extension called uMatrix. It gives you full control over what content is loaded from what domain. It super useful for killing all 3rd party trackers that are littered over the web.
Here's reddit under uMatrix, by comparison
Wow. Are all the advertising ones removed if you have Reddit Premium (which removes ads) or do they continue to track you without showing you the ads?
I'm a CS student and I don't know what's going on, or rather I read comments about what was going on and I still don't know what's going on. ELI2?
Almost all sites include scripts and other assets that come from other sites/companies, which do have legitimate uses in a lot of cases but also have negative privacy and security implications, including effectively allowing those other companies to track users on the site. As an example, the screenshot of reddit in uMatrix that @spit-evil-olive-tips posted shows all the domains that are involved when you're using reddit.com.
The domains at the top (reddit.com, redditmedia.com, redditstatic.com) are all "first-party", they're owned by reddit and the scripts/css/etc. coming from those domains should all be directly associated with reddit itself. In the screenshot, they're all shown in green because @spit-evil-olive-tips has "whitelisted" them, which tells uMatrix that it's okay to load and run that content.
All the domains at the bottom (aaxads, amazon-adsystem, google-analytics, googletagservices, moatads) are all "third-party" ones—separate advertising/tracking services that reddit is using. You can see that there's a "1" in the "script" column for each of them, indicating that there's one script included from each of those domains. Those are in red because they're being blocked and not allowed to run. However, users not using uMatrix or other blocking extensions would have all of those scripts being run in their browser to display ads, track their site usage, and so on.
The screenshot that @losvedir posted shows uMatrix on Tildes. There are no other domains involved, only tildes.net. That means that when people are using Tildes (whether they have any sort of blocking or not), their browser is only communicating with Tildes and not any third parties. This is one of the explicit technical goals of the site, and it should always stay this way.
This is how every website should be written.
Direct link to the image, because Imgur albums will not work unless you let them both run JavaScript and store cookies: https://i.imgur.com/8fgRcy6.png