11

7 comments

[–] pembo210 2 points (+2|-0) Edited

I really like this, but I have privacy concerns..

Do you plan on launching a full site anytime soon explaining everything that's going on? or your stance on ads or sponsored link positioning?

[–] x0x7 [OP] 1 points (+1|-0) Edited

Oh yeah. It was written sort of as a joke. It has exactly the relevant privacy concern as the gab chat addon, which are either zero or a significant one depending on your views.

So ultimately from a security standpoint it's the same application. An addon is placing content into a page based on data from a server based on data produced socially, which also has access to most of your history if it wants it. You know gab is going to be grabbing that right.

So to down play this a bit it's not at all different from what people put up with already. If a page has something as simple as a facebook like button on it the developer actually includes a script tag that downloads more javascript that also records your browser history, and is able to inject content into the page.

If you use google translate on a page it's really the same story. Third party content injector talking to a server that has access to the content of your page. Likely there is already google ad sense on that page before you decide to translate something, and there we have the same story again.

So I had actually had this idea for a while but I realized people would have privacy concerns but when Gab put out their comment system I thought to myself, well apparently people are cool with it so maybe people want this kind of thing.

So that really is the tie into gab, is they have similar security expectations. One difference is that the basis of the app reveals more transparently the security issue. It's the difference of sushi and seshimi. In one you can see the raw fish. How it's handled really matters the most.

Also if you think about it since it uses a similar algorithm to youtube, youtube also needs your history which they have.

So more specific to how I've done things I don't store any history on the server in a way that's specific to one person and I don't log ip addresses. I have no plans to make money out of it.

It uses a weighted bi-directed graph to relate urls together. It uses the prior places you went and where you are now to add weighs to the graph and it forgets the data. That's why the script stores the history on the client side rather than having some history tied to some session. Once its weights are updated it doesn't remember anything else and has to be reminded again the next time. One consequence to that is if someone wanted to game it they could. I'm hoping there is some way I can use an addon feature to make it so only data from the app comes in.

Grease monkey has an XMLHttpRequest that ignores CORS. I opened up the CORS on the server so that I could use jquery, but if I close that up and use the GM_XMLHttpReqest at least I could prevent people from posting to it from their browser console.

But yeah, it's an art piece. The security aspects are sort of the statement. It's interesting that we don't have tools like this because we like the aperance of security but we do have tools like ad sense because we don't actually care about security.

Of course the only people who are going to leverage poor security and polish it enough that it's not apparent to you are big corporations who will log everything and sell your data, and not people who waste their day making software art that intentionally makes the sketchiness of the situation obvious.

But part of me does want people to use it because it would be a useful tool, plus it's no more dangerous than visiting a page with cloudflare on it. Actually that's worse. They have your browsing history and your passwords.

[–] Dii_Casses 1 points (+1|-0)

I mildly trust gab enough to give Dissenter a shot, but not some rando. Especially for such a questionable "feature". Good luck, though.

[–] x0x7 [OP] 2 points (+2|-0) Edited

That's cool. The whole point was to get reaction and create a toy people might play with.

I don't think people will think it's amazing. Just not something you see every day. And ask the question what would the internet look like if we didn't care about privacy.

[–] pembo210 2 points (+2|-0) Edited

That's kinda what we were just talking about this morning. Your timing couldn't be better.. or worse, depending on how you look at it. We're throwing all the crap at you that we already talked out in the chat :p

Is "track what I do and [anonymously] use it to help other peoples' experience" a direction that the web could go? or at least include? Can that data be collected, sorted, and reused without making lists out of people?

Dissenter is a sweat idea, but their webserver gets your location/url/timestamp every time you load a page. Kinda like installing analytics on yourself for all sites.

Is there a way to make these site association lists p2p or disseminated in other ways, but still be useful for current day-to-day trending info?

This is an amazing and awesome quick execution of a concept that may be the future of the web in some way, but boy does it make the hair on the back of my neck stand up thinking about the privacy stuff.

[–] x0x7 [OP] 1 points (+1|-0) Edited

Hmm. Centralizing the end graph is a necessity for quality. If you had more users and thus more data you could sacrifice that a bit.

What could be done, in theory. I'm not going to do it (time). Is set up collector proxies. You would need to pool multiple people to run a smaller version and then export the result to the centralized one.

That does mean someone is getting your history, but it might be someone you know (worse?). If you ran it locally and then exported the graph to the central server you might as well just give the history.

Now perhaps if everyone, and I mean everyone, was using tor it could be sent to an onion site that wouldn't know your ip address.

But I've said this for a long time. Almost no body cares about your ip address. They care about your usernames and session cookies. Those associate across devices and locations (work) and don't get mixed up with separate users in a household. If a company doesn't have a username for you (google doing analytics on some article) they will create a temporary session for you with third party cookies because of how much better session associated data is compared to ip addresses. So does tor or vpn really help?

It's pretty funny how much vpn usage there is without usage of things like ublock, privacy badger, user-script sanitizers, cookie containers.

I guess options are a thing. You could in settings set things as read only. But that would only work if you had more users so you could get good enough coverage out of the people who don't click that option. People do like to influence things.

If I were to pursue this further, which I probably won't, I have so many project (have you checked out https://js.lifelist.pw), but if I did I would probably focus on getting the titles better so that people just think it's worth it if the links are that good. (notabug's titles are just always "notabug", voat's v/all and v/all/new produce the same title, your site has some signin pages).

So the goal would be to find url types that are just worthless and block them and to interpret titles better.

Maybe I could include upvoting and downvoting. Whether that just tells me what's producing bad links or if it impacts the associations it might be good.

So I actually built a much poorer system for this when I ran gvid.pw which was a youtube alternative. I recently built a more generalized suggestion engine that just takes the pathname to a leveldb and it does the rest. So this was also a proof of concept for using it.

So I didn't build the suggestion engine just for this. I already had it and plan to use it back on gvid when I relaunch it and a distributed video standalone app I've had planned for a little over a year.

Also on js.lifelist.pw. "You've imported this module in your code you might try this one." "You used this app you could try this one." It's infinitely useful.

[–] MirrorMan 0 points (+0|-0)

I haven't looked into how dissenter functions, but I presume the comments made can only be seen by others using dissenter. That is just an evolution of echo chambers. I really can't see any good coming from participating in a closed loop conversation. I see much potential for organized interference or in ill faith record collection.