Merge pull request 'Remove HTTP/FTP mentions' (#4) from smnthermes/SpywareWatchdog:master into master

This commit is contained in:
Baobab 2020-05-02 22:19:14 +02:00
commit bb7df6957e
5 changed files with 2 additions and 117 deletions

View File

@ -9,9 +9,7 @@
<h1>Comparison between web browsers</h1>
<p><a href="../articles/index.html">Back to catalog</a></p>
<p>
It's important to notice that because web browsers and the services they access are built on top of using the spyware protocol HTTP, they CANNOT respect your privacy.
But beyond that, because we have to use web browsers, it's useful to list them by how much spyware they have in them. This purpose of this article is
not to rate each web browser in a vaccum, like articles on this website that focus on one specific web browser, but rather to compare all of the
This purpose of this article is not to rate each web browser in a vaccum, like articles on this website that focus on one specific web browser, but rather to compare all of the
web browsers that have been rated on this website against each other. This is a ranking that is based on how much Pirvacy a browser offers by default, as well as, how
much privacy can be gained by configuring it.
</p>

View File

@ -1,27 +0,0 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="../style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>File Transfer Protocol</h1>
<p><a href="../articles/index.html">Back to catalog</a></p>
<p>
FTP is a protocol used for transferring files over a computer network.
</p>
<h2>Spyware Level: <font color=lime>Not Spyware</font></h2>
<p>
FTP does not collect any information than the absolute minimum needed to provide its service. As such you could say that FTP's information is only incidental to the service it provides. So, FTP is not a spyware protocol. You are only giving up your IP address, which of course is required can be hidden through proxies. FTP requires you to uniquely identify yourself as a user of a system to use its access control features, but beyond that it does not ask you for unncessary information about your computer, unlike the <a href="../articles/http.html">HTTP</a> protocol.
</p>
<hr>
<p><b>
This article was last edited on 5/26/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), contact us on XMPP over in spyware@conference.nuegia.net, or visit us at the git repo on <a href="https://codeberg.org/TheShadow/SpywareWatchdog">Codeberg</a>. All contributions must be licensed under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="../images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

View File

@ -1,84 +0,0 @@
<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="../style.css">
<meta charset="UTF-8">
<title>Spyware Watchdog</title>
</head>
<body>
<h1>HyperText Transmission Protocol</h1>
<img src="../images/w3c_logo.png" alt="World Wide Web Consortum: The maintainers of the HTTP standard">
<p><a href="../articles/index.html">Back to catalog</a></p>
<p>
HTTP is a protocol usually used for transferring HyperText Markup Language documents accross the internet.
</p>
<h2>Spyware Level: <font color=yellow>Medium</font></h2>
<p>
HTTP is a protocol that is not designed with the privacy of its users in mind. The language used in the HTTP specification explicitly says that
the protocol was designed with enabling the datamining of its users in mind, and contains features that are not absolutely necessary for the purpose of the
protocol, but allow the protocol compromise user privacy.
</p>
<h3>"User-Agent" Datamining feature</h3>
<p>
Section 14.43<sup><a href="#1">[1]</a></sup> of the HTTP specification details the "User-Agent"
spyware feature of the protocol that, when implemented, will attach information about your computing enviroment that can be used to track you.
The biggest danger of the User-Agent spyware is that there is no way to anonymously opt-out of this- even if you do not provide a user-agent,
because almost everyone else does, you will be tracked by the fact that you do <b>not</b> provide that information. There are many strategies
to mitigate this spyware, with only varying levels of success, but the problem is that this is the acceptable standard of how HTTP is used-
and not the forgotten feature that it should be. Not only does the User-Agent feature collect this unncessary information, its purpose is explicitly
stated in the protocol specifications to aid in datamining.
</p>
<p><i>
"The User-Agent request-header field contains information about the user agent originating the request. This is for <b>statistical purposes</b>, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. User agents SHOULD include this field with requests. "
</i></p>
<h3>Acknowledgement of HTTP's privacy problem</h3>
<p>
In the HTTP specification, the W3C explicitly acknowledges the serious privacy violations that implementations of this protocol are capable of comitting.
Section 15.1<sup><a href="#2">[2]</a></sup> of the HTTP specification has a very detailed analysis of
the implications of the comprimization of privacy that the User-Agent spyware allows to happen and suggests how to use the User-Agent feature: as an opt-in
feature where the privacy concerns of using such a feature are properly explained to the user. Even though this is a good section, it shows a very naieve
viewpoint from the W3C- the expectation that this feature would not be abused, and the expectation that implementers of this standard would respect the
privacy of their users and would not use these features of the protocol to datamine users.
</p>
<p>
At best, you could call this mindset naieve. Or, you could call it negligent. If you want to hold the W3C in contempt, you could call it malicious.
It's easy to write in your standard that while you could use this protocol to monitor the behavior of users, you should ask for their permission.
But once that standard is widely implemented, and is widely used for the exact malicious purpose that was acknowledged in its specification, who's
fault is that?
</p>
<hr>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">Section 14 of the HTTP/1.1 Specification</a>
<a href="http://webarchive.loc.gov/all/20160922055153/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[webarchive.loc.gov]</a>
<a href="https://web.archive.org/web/20180522154719/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[web.archive.org]</a>
<a href="http://archive.is/20180425174415/https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[archive.is]</a>
<a href="https://webarchive.nrscotland.gov.uk/20170610193333/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[webarchive.nrscotland.gov.uk]</a>
<a href="http://www.webcitation.org/6tcP2LTQW">[www.webcitation.org]</a>
<a href="http://arquivo.pt/wayback/20160108175646/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[arquivo.pt]</a>
<a href="http://veebiarhiiv.digar.ee/a/20150704125123/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[veebiarhiiv.digar.ee]</a>
<a href="http://webarchive.proni.gov.uk/20110424091530/http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html">[webarchive.proni.gov.uk]</a><br>
<a name="2">2.</a>
<a href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">Section 15 of the HTTP/1.1 Specification</a>
<a href="http://webarchive.loc.gov/all/20140118222005/http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">[webarchive.loc.gov]</a>
<a href="https://web.archive.org/web/20171216001049/https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">[web.archive.org]</a>
<a href="http://archive.is/20131016034135/http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">[archive.is]</a>
<a href="https://webarchive.nrscotland.gov.uk/20170612090136/http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">[webarchive.nrscotland.gov.uk]</a>
<a href="http://arquivo.pt/wayback/20110609222436/http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html">[arquivo.pt]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 5/14/2018
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), contact us on XMPP over in spyware@conference.nuegia.net, or visit us at the git repo on <a href="https://codeberg.org/TheShadow/SpywareWatchdog">Codeberg</a>. All contributions must be licensed under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img src="../images/cc0.png" alt="CC0 Liscence"></a>
</body>
</html>

View File

@ -76,7 +76,5 @@
<a href="../articles/poweriso.html">PowerISO</a><br>
<a href="../articles/cdex.html">CDex</a><br>
<a href="../articles/paint.net.html">Paint.NET</a><br>
<a href="../articles/http.html">HyperText Transmission Protocol</a><br>
<a href="../articles/ftp.html">File Transfer Protocol</a><br>
</body>
</html>

View File

@ -26,7 +26,7 @@
People who have helped maintain this website:<br/>
The Founder of the Site,
<a href="https://digdeeper.neocities.org">digdeeper</a>,
<a href="http://zsxjtsgzborzdllyp64c6pwnjz5eic76bsksbxzqefzogwcydnkjy3yd.onion/index.xhtml">metheperson</a>
<a href="http://zsxjtsgzborzdllyp64c6pwnjz5eic76bsksbxzqefzogwcydnkjy3yd.onion/index.xhtml">metheperson</a>, <a href="https://baobab.neocities.org">Baobab</a>, Alia Sarmor, <a href="mailto:qorg@vxempire.xyz">qorg11</a>
</p>
<hr>
<h2>Fan Made Pins</h2>