Commit 8a7b53e6 authored by Aral Balkan's avatar Aral Balkan

Merge branch 'master' into source.ind.ie/better/content/issues/234

parents 5bb6444b dea78a54
# EasyXDM.js
## What is it?
According to its [Github repository](https://github.com/oyvindkinsey/easyXDM): “a Javascript library that enables you as a developer to easily work around the limitation set in place by the Same Origin Policy, in turn making it easy to communicate and expose javascript API's across domain boundaries.”
On the site that it was found (CultOfMac.com), it was being loaded by and used to communicate with a third-party site (Contextly). It’s been blocked there. Keeping this entry to track. If we see it used via first-party loading, we can block it here.
## Found on
* [Contextly](../contextly/contextly-dot-com.html)
## How it violates the [Ethical Design Manifesto](https://ind.ie/ethical-design)
* **Respect for human rights:** can be used to share your information with third parties.
## Block rule
None yet. See the note above.
## Further reading
* [Exploiting EasyXDM part 1: Not the usual Flash XSS](http://blog.kotowicz.net/2013/09/exploiting-easyxdm-part-1-not-usual.html)
* [Exploiting EasyXDM part 2: & considered harmful](http://blog.kotowicz.net/2013/10/exploiting-easyxdm-part-2-considered.html)
......@@ -223,6 +223,8 @@ Some explanation of the block rule.
## Notes
Please note that this page is under active development. The notes above will be combined into a coherent narrative prior to launch.
* If all visitors used Better, it would save just over 570 years of time spent loading third-party trackers and 570 terabytes of data per month. That 570 years of loading time also represents quite a cumulative drain on batteries.
* In just page load time, we save ~8 seconds per load. This adds up to almost 66 years additionally that people actually spend waiting for pages to load. That’s almost one lifetime (4).
* The 570 years of loading time saved translates to over 160,000 full-battery depletions on the most energy efficient phone we could find statistics for (Gionee Marathon M5) (see 11). If, on the other hand, everyone was on an iPhone, we would be saving over 350,000 full battery depletions. Based on the statistics from OPower, if everyone was on an iPhone 6 (again, we’re being conservative here, as they “require a trivial amount of electricity”), this would save over $600,000 a month in extra energy costs (13) TODO: Recalculate using 82% statistic so that it applies just to the mobile traffic on the site so that we’re even more conservative.
......
# **Wired** by Condé Nast (wired.com)
# **Open Letter to Wired** (Wired.com by Condé Nast)
![Screenshot of Wired’s doorslam that blocks access unless you turn off your tracker blocker.](/spotlight/wired.com/wired-malware-blocker-blocker.png)
## Here’s The Thing With Shortsightedness
Dear Wired,
**You don’t get it:** It’s not about ads, it’s about behavioural targeting and tracking.
We are disappointed that violating our privacy and compromising our security are the ways you have chosen to monetise your service. We hope you will stop blocking valuable tools like Better that protect people from trackers, ad-delivered trojans, and other web malware.
While we hope you will reconsider your malicious stance against human rights, we are not willing to sit idly by and let you compromise our privacy and security in the meanwhile. So, in addition to blocking the roughly 50 third-party trackers that your site exposes us to, **we are also blocking your blocker blocker with the following rule:**
```mson
- trigger:
- url-filter: wired.com/assets/load
- action:
- type: block
```
Now, it’s your turn: if you want to, you can inline all your JavaScript to break our blocker-blocker blocking rule.
Then, we can update our rule to make it disable all of your first-party JavaScript…
We can play this game of cat and mouse all day long. Or, you can ask yourselves whether this is really the game you want to play. How will you explain your escalating disdain for the rights of your readers to your employees; most of whom, we’re sure, are decent folks who just want to do the right thing?
### You have ethical alternatives
If you want to make money while respecting our rights, you have ways of doing so that don’t track us or compromise our privacy and security.
You can, for example, use non-behavioural ads that don’t track people (like [The Deck](/spotlight/decknetwork.net) does).
Or, you can switch completely to a subscription model and abandon behavioural advertising altogether.
Or, you can engage with a service like [Flattr](https://flattr.com), or join with other publishers to create your own.
### Reconsider the ethics of your business model
It’s not our job to come up with ethical alternatives to your current business model. However, if we can come up with three viable ones off the cuff, I’m sure you can do even better if you decide to dedicate yourselves to it.
What we will *not* tolerate is this attempt to keep your core business based on behavioural advertising and tracking while attempting to extort funds from your readers who are simply trying to protect their privacy and security on the web.
We urge you to [reconsider the ethics](https://ind.ie/ethical-design) of your business model.
You have alternatives. We hope you will choose one that respects the rights and safety of your readers.
## About Wired
> “[Wired](http://wired.com) is a full-color monthly American magazine, published in both print and online editions, that reports on how emerging technologies affect culture, the economy and politics. Owned by [Condé Nast](https://en.wikipedia.org/wiki/Condé_Nast)” – ([Source](https://en.wikipedia.org/wiki/Wired_(magazine))
......@@ -72,34 +119,3 @@
* Speed: <!-- timeBefore -->52.11 seconds<!-- /timeBefore --> to <!-- timeAfter -->34.48 seconds<!-- /timeAfter --> (<!-- timeSaved -->17.63 seconds<!-- /timeSaved --> saved, <!-- deltaTime -->34% Faster<!-- /deltaTime -->)
Statistics by [Better Inspector](https://source.ind.ie/better/inspector) based on [the page](https://archive.better.fyi/wired.com.har.gz) as on <!-- lastUpdate -->Monday, May 16th 2016<!-- /lastUpdate -->
## Block rules
### Here’s The Thing With Shortsightedness
![Screenshot of Wired’s doorslam that blocks access unless you turn off your tracker blocker.](/spotlight/wired.com/wired-malware-blocker-blocker.png)
#### An open letter to Wired:
<strong>You don’t get it:</strong> It’s not about ads but behavioural targetting and tracking. We are disappointed that violating our privacy and compromising our security are the ways you have chosen to monetise your service. We hope you will stop blocking valuable tools like Better that protect people from trackers, ad-delivered trojans, and other web malware.
While we hope you will reconsider your malicious stance against human rights, we are not willing to sit by in the meanwhile and let you compromise people’s privacy and security. In addition to blocking the roughly 50 third-party trackers that your site exposes people to, we are also blocking your blocker blocker with the following rule:
```mson
- trigger:
- url-filter: assets/load
- action:
- type: block
```
Now it’s your turn: if you want to, you can inline all your JavaScript to break our blocker-blocker blocking rule.
Then, we can update our rule so it disables all of your first-party JavaScript…
We can play this game of cat and mouse all day long. Or you can ask yourselves: is this really the game you want to be playing…?
If you want to make money while respecting our human rights, you have ways of doing so without tracking us and compromising our security. You can use non-behavioural ads that don’t track people (like The Deck), switch completely to a subscription model (which we’d happily support), or use a service or model similar to Flattr or Tip The Web.
We urge you to [reconsider the ethics](https://ind.ie/ethical-design) of your business model.
You have alternatives. We hope you will choose one that respects the human rights of your readers.
\ No newline at end of file
# Comprehensive spec
All rules.
## Rules
### All rules
These are all the rules from webkit.org’s [Introduction to WebKit Content Blockers](https://www.webkit.org/blog/3476/content-blockers-first-look/).
```mson
- trigger:
- url-filter: ^https?://www\\.facebook\\.com/tr/\\?
- url-filter-is-case-sensitive: true
- load-type: first-party, third-party
- resource-type: image, svg-document, script
- if-domain: facebook.com, www.facebook.com
- action:
- type: block
```
## Tags
facebook, facebook.com, FB
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment