Nuudelisoppa

  • The one remaining login

    Liberating myself from being continuously logged in to Reddit turned out to be easy: multireddits work perfectly fine as a substitute for subscriptions. Obviously I still need my account to manage the subreddits, but luckily I already used to do that rarely prior to this: I’m pretty conservative in my new subscriptions, and I usually throw out old unwanted ones en masse once or twice a year.

    The only extraneous feature I used was my own link-shortening system, to give the new multireddit a nice little mnemonic.

    This has left me pondering more and more about the practicalities of getting off Google, which now remains as the most pressing obstacle. Since leaving Ubuntu One, I’ve used Owncloud for file syncing, so that’s already covered. But I still find myself using Google Docs for some reason; I’ve never tried replacing it with Owncloud’s documents add-on.

    I have experimented with Owncloud’s calendar add-on though, and IIRC it worked just fine. But I stopped using it because I wasn’t trying to replace Google at the time.

    And I haven’t even touched on email, probably the biggest part of the hypothetical goodbye-Google for me.

    But there’s also a bigger logistical obstacle than the nitty-gritty practical details: I have an Android phone, and the wins of giving up Google on the desktop would be rendered null if, simultaneously, I’d still stick to OEM Android on the phone.

    I have already been contemplating rooting the phone for a custom ROM due to unrelated reasons (the manufacturer will not be providing updates beyond L), so there’s a theoretical possibility of trying to go Google-free on the phone too. For reasons, I imagine it a much more crippling experience than on the desktop. The alternative would be to remain with Google on the phone, which, for honesty’s sake, should mean giving up (i.e. keeping Google) on the desktop too. Also, if I were to ditch Google on the phone, it might ultimately be better achieved by switching to a Lumia.

    If I had to keep one login as daily procedure, Google would have to be it. It yields the biggest gains by far. And truth be told, one login isn’t so bad, not even with two-factor verification. If logins were the only reason, I’d definitely not bother with this. But there are bigger, better reasons for trying to go Google-free. Reasons that go beyond the overarching theme of this blog, which is just “how to simplify my day-to-day web browsing”.

  • To log in or not to log in

    I’m contemplating giving up logging in to websites altogether.

    Well, not altogether altogether, but as a consistent practice anyway. I’d have to go offline entirely if I wanted to do stuff like banking without logging in.

    But with my new work-flow in place, most log-ins have become the biggest stone in my shoe by far. So I find myself weighing the benefits: are they really worth all the trouble that credentials pose?

    Off the top of my head, I have 3 sites I log into daily now: Google, Reddit and my blogs obviously. Twitter and Slack would also be among them, but I’ve switched to desktop apps for those. (That’s a cop-out, I know. But I tell myself I did it to ease the transition to disposability and I do believe it has made a big difference. Now I need a concrete plan to move out of the apps too. I have yet to make one.)

    Of the three mentioned, Google is of course the big one. I’m still as much on their leash as I was at the beginning and I’m not satisfied with that. But I always anticipated getting off the big G would be the biggest step, so I’m also just sincerely pushing it off into the future; it’ll most likely be the last one to take on once I’ve conquered the other, smaller obstacles on my way to perfect disposability.

    I’d flush my Reddit karma down the drain in a heartbeat, were it the only loss from not logging in (not that I’m anywhere near celebrity figures there, but it’s also not completely insignificant). The bigger loss would my collection of subreddit subscriptions. Without custom subscriptions the site is useless, and I’d rather get off the Internet entirely than be exposed to Reddit’s front page.

    I should explore multireddits. I have a vague feeling they might be used to replace login-bound subscriptions. There’d still be the (usually more or less horrific) custom CSS of different subreddits to deal with, but I could employ the screening technique I already do with websites in general now: if they’ve crapped it up too badly, I’ll just do without them no matter how good their content.

    My own blogs (and other sites I admin) are the easy one: I already remember most of the credentials (so I don’t need a password manager next to my browser), and these sites are by nature the ones I have the most control over, so adjusting policies would be easy when needed. Perhaps if, after I’ve done away with Google, and I really feel like naatiskella, I could try implementing some crazy-ass “anonymous posting by anybody” system, maybe authenticating mine using PKA. (You can probably tell that dealing with this one first appeals to me, but I should resist the temptation because the ROI here is so small.)

    In addition to the three big ones, I still occasionally log in to Flickr just to favorite some photos. But that one I could stop doing right now, should I decide so. And I think that’s what I’ll do right now, for a start.

    I have already stopped logging in to YouTube (which, as I’m sure you’re well aware, is just another tentacle of Google) just to give thumbs-ups. Back when I used ad-blocking, I felt somewhat indebted to good content creators, and I used thumbs-up as one of the ways to alleviate that feeling. No need for that anymore, as they get their ad monies from my views now.

  • Armored: deleted

    I just deleted the “armored” profile. I had used it a total of 0 times so far.

    That’s the same amount I’ve used Tor Browser, but I’m still holding on to that one for the time being.

  • So far so

    Fourth day with disposables and it has been much easier to get used to than what I imagined beforehand. It’s pretty much down to just one major issue now: I’d like to be able to open new clean disposables straight from links’ context menu, instead of having to manually open one (through the desktop environment) first and copy & pasting the link.

    Firefox deceivingly offers the option of opening links in a new so-called Private window right from the context menu, but when the parent window is already Private, the new window actually inherits the session (cookies and all) which is counter-intuitive. These so-called Private windows only get a true clean start when opened from a non-Private window.

    On the surface (in title at least) it looks like what I want is “Per-window Private Browsing“, but that one was apparently implemented ages ago. I couldn’t find bug reports or specifications (drafts or otherwise) matching my use-case precisely.

    I could try using the “Open With” extension, but in my preliminary testing I was turned off by how difficult it was to strip its default configuration down to the bare essential of my needs: I just need my one context menu item and not one for every browser installed, and removing those it seems would entail hacking the extension. I’m not gonna bother.

    In fact, I’d prefer not using extensions at all for my main profile if possible, to KISS. Having to tweak the environment to the extreme just to feel comfortable is precisely what drove me to explore disposability in the first place, and increasing complexity in implementing this aim would, in reality, go against said aim.

    That’s why I’m also resisting the urge to set up a keyboard shortcut for launching new windows. It would mean going right back to having to recreate this environment everywhere else, and feeling uncomfortable without it, whereas my intention is the opposite (to feel at home anywhere with a clean browser).

    I have set the profiles I’ve created to be synced via Owncloud, but I intend to recreate this environment only for locations where I spend significant amounts of time (at least days). Elsewhere I mean to just set the main profile to discard everything at shutdown, or to remember to do it myself when changing options is restricted, or when options themselves are disposable.

    My other profile, the one with light armoring, has seen no real use so far. It seems to have fallen into a chasm of uselessness between “I want disposability” and “I want the hardest anonymity available”.

    Judging by a metering app’s graphs the average CPU and memory usage has fallen dramatically with this new environment, compared to my previous one with a Chromium window with multiple tabs pinned plus a bunch of ephemeral ones at any given time. This could be down to Firefox being lighter on the CPU & RAM, or perhaps utilizing them less effectively, compared to Chromium.

    Then again it’s more likely to be just an effect of the fact that I no longer keep all those web apps running when I’m not actually using them. Either way it’s good for the environment and my electric bill.

  • Armored

    Today’s ops: set up disposable profiles for Firefox. Chromium has better support for them out-of-the-box (--temp-profile), but I found Firefox’s profile management still comes to me straight from muscle memory despite using Chromium exclusively for years now. I didn’t even try to figure out if Chromium’s default configuration is adjustable, and for practical disposability it would have to be, because the temp profile clumsily always opens two slightly buggy tabs (sometimes the address bar eats the first thing entered into it).

    The nice customizability of Firefox instead even lent itself to multiple levels of security: for the default profile I kept most bells and whistles from default configuration, whereas for the second one I installed NoScript, HTTPS Everywhere and Privacy Badger. And beyond those there’s still Tor Browser.

    On the negative side, Firefox is still noticeably slower to start than Chromium. It was one of the main reasons for my switch all those years back and they obviously still haven’t caught up, which is a bummer. I was aware of this beforehand though, and the delay isn’t too bad, at least on my i7-3770 and SSD.

    Also, as mentioned, ditched flash, finally, and for good, hopefully. Lately I’ve only been putting it off because I still have to support it at my parents’, but since I already upgraded out of the LTS they’re using, I may as well use a VM for reproducing any issues they may still encounter before I upgrade them to the next LTS next summer.

  • $ sudo apt –purge remove adobe-flash* pepflash*

    $ sudo apt --purge remove adobe-flash* pepflash*

  • Theme choice (Twenty Fifteen, for now) and my threat model for the blog

    I’m trying to stick with Twenty Fifteen for now. I would guess using the default theme would serve the “trying not to stand out” ethos best, but don’t take my word for it. Indeed, don’t take my word for anything, because this is a log of learning as I go.

    Also, I’m not sure how well “not standing out” on the publishing end fits within the threat model. Certainly my threat model for this blog does not account for its hosting service. My baseline assumption here is a benevolent, not critically anonymity-savvy host (myself). I should also take into account the provider of my underlying infrastructure, whose benevolence I trust slightly less than my own.

    But as I said, this is a learning log, not an attempt to simulate anonymous publishing. Additionally I’m using this blog to get a feel for the difficulties in blogging when using an anonymizing service and a browser tuned for it. Like how I keep forgetting to save these drafts now that auto-save doesn’t work.

  • WordPress works quite well without JavaScript

    WordPress works quite well without JavaScript. Post editor customization seems like the biggest feature lacking at first, and unfortunately the default layout is quite cluttered. Auto-save also does not work, so it’s back to old-school manually-save-often.

    Edit: Change post format from Aside to Status. Asides now seem to have titles, but statuses supposedly don’t.

  • Blade Runner

    Miksi joudun aina vain enemmän ja enemmän kompensoimaan julkaisijoiden tekemiä huononnuksia webselailussa? Web on nykyään pelkkä kuppainen horo, ei enää ollenkaan huvita pelehtiä sen kanssa kun riskit ovat iloihin nähden niin isot että on pukeuduttava kokovartalokumiin ennen kuin uskaltaa alkaa millekään.

    Pelkkä mainostenesto ei enää läheskään riitä tekemään turvallista niin yksinkertaisesta tapahtumasta kuin artikkelin lukemisen pitäisi olla, vaan lisäksi pitää olla erillisiä jäljityksenestimiä ja vielä sittenkin sisällön edessä on kaiken maailman popuplätkä-perkeleitä (“tilaa sitä! tilaa tätä! liity facebumbler-fanitykkääjäksi ja instatviittaa tämä! ja anna sähköpostiosoitteesi spämmättäväksi!!!1!”). Vitutuksen maksimoimiseksi kaikkiaan kymmenen kappaleen mittainen sisältö (jonka olisi voinut tiivistää kolmeen) jaetaan viidelle eri sivulle.

    Olen tosissani alkanut miettiä, pitäisikö alkaa vapaustaistelijaksi joka käy yleisessä webissä ainoastaan kertakäyttöprofiilien turvin ja eristää sieltä noutamansa sisällön omille, äärimmäisen pelkistetyille sivuilleen itse tuotettuina tiivistelminä, eikä enää koskaan missään linkitä suoraan alkuperäisiin, sanitoimattomiin lähteisiin.

  • Disposabiliteetti

    Jostain, varmaan Chris Siebenmannin blogin lukemisesta, on takaraivossani alkanut kutkutella ajatus kaiken selailun tekemisestä kertakäyttöikkunoissa (cks ei ole näin hardcore, mutta enemmän kuin minä nykyisin). Käytän niitä jo nyt aika paljon (chromiumin –temp-profile), mutta samalla pysyväisprofiilin ikkunassa on yhä (tällä hetkellä) 12 pysyvää välilehteä + satunnaiset.

    Mitään tarkkaan mietittyä korkeampaa filosofiaa kertakäyttöisyysidean taustalla ei ole, se vain kuulostaisi juuri sellaiselta käyttäjäeksentrisyydeltä jollaiset ovat minulle tyypillisiä.

    Isoin haaste siirtymässä olisi varmaankin Googlen palvelut, kun käytän (totta kai) kaksivaiheista tunnistautumista, ja kertakäyttöinen pakottaisi luonnollisesti tekemään sen joka kerta uudestaan (pysyväisprofiililleni olen antanut pysyväisluvan tunnistautua ilman varmistuskoodia). Toisaalta se taas ehkä kannustaisi irrottautumaan Googlen napanuorasta, joka tuntuu välillä aika ahdistavalta. [Alkujaan postasin tämän G+:aan, ja siihen sisältyvän ironian korostamiseksi nyt ristipostitus tänne.]

    Lisäksi tuohon totuttautumisessa olisi se etu, että melkein millä tahansa uudella laitteella webin selailu tuntuisi ihan kotoisalta. Nyt, kun oma käyttöympäristö kotona on äärimmäisen räätälöity, vierailu muissa ympäristöissä tuntuu aina osittain tosi hankalalta. (Avaapa selain ensimmäistä kertaa vasta asennetussa käyttöjärjestelmässä: veikkaan että huokaiset syvään toisaalta puhtaan paperin potentiaalin, toisaalta sen autiuden takia. Mutta entä jos olisitkin tehnyt autiudesta kotisi?)