-
Notifications
You must be signed in to change notification settings - Fork 12
/
index.html
321 lines (308 loc) · 42.8 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Against an Increasingly User-Hostile Web - Neustadt.fr</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="description" content="We are quietly replacing an open web that connects and empowers with one that restricts and commoditizes people. We need to stop it." />
<meta name="keywords" content="user hostile, web, privacy, open web, walled gardens, tracking, tracker, gated, geocities, respect, user, blaot, history"/>
<meta name="author" content="Parimal Satyal">
<link rel="stylesheet" href="../../css/neustadt.css" type="text/css" media="all">
<link rel="stylesheet" href="against-a-user-hostile-web.css" type="text/css" media="all">
<link rel="shortcut icon" href="../../favicon.ico">
<link rel="canonical" href="https://neustadt.fr/essays/against-a-user-hostile-web/">
<link rel="alternate" type="application/rss+xml" title="Neustadt.fr RSS Feed" href="../../rss.xml" />
</head>
<body>
<div id="wrapper">
<article>
<header>
<h1>Against an Increasingly User-Hostile Web</h1>
<p class="lede"> We're quietly replacing an open web that connects and empowers with one that restricts and commoditizes people. We need to stop it.</p>
<p class="info">- <a href="../../index.html">Parimal Satyal</a>, 2 november 2017. <br />
See also: my <a href="https://www.paris-web.fr/2020/conferences/against-an-increasingly-user-hostile-web.php">Paris Web 2020 talk</a> based on this article and the Hacker News discussion threads <a href="https://news.ycombinator.com/item?id=15611122">from 2017</a> and <a href="https://news.ycombinator.com/item?id=23334463">from 2020</a>.</p>
</header>
<p>I quit Facebook seven months ago.</p>
<p>Despite its undeniable value, I think Facebook is at odds with the open web that I love and defend. This essay is my attempt to explain not only why I quit Facebook but why I believe we're slowly replacing a web that empowers with one that restricts and commoditizes people. And why we should, at the very least, stop and think about the consequences of that shift.</p>
<h2 id="the-web-backstory">The Web: Backstory</h2>
<p><em>(If you want, you can skip the backstory and <a href="#table-of-content">jump directly to the table of contents</a>).</em></p>
<p>I love the web. </p>
<p>I don't mean that in the way that someone might say that they love pizza. For many of us in the early 2000s, the web was magical. You connected a phone line to your computer, let it make <a href="Dial_up_modem_noises.ogg">a funny noise</a> and suddenly you had access to a seemingly-unending repository of thoughts and ideas from people around the world. </p>
<p>It might not seem like much now, but what that noise represented was the stuff of science fiction at the time: near-instantaneous communication at a planetary scale. It was a big deal.</p>
<p>I was an average student at school. Despite well-meaning and often wonderful teachers, I didn't thrive much in a school system that valued test performance and fact-retention over genuine curiosity. Had it not been for the web, I might have convinced myself that I was a poor learner; instead, I realized that learning is one of my great passions in life. </p>
<figure>
<img src="gamma-ray-fan-2001.png" alt="One of my earlier websites, from 2001" />
<figcaption>What remains of my fan site for German powermetal band Gamma Ray from 2001, archived thanks to the wonderful folks over at <a href="https://archive.org">Archive.org</a></figcaption>
</figure>
<p>I was 11 when I set up my first website. Growing up in Nepal, this <em>was</em> magical. Almost everything I love today—design, aviation, cosmology, metal music, computation, foreign languages, philosophy—I discovered through the many pages that found their way to my web browser. All I needed were curiosity, a phone line and that strange little electrical song. And good old <a href="http://sillydog.org/narchive/full123.php">Netscape Navigator</a>.</p>
<figure>
<img src="Netscape-4-04-1997.png" alt="Netscape Navigator 4.04" />
<figcaption>Netscape Navigator 4.04, source: <a href="http://www.andrewturnbull.net/mozilla/history.html">A Visual Browser History, from Netscape 4 to Mozilla Firefox</a></figcaption>
</figure>
<p>The web enabled that. It's one of humanity's greatest inventions. And now, we the architects of the modern web—web designers, UX designers, developers, creative directors, social media managers, data scientists, product managers, start-up people, strategists—are destroying it. </p>
<p>We're very good at talking about <em>immersive experiences</em>, <em>personalized content</em>, <em>growth hacking</em>, <em>responsive strategy</em>, <em>user centered design</em>, <em>social media activation</em>, <em>retargeting</em>, <em>CMS</em> and <em>user experience</em>. But behind all this jargon lurks the uncomfortable idea that we might be accomplices in the destruction of a platform that was meant to empower and bring people together; the possibility that we are instead building a machine that surveils, subverts, manipulates, overwhelms and exploits people. </p>
<p>It all comes down a simple but very dangerous shift: the major websites of today's web are not built for the visitor, but as means of <em>using</em> her. Our visitor has become a data point, a customer profile, a potential lead -- a proverbial fly in the spider's web. In the guise of <em>user-centered design</em>, we're building an increasingly <em>user-hostile</em> web.</p>
<p>If you work in the design/communication industry, consider this essay introspective soul-searching by one of your own. If you're a regular web user, consider this an appeal to demand a better web, one that respects you instead of abusing and exploiting you.</p>
<p><strong>Note</strong>: The entire essay is rather long so feel free to skip to individual parts:</p>
<ol id="table-of-content">
<li><a href="#the-web-was-born-open">The Web was Born Open: a very brief history of the web</a></li>
<li><a href="#the-modern-web-of-deception-">The Modern Web (of Deception): the disturbing state of the web today</a></li>
<li><a href="#track-the-trackers-an-experiment">Track the Trackers, an Experiment: with whom websites are sharing your information</a></li>
<li><a href="#gated-communities">Gated Communities: recentralization and closed platforms</a></li>
<li><a href="#the-way-forward">The Way Forward: open tools, technologies and services for a better web</a></li>
</ol>
<h2 id="the-web-was-born-open">The Web was Born Open</h2>
<p>It all began in the early 90s. </p>
<p>The Internet—the physical network that allowed computers around the world to communicate—was already in place but it remained inaccessible to most people. You had to know how to use a local client to connect to a remote FTP, <a href="https://en.wikipedia.org/wiki/Usenet">Usenet</a>, <a href="https://ils.unc.edu/callee/gopherpaper.htm">Gopher</a> or an email server. This was before the days of ubiquitous graphical user interfaces so you had to type funny commands into a terminal, one of those black screens with green text that that hackers supposedly use to do <em>Bad Things</em>. </p>
<figure>
<img src="Gopher-Usenet-Archives-1981.png" alt="Usenet Archives from 1981 on gopher server Quux.org" />
<figcaption>Usenet Archives from 1981 on <a href="http://gopher.floodgap.com/gopher/gw?gopher://gopher.quux.org:70/1/Archives/usenet-a-news">gopher server Quux.org</a>, accessed 31 October 2017 via <a href="https://lynx.browser.org">lynx</a></figcaption>
</figure>
<p>Meanwhile, Tim Berners-Lee was working as an independent contractor at CERN in Geneva. Frustrated with how difficult it was to find, organize and update technical documentation, he proposed a solution that involved "global computer networked information system" that "presented users with a web of interlinked documents", called <em>Mesh</em>. Pretty soon it became apparent that WWW—World Wide Web, as it <a href="https://www.w3.org/Proposal.html">came to be known</a>—could do more than just link technical documents.</p>
<figure>
<img src="world-wide-web-1992.png" alt="Usenet Archives from 1981 on gopher server Quux.org" />
<figcaption><a href="http://info.cern.ch/hypertext/WWW/TheProject.html">The world's first website</a>, accessed 31 October 2017 via <a href="https://lynx.browser.org">lynx</a></figcaption>
</figure>
<p>On April 30 1993, CERN made a bold decision. It decided to release WWW into the public domain. It renounced all intellectual property rights and essentially invited anyone at all, anywhere in the world, to play with it. Later, the director of CERN who approved the decision said that he was inspired by <a href="https://stallman.org">Richard Stallman</a>'s vision of <a href="https://www.gnu.org/philosophy/free-sw.en.html">free, open software</a>.</p>
<p>Had CERN decided otherwise and patented the technology to then license it for money, the web would arguably not have taken off the way it did. It might have died out like the <a href="https://en.wikipedia.org/wiki/Minitel">Minitel</a> did in France. The web as we know it was born of a vision to create an open system that brought people and ideas together, with documents that "may reside on any computer supported by that web". </p>
<p>Advances in the hyper-text transfer protocol (HTTP), network infrastructure, web browsers and standards, consumer Internet access, accessible hosting and blogging platforms led to a massive democratization and adoption of the web. </p>
<p>Soon, anyone could put a document on the web and any document could link to any other. It created a completely open platform where a writer in Nepal could freely share her ideas with a dancer in Denmark. A climate science student in Nairobi could access data from the McMurdo weather station in Antarctica. You could start reading about logical fallacies and end up on a website about optical illusions. Read about the history of time-keeping and end up learning about Einstein's special theory of relativity. All interests were catered to. Information could truly be free: transverse borders, cultures and politics. </p>
<p>That is the web at its best.</p>
<p>My own journey from designing that first website as an 11-year old "webmaster" in Nepal to writing this article as a UX Consultant in France has its origin in that 1993 decision by CERN.</p>
<h2 id="the-modern-web-of-deception-">The Modern Web (of Deception)</h2>
<p>The modern web is different. </p>
<p>It's naturally different from a technological standpoint: we have faster connections, better browser standards, tighter security and new media formats. But it is also different in the values it espouses. Today, we are so far from that initial vision of linking documents to share knowledge that it's hard to simply browse the web for information without constantly being asked to buy something, like something, follow someone, share the page on Facebook or sign up to some newsletter. All the while being tracked and profiled. </p>
<p>Almost every website you go to today reports your activities to third parties that you most likely neither know nor trust. They record where you come from, what pages you visit, how long you stay on each, where you click and where you go next. In fact, since so many websites report to the same third parties, these companies can essentially have your web history on file as you go from link-to-link, website to website. Like an omnipotent eye embedded on Sir Berners-Lee's global system of interlinked documents, noting down everything you do and reporting to private entities who then sell this information for profit.</p>
<p>These companies build profiles, anonymous at first, with your interests and navigational behavior. These profiles can then get increasingly personal: they might include your email addresses, home address, income, educational history, political affiliation, information on your family. Over time, they can cross-reference all this information with your location data to figure out where you work, which restaurants you go to, where your gym is. Recently, we even learned that Google was able to associate your offline purchases with your online ad viewing history (albeit <em>anonymously</em>, it would appear). Once they have that, they can look into your behavior and psychology: what kind of ads do you tend to click on? What kind of messages resonate most with you? What are the best strategies to influence your opinion?</p>
<figure>
<img src="Cambridge-Analytica-youtube-2017.png" alt="Screenshot of Mr. Alexander Nix presenting the work of Cambridge Analytica, video The Power of Big Data and Psychographics on Youtube" />
<figcaption>Screenshot of Mr. Alexander Nix presenting the work of Cambridge Analytica, video <a href="https://www.youtube.com/watch?v=n8Dd5aVXLCc">The Power of Big Data and Psychographics on Youtube</a> </figcaption>
</figure>
<p>The Leave campaign responsible for Brexit in the United Kingdom and Donald Trump's 2016 presidential campaign both bought the services of a certain <a href="https://www.theguardian.com/politics/2017/feb/26/robert-mercer-breitbart-war-on-media-steve-bannon-donald-trump-nigel-farage">Cambridge Analytica</a>, a company that boasts a gigantic database containing personal details amounting to "close to four or five thousand data points on every adult in the United States" (<a href="https://youtu.be/n8Dd5aVXLCc?t=478">their own words</a>). The goal? Craft hyper-personalized messages to change voting behavior based on your individual personalities, and by extension, your attitudes, opinions and fears. So if you are identified as a dad of three young kids in rural Texas, the message is nuanced to suggest that only a certain candidate will be able to protect your family against real or imagined threats. If you are identified as a patriot who's previously posted comments about gun rights and the second amendment, it might be about crime rates and how the opposition is trying to take your constitutional rights away from you. </p>
<blockquote>
<p>You become a manipulable data point at the mercy of big corporations who sell their ability to manipulate you based on the data you volunteer.</p>
</blockquote>
<p>This is the equivalent of someone following you in real life as you go about your everyday business, like a private eye who notes down with whom you meet, what you talk about, what you spend time looking at in stores. A private eye who takes notes and then sells it to the highest bidder. But you got to enter the store for free, so you should be so glad. The stores might also justify it. <em>"Sure it's a bit invasive, but we'll be able to give you better recommendations if we know what you like"</em>. </p>
<p>But how do they get all this personal information -- where you live, who your friends are, what your religion and ethnicity are, where you were last night, what you bought on Monday? Most of it you volunteer yourself on social platforms like Facebook, Twitter and Instagram. The little share buttons you see on websites aren't just there to make it easy for you to post a link to Facebook; they also allow Facebook to be present and gather information about you from pretty much any website. </p>
<p>But how can you know that any of this is true? </p>
<h2 id="track-the-trackers-an-experiment">Track the Trackers: An Experiment</h2>
<p>Perhaps you think I'm being a tad too dramatic. </p>
<p>In your defense, all of this does sound like some dystopian fantasy. But I'm not that great a fiction writer quite yet. Let me illustrate my point with a little experiment. We'll pick a major website that you might visit regularly and identify third parties it shares your information with.</p>
<p>We'll need a few things:</p>
<ul>
<li>a test website </li>
<li><a href="https://webbkoll.dataskydd.net/">Webbkoll</a>, a web privacy check tool by <a href="https://dataskydd.net/">Dataskydd.net</a>, a Swedish association for data protection and privacy (of which I'm a proud member) and</li>
<li>A web inspector</li>
</ul>
<p>Let's take an article that was published around the time I first started working on this article (which is last year; I'm a slow writer): <a href="http://www.lemonde.fr/sciences/article/2016/07/04/astronomie-juno-aux-portes-de-jupiter_4963440_1650684.html">Astronomie : la sonde Juno s’est mise en orbite autour de Jupiter</a> (<em>Astronomy: space probe Juno put in orbit around Jupiter</em>).</p>
<figure>
<img src="LeMonde-sonde-jupiter-article-2016.png" alt="Le Monde article 'Astronomie : la sonde Juno s’est mise en orbite autour de Jupiter'" />
<figcaption>Le Monde article <a href="http://www.lemonde.fr/sciences/article/2016/07/04/astronomie-juno-aux-portes-de-jupiter_4963440_1650684.html">Astronomie : la sonde Juno s’est mise en orbite autour de Jupiter</a></figcaption>
</figure>
<p>If you run this URL through <a href="https://webbkoll.dataskydd.net">Dataskydd's Webbkoll</a> and a web inspector tool (I used Chromium's web inspector), you learn a few interesting things: the page is <strong>3.1 MB</strong> in size, makes about <strong>460 HTTP requests</strong> of which <strong>430 are third-party requests</strong> (outside of its parent domain) and takes <strong>20 seconds</strong> to fully load on a fast 3G connection (from Paris, France).</p>
<p>It also stores <strong>100 cookies</strong> (these are little pieces of text stored on your computer by websites other than lemonde.fr; cookies are normally used to save session information but can also be used to identify and track you) and contacts <strong>118 third-parties</strong>. And if all this weren't enough, your connection to LeMonde and the majority of third-party connections are over <strong>unsecure HTTP</strong> protocol (instead of the more secure HTTPS, which should be a basic requirement). </p>
<p>That's a lot of big numbers for an article of 1500 words, three images and one video.</p>
<p>Now let's look at some of the third parties that the page connects to when you load it: </p>
<ul>
<li><a href="https://weborama.fr">Weborama</a>: advertising platform for analytics, digital marketing and behavioral targeting</li>
<li><a href="http://visualrevenue.com">Visual Revenue</a>: predictive analytics platform</li>
<li><a href="http://adnxs.com">AppNexus</a>: multimedia content monetization service</li>
<li><a href="https://outbrain.com">Outbrain</a>: "online advertiser specializing in presenting sponsored website links" (Wikipedia)</li>
<li><a href="https://facebook.com">Facebook</a>: a social network and micro-targeted advertising platform</li>
<li><a href="https://www.cedexis.com">Cedexis</a>: a multi-CDN application delivery platform</li>
</ul>
<p class="update">Note: In an earlier version of the article, I had mistakenly identified Cedexis as an "ad-delivery platform", which it is not. My apologies to Cedexis for the error.</p>
<p>Some of these are simply tools to manage content delivery but many are advertising or content monetization platforms. Companies like Weborama make money by selling information about you. When people say, "you're the product," it isn't just some analogy, it accurately reflects the business propositions of many such companies. </p>
<p>What's surprising is that the bulk of the information transferred between LeMonde and you doesn't even concern the actual article. If you were to isolate the actual content—the words, images and video—and put it in an HTML file, it would weigh considerably less than 3.1 MB and would make a lot fewer requests. </p>
<p>If fact, I did just that and made three versions :</p>
<ul>
<li><strong><a href="http://webfiles.neustadt.fastmail.com.user.fm/leMondeJupiterArticle.html">Version A</a></strong>: With the original text (including comments, images and video)</li>
<li><strong><a href="http://webfiles.neustadt.fastmail.com.user.fm/leMondeJupiterArticle-noVideo.html">Version B</a></strong>: With the original text (including comments, images) but no video</li>
<li><strong><a href="http://webfiles.neustadt.fastmail.com.user.fm/leMondeJupiterArticle-noVideoImages.html">Version C</a></strong>: With just the original text (including comments), no images or video</li>
</ul>
<p>Some numbers: </p>
<div class="comparison-table" style="overflow-x:auto">
<table>
<thead>
<tr>
<th></th>
<th><strong>Original (LeMonde.fr)</strong></th>
<th><strong>Version A</strong></th>
<th><strong>Version B</strong></th>
<th><strong>Version C</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Page Size</strong></td>
<td>3,1 MB</td>
<td>1 MB <em>(32%)</em></td>
<td>183 KB <em>(5,8%)</em></td>
<td>17 KB <em>(0,54%)</em></td>
</tr>
<tr>
<td><strong>Load Time</strong></td>
<td>20,9 s</td>
<td>4,6 s <em>(19,4%)</em></td>
<td>2,8 s <em>(9,6%)</em></td>
<td>662 ms <em>(3,2%)</em></td>
</tr>
<tr>
<td><strong>Requests (total)</strong></td>
<td>459</td>
<td>108 <em>(23,5%)</em></td>
<td>5 <em>(1%)</em></td>
<td>1 <em>(0,2%)</em></td>
</tr>
<tr>
<td><strong>Requests (third-party)</strong></td>
<td>436</td>
<td>64 <em>(14,7%)</em></td>
<td>4 <em>(0,9%)</em></td>
<td>0</td>
</tr>
<tr>
<td><strong>Third Parties Contacted</strong></td>
<td>118</td>
<td>17 <em>(14,4%)</em></td>
<td>2 <em>(11,8%)</em></td>
<td>0</td>
</tr>
<tr>
<td><strong>Cookies (total)</strong></td>
<td>100</td>
<td>16 <em>(16%)</em></td>
<td>0</td>
<td>0</td>
</tr>
<tr>
<td><strong>Cookies (third-party)</strong></td>
<td>73</td>
<td>16 <em>(21,9%)</em></td>
<td>0</td>
<td>0</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td><strong>Text</strong> <br /> <em>(% of Page Size)</em></td>
<td>0,5 %</td>
<td>1,7 %</td>
<td>9,5 %</td>
<td>100 %</td>
</tr>
<tr>
<td><strong>Text + Images</strong> <br /> <em>(% of Page Size)</em></td>
<td>5,8 %</td>
<td>17,9 %</td>
<td>100 %</td>
<td></td>
</tr>
<tr>
<td><strong>Text + Images + Video</strong> <br /> <em>(% of Page Size)</em></td>
<td>32,3 %</td>
<td>100 %</td>
<td></td>
<td></td>
</tr>
</tbody>
</table>
</div>
<p><span class="update">Note: Data on the number of requests (first- and third-party) and cookies (first- and third-party) comes from Dataskydd Webbkoll. The rest of the data comes from Chromium's built-in web inspector. All connections were made from Paris, France with cacheing disabled and the bandwidth throttled to simulate a "fast 3G" connection. You can run these numbers yourself; they should vary only nominally depending on where you are. If you find errors, please let me know.</span></p>
<p>Those are some very interesting figures. Some observations:</p>
<ul>
<li>The actual article (text and three images, <em>version B</em>) <strong>makes up less than 6% of the total size of the page</strong> on LeMonde.fr. This means that <strong>94% of the data transferred between you and LeMonde.fr has nothing to do with the article</strong>.</li>
<li>What about the video, you ask? Before you even play it, <strong>that one video adds over a 100 requests (60 of which are to 15 additional third parties) and 16 third-party cookies</strong>. It also adds over 800 KB of data. Again, this is before you even decide to play the video. The video might be related to the content, but it’s doing a lot more than that. </li>
<li>Even compared to the version with the video <em>(Version A)</em>, <strong>the LeMonde article makes about 450 additional third party requests, of which 370 are to about 100 additional third parties, storing 100 additional cookies (55 of which are third party cookies)</strong>. It also adds over 2 MB to the page. All that is data that has nothing do with and is completely unnecessary to load the article you're reading.</li>
<li>The text + image version <em>(Version B)</em> is <strong>able to load the entire text and the 3 images with only 5 requests and no cookies whatsoever</strong>. Adding a video should reasonably add one or two more requests and maybe one cookie, not 450 requests and 100 cookies, the majority of which are on behalf of companies you neither know nor trust, including those who track and sell your data for profit. </li>
<li>The Le Monde page will <strong>continue to periodically transfer data and make additional requests even after it has completely loaded</strong> and as you scroll and interact with the page. If you monitor network traffic, a lot of this data is going to third-party tracking scripts. For example, a request is made to Xiti.com (a web analytics company) every few seconds.</li>
<li>If you don't use a content blocker, you will notice that <strong>in just a matter of minutes, over 30 MB of data will be transfered between your browser and the 100+ third parties</strong>. The number of requests will go into the thousands. This will continue to rise as long as you leave your browser open.</li>
</ul>
<blockquote>
<p>Essentially, this means that about 94% of the data being transferred and 99% of the requests being made have nothing to do with the article itself. Le Monde might principally be a newspaper in its printed version, but the online version is an invasive, insecure advertising platform with good content (in that order).</p>
</blockquote>
<p>If you're curious, try using <a href="https://webbkoll.dataskydd.net">Webbkoll</a> on other websites you visit to see how privacy-friendly and respectful these websites are. We'll get into how to protect yourself from these third-party trackers <a href="#the-way-forward">later on in the article</a>.</p>
<p>All this might not be illegal (although there's some doubt, especially now that in the context of up the upcoming <a href="http://ec.europa.eu/justice/data-protection/reform/index_en.htm">European General Regulation on Data Protection</a>), but it is rather disrespectful towards the user. Not only are these websites breaking my trust—when I visit your website, I entered into contact with you, not 80 other websites—but they are loading content from websites neither know nor trust. Some of which have been <a href="https://www.theguardian.com/technology/2016/mar/16/major-sites-new-york-times-bbc-ransomware-malvertising">know to spread malware</a>. </p>
<blockquote>
<p>Using an ad/content-blocker isn't cheating the system; it's taking very basic precautions that websites like Le Monde can't be bothered to take to protect you. For me, it's a basic necessity in the modern web. </p>
</blockquote>
<p>If you're reading this and are wondering what to do to protect yourself, skip ahead to the <a href="#the-way-forward">The Way Forward</a> section. </p>
<p>If you run a website and you put official share buttons on your website, use intrusive analytics platforms, serve ads through a third-party ad network or use pervasive cookies to share and sell data on your users, you're contributing to a user-hostile web. You're using free and open-source tools created by thousands of collaborators around the world, over an open web and in the spirit of sharing, to subvert users. </p>
<h2 id="gated-communities">Gated Communities</h2>
<p>One of the most impressive things about the Internet (and consequently also the web) is that it is decentralized. No central authority gets to decide which page is more important than others and you don't have to play by anyone else's terms to publish and read what you want. There isn't anything like a <em>main server</em> that stores the code that runs the Internet; it's just a protocol on a physical backbone (of undersea cables). </p>
<p>You could buy a <a href="https://www.raspberrypi.org/products/raspberry-pi-zero/">Raspberry Pi Zero</a> today for less than 10€, connect it to the Internet, set up a chat server on it, give it a public address and the world would be able to connect to it and talk to one other. Sure, it might not perform too well and no one might actually use it, but it is technically possible.</p>
<p>But most of the time we spend on the web today is no longer on the open Internet - it's on private services like Facebook, Twitter and LinkedIn. While Facebook provides a valuable service, it is also a for-profit, company. Their source of revenue is advertising. It is the epitome of centralized. </p>
<figure>
<img src="naked-maja-francisco-goya.jpg" alt="Francisco Goya's paintain The Naked Maja " />
<figcaption>Francisco Goya's <em>The Naked Maja</em> (1800)</figcaption>
</figure>
<p>Try posting a picture of the <a href="https://www.museodelprado.es/en/the-collection/art-work/the-naked-maja/65953b93-323e-48fe-98cb-9d4b15852b18">Francisco de Goya's "The Naked Maja"</a> or your naked breasts (if you're a woman) on Facebook; it'll almost certainly be removed. It's against their terms of use. To use their platform, you have to agree to whatever conditions they set, however absurd. If you replace the open web with Facebook, you're giving up your right to publish and share on your terms. The data that you post there does not belong to you; you're putting it in a closed system. If one day Facebook decides to shut down—unlikely as that might seem today—your data goes with it. Sure, you might be able to download parts of it, but then what?</p>
<figure>
<img src="incredible-journey-2017.png" alt="Tumblr Blog Our Incredible Journey, a short history of start ups " />
<figcaption>Tumblr Blog <a href="https://ourincrediblejourney.tumblr.com/">Our Incredible Journey</a>, <em>"cataloging the thrilling opportunities start-ups are offered when their incredible journey continues by being bought by an exciting company. However, as a user of the start-up’s service, your own incredible journey must end, because all of your photos and writing and checkins and messages and relationships must now be deleted"</em>. </figcaption>
</figure>
<p>This works because they know you'll agree to it. You'll say you don't have a choice, because your friends are all there—the infamous "network effect". This is Facebook's currency, its source of strength but also a crucial dependency. </p>
<blockquote>
<p>And this is what we often fail to realize: without its users—without you— Facebook would be nothing. But without Facebook, you would only be inconvenienced. Facebook needs you more than you need it. </p>
</blockquote>
<p>And they do their best to keep you on their website as long as possible. Your attention is worth a lot to a lot of companies who are convinced that traditional advertising is dead and that micro-targeted campaigns work better. (And they mostly do, from their point of view). This drives them to come up with absurd techniques to create addiction: wish your friend happy birthday, wish your colleague a happy work anniversary (who does that?), here's a video we made about you, three friends are going to an event near you, continue watching the video you started even as you scroll, be the first to comment, react to this photo, tell everyone what you're up to. The longer you stay, the more information you give, the more valuable your profile—and the platform—is to advertisers. </p>
<p>I'm not saying that what Facebook is doing is entirely unethical. It has to make money to make up for the resources it employs to keep the website running and it does so by advertising. Every time you choose to use a free service like Instagram, LinkedIn, Gmail or Snapchat, you are paying for the convenience with your eyes, your data and your attention. There's nothing inherently wrong as long you as you understand and consent to this exchange of value. But do you? Does your daughter? Your dad? </p>
<p>What I'm against is the centralization of services; Facebook and Google are virtually everywhere today. Through share buttons, free services, mobile applications, login gateways and analytics, they are able to be present on virtually every website you visit. This gives them immense power and control. They get to unilaterally make decisions that affect our collective behavior, our expectations and our well-being. You're either <em>with them or out</em>. Well, I chose out.</p>
<p>You see, the web wasn't meant to be a gated community. It's actually pretty simple.</p>
<p>A web server, a public address and an HTML file are all that you need to share your thoughts (or indeed, art, sound or software) with anyone in the world. No authority from which to seek approval, no editorial board, no publisher. No content policy, no dependence on a third party startup that might fold in three years to begin <a href="https://ourincrediblejourney.tumblr.com/about/">a new adventure</a>.</p>
<figure>
<img src="DoomLevelDesign-Geocities-1999.png" alt="A website about Doom Level design" />
<figcaption>A website on Doom level design on Geocities from 1999, accessed October 31, 2017 via <a href="https://web.archive.org/web/20010404034632/http://www.geocities.com:80/Hollywood/2979/">Archive.org</a></figcaption>
</figure>
<p>That's what the web makes possible. It's friendship over hyperlink, knowledge over the network, romance over HTTP.</p>
<p>In fact, the browser you're reading this on (<a href="https://google.com/intl/en/chrome/browser/">Chrome</a>, <a href="https://getfirefox.com">Firefox</a>, <a href="https://lynx.invisible-island.net">lynx</a>, whatever), the web server that's hosting this website (<a href="https://nginx.com">Nginx</a>), the operating system that this server runs on (<a href="https://ubuntu.com">Ubuntu</a>), the programming tools used to make it all work (<a href="https://python.org">python</a>, <a href="https://gcc.gnu.org">gcc</a>, <a href="https://nodejs.org">node.js</a>...) -- all of these things were created collectively by contributors all around the world, brought together by HTTP. And given away for free in the spirit of sharing.</p>
<p>The web is open by design and built to empower people. This is the web we're breaking and replacing with one that subverts, manipulates and creates new needs and addiction.</p>
<h2 id="the-way-forward">The Way Forward</h2>
<p>If you want to protect yourself (as a user) from predatory web marketing companies and defend the open web, there a few things you can do today at an individual level. </p>
<p>If you're a web professional (a designer, UX consultant, strategist, programmer...), there are a number of considerations for better respecting your users and protecting their privacy (and your integrity). </p>
<p>Here's a basic list:</p>
<h3 id="for-end-users-you-dear-reader-">For end users (you, dear reader)</h3>
<ul>
<li>If you use Chrome as your main browser, consider switching to the open-source version called <a href="https://www.chromium.org">Chromium</a>. Better yet, switch to <a href="https://getfirefox.com/">Mozilla Firefox</a>, developed by the not-for-profit <a href="https://www.mozilla.org/about/">Mozilla Foundation</a> that has a solid record of defending your privacy. Consider minimalist browsers like <a href="https://minbrowser.github.io/min/">Min</a> (and choose to block all ads, trackers and scripts) to browse news websites. </li>
<li>Install a content/ad blocker for your browser: I recommend <a href="https://github.com/gorhill/uBlock">uBlock Origin</a> (available for Firefox, Chrome and Safari on most platforms). You can also complement this with the <a href="https://www.eff.org/about">Electronic Frontier Foundation</a>'s <a href="https://www.eff.org/privacybadger">Privacy Badger</a> tool that protects you from invasive ads and third-party tracking.</li>
<li>Install <a href="https://www.eff.org/https-everywhere">HTTPS Everywhere</a> for your browser; this forces your information through secure, encrypted channels (HTTPS vs HTTP one) if possible. It can also be configured to only allow connections to HTTPS websites.</li>
<li>Think about how much information/details you provide to social media platforms like Facebook, LinkedIn, Twitter and Instagram. They already have quite a lot (including the ability to recognize you by name on photographs), but what other information are you volunteering? Where you are, whom you're with, information about your friends?</li>
<li>Consider quitting social networks, especially Facebook (but download your data first!). What would you miss the most? Are there alternatives? </li>
<li>Consider alternatives to free services provided by the likes of Google and Facebook. Today, if both of these companies shut down (or implement policies I don't like), I would mostly be fine because my contact with them is limited. I use <a href="https://duckduckgo.com">DuckDuckGo</a> and <a href="https://startpage.com">Startpage</a> for search (free); <a href="https://fastmail.com">FastMail</a> for email and calendar (less than 40€ a year) ; <a href="https://wego.here.com">HERE WeGo</a> for maps (free); <a href="https://signal.org">Signal</a>, email and IRC for messaging (free, along with iMessage, Whatsapp and Twitter); <a href="https://digitalocean.com">Digital Ocean</a> for web hosting (about 5€ per month). </li>
<li>Pay for services and content that you like, if you are able. If you like reading <a href="https://theguardian.com">The Guardian</a>, for example, consider subscribing. If your <a href="https://www.patreon.com/easygerman">favourite YouTube channel is on Patreon</a>, consider pledging a small amount per video. If you like services like <a href="https://pinboard.in">Pinboard.in</a> that charge in return for a useful service, buy it. There's mutual respect when both the user and the service provider know what basic service they are buying/selling.</li>
<li>At the very least, consider that the platforms you use need you more than you need them. You have power over them (unfortunately, in numbers) and they know it. If enough people care about privacy and respect for their data and time, platforms will have to adapt to stay relevant.</li>
</ul>
<h3 id="for-web-professionals-you-fellow-industry-colleague-">For web professionals (you, fellow industry colleague)</h3>
<ul>
<li>Consider not putting share buttons everywhere. They're visual noise and make third party connections every time the page is loaded (adding to load time). If you have to, create your own instead of using ones provided by Facebook and co. (so that a click is needed before a request is made to their servers)</li>
<li>Support HTTPS. It's super easy (and free!) with <a href="https://letsencrypt.org">Let's Encrypt</a> so you don't have an excuse to not respect your users' privacy</li>
<li>Think about accessibility also in terms of page size, load times and tech requirements: will your website work without Javascript? What percentage of the total weight of your page is actual information? How many third party requests are you making? How long would it take to load on a 56.6k dial-up or on EDGE? How does it render for speech readers? Can it be read via a text-based browser? (It's a fun experiment; try visiting your website with a text-based browser like <a href="https://lynx.invisible-island.net/">lynx</a> or <a href="http://links.twibright.com">Links</a>). </li>
<li>Refuse client requests to implement hyper-invasive technologies like canvas fingerprinting.</li>
<li>Consider replacing Google Analytics with a more privacy-respecting analytics software like <a href="https://piwik.org">Piwik</a>. Even better if you can host it yourself!</li>
<li>Minimize third-party dependencies like Google Fonts (you can <a href="https://google-webfonts-helper.herokuapp.com/fonts">self-host them</a> instead).</li>
<li>Avoid ad networks (like the plague!) if possible. Serve your own ads by selling ad space the old school way if you're able. If not, explore privacy-respecting methods of serving ads, including developments powered by the blockchain (like the <a href="https://basicattentiontoken.org">Basic Attention Token</a>). </li>
<li>Respect <a href="http://donottrack.us">Do Not Track</a>.</li>
<li>Carefully consider the benefits of hyper personalisation and retargeting. The benefits are debatable but the long term consequences might be disastrous. Ask yourself: would you be okay with a company collecting as much data (as you seek to collect) on your teenage daughter, your nephew in college, your husband or your grand-mother?</li>
<li>Consider business models where you actually respect your clients and your website visitors instead of using them. If you can't be honest about your business model with your client, maybe you need to ask questions.</li>
</ul>
<h2 id="thoughts-and-feedback">Thoughts and feedback</h2>
<p>It all comes down to one simple question: <strong>what do we want the web to be?</strong> </p>
<blockquote>
<p>Do we want the web to be open, accessible, empowering and collaborative? Free, in the spirit of CERN’s decision in 1993 or the open source tools it's built on? Or do we want it to be just another means of endless consumption, where people become eyeballs, targets and profiles? Where companies use your data to control your behaviour and which enables a surveillance society—what do we want?</p>
</blockquote>
<p>For me, the choice is clear. And it's something worth fighting for.</p>
<p>I hope this article has been interesting. If you have thoughts—you agree, disagree, have reservations, other ideas or a suggestion—I'd love to hear them! This <a href="https://github.com/parimalsatyal/neu/blob/master/essays/against-a-user-hostile-web/index.html">article is on GitHub</a>; if you'd like you can send a pull request with edit suggestions (like <a href="https://anders.unix.se">Anders</a> and <a href="https://github.com/parimalsatyal/neustadt.fr-metalsmith/pulls?q=is%3Apr+is%3Aclosed">many others</a> did, thank you!). You can also get in touch via email (<em>userhostileweb<strong>—at—</strong>neustadt.fr</em>) or, if you're on <a href="https://news.ycombinator.com/item?id=15611122">Hacker News</a> or Reddit, share your thoughts there.</p>
—
<span class="return">← <a href="../../">back home</a></span>
</article>
<p class="info">
<a href="../../license.txt"><img src="../../img/publicdomain.png" alt="CC0 Public Domain logo" /></a><br /> <a href="https://neustadt.fr/essays/against-a-user-hostile-web">Against an Increasingly User-Hostile Web</a>, written by Parimal Satyal on 7 November 2017 and published on <a href="https://neustadt.fr">Neustadt.fr</a>. This text is in the public domain with a <a href="../../license.txt">CC0 1.0 Universal license</a>; you are free to do whatever you want with it (obviously doesn't apply to the photos or examples I've included). A link back is nice but not required. </p>
<span class="return-end">← <a href="../../">back home</a></span>
</div>
</body>
</html>