commit 1fcb4b3d7800e2d92b3f75e3c06f8f4bbf243d07
parent 76bf1942b7db7e49940ee8c546b2684dd7739b00
Author: Andrew Laack <andrew@laack.co>
Date: Sun, 12 Oct 2025 01:45:33 -0500
Added some WIP entries. Wrote new post.
Diffstat:
7 files changed, 148 insertions(+), 1 deletion(-)
diff --git a/posts/entries/stop-collecting-user-data.md b/posts/entries/stop-collecting-user-data.md
@@ -0,0 +1,39 @@
+# Stop Collecting User Data
+
+## Date: 2025/10/12
+
+## Problem Statement
+
+Sending the data of people who use applications you built, by default, for any purpose that is not strictly required for the application to function is morally wrong.
+
+## Why Does This Matter
+
+This matters because humans are trusting. It abuses this trust by tracking unnecessary data about application usage because most humans implicitly assume this is not being done, and they often don't understand what the consequences of this tracking can be [1][2]. Additionally, it is unreasonable to expect users to look through your source code, all of your settings, and your docs to understand what data is being collected. If data is being collected, it should be obvious based on the purpose of the application, and if it is not obvious that it must be collected for the application to work, this should be made explicitly clear to users in the most obvious way possible.
+
+## Counter Arguments
+
+**But it is necessary to track errors so we can fix bugs and improve UX**
+
+Yes, this is often the case. Does the Linux kernel collect logs? Yes! Do they upload them to a server for aggregation? No! This is how error logging should be done. Write your logs to a log file, but don't automatically upload them to your servers. If a user has an issue that they would like addressed, they will let you know about it. If they don't notice or don't mind the issue, it's their right to not report it. Some users may not want to deal with the hassle of uploading logs when things break, so they may prefer to have an option to automatically upload their logs. This is totally fine, but only if they are informed about what is being logged and it is an opt-in.
+
+**But it is necessary to track usage to understand what users want**
+
+No, it isn't. GitHub (bleh) issues exists, Discord (ick) exists, Matrix exists, email exists, there are countless ways software projects crowd source improvements to their applications, but it should not be done using mass surveillance. I would argue it is acceptable to have an opt-in option to collect usage data, but I do wonder about the soundness of the minds of people who choose to opt-in to such surveillance.
+
+## Towards a Solution
+
+Use applications that respect your privacy. If an application you are using collects your data and is not proprietary, it is quite likely there is a fork of it that strips out the data collection, see ungoogled-chromium [4] and LibreWolf [5] as examples. If one doesn't exist, consider making one.
+
+If user-respecting alternatives don't exist and the application is proprietary, consider using WireShark [3] to see what domains the application is resolving. Once you find the data collection domains, add these domains to your /etc/hosts file or self-hosted DNS server (like a Pi-hole), and have them resolve to 0.0.0.0. This doesn't always work because the domain that is collecting data is sometimes used for to support the core functionallity of the application, but in an ideal world this should not be necessary as you shouldn't be using proprietary software to begin with.
+
+## Citations
+
+[1] - https://web.archive.org/web/20250929235200/https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/
+
+[2] - https://en.wikipedia.org/wiki/Cambridge_Analytica
+
+[3] - https://www.wireshark.org/download.html
+
+[4] - https://github.com/ungoogled-software/ungoogled-chromium
+
+[5] - https://librewolf.net/
diff --git a/posts/site/feed.xml b/posts/site/feed.xml
@@ -7,9 +7,16 @@
<language>en-us</language>
<managingEditor>andrew@laack.co</managingEditor>
<webMaster>andrew@laack.co</webMaster>
-<lastBuildDate>Sat, 04 Oct 2025 18:10:30 -0500</lastBuildDate>
+<lastBuildDate>Sun, 12 Oct 2025 01:44:35 -0500</lastBuildDate>
<atom:link href="https://blog.laack.co/feed.xml" rel="self" type="application/rss+xml"/>
<item>
+<title><![CDATA[Stop Collecting User Data]]></title>
+<link>https://blog.laack.co/stop-collecting-user-data.html</link>
+<description><![CDATA[<h2 id="problem-statement">Problem Statement</h2><p>Sending the data of people who use applications you built, by default, for any purpose that is not strictly required for the application to function is morally wrong.</p><h2 id="why-does-this-matter">Why Does This Matter</h2><p>This matters because humans are trusting. It abuses this trust by tracking unnecessary data about application usage because most humans implicitly assume this is not being done, and they often don’t understand what the consequences of this tracking can be [1][2]. Additionally, it is unreasonable to expect users to look through your source code, all of your settings, and your docs to understand what data is being collected. If data is being collected, it should be obvious based on the purpose of the application, and if it is not obvious that it must be collected for the application to work, this should be made explicitly clear to users in the most obvious way possible.</p><h2 id="counter-arguments">Counter Arguments</h2><p><strong>But it is necessary to track errors so we can fix bugs and improve UX</strong></p><p>Yes, this is often the case. Does the Linux kernel collect logs? Yes! Do they upload them to a server for aggregation? No! This is how error logging should be done. Write your logs to a log file, but don’t automatically upload them to your servers. If a user has an issue that they would like addressed, they will let you know about it. If they don’t notice or don’t mind the issue, it’s their right to not report it. Some users may not want to deal with the hassle of uploading logs when things break, so they may prefer to have an option to automatically upload their logs. This is totally fine, but only if they are informed about what is being logged and it is an opt-in.</p><p><strong>But it is necessary to track usage to understand what users want</strong></p><p>No, it isn’t. GitHub (bleh) issues exists, Discord (ick) exists, Matrix exists, email exists, there are countless ways software projects crowd source improvements to their applications, but it should not be done using mass surveillance. I would argue it is acceptable to have an opt-in option to collect usage data, but I do wonder about the soundness of the minds of people who choose to opt-in to such surveillance.</p><h2 id="towards-a-solution">Towards a Solution</h2><p>Use applications that respect your privacy. If an application you are using collects your data and is not proprietary, it is quite likely there is a fork of it that strips out the data collection, see ungoogled-chromium [4] and LibreWolf [5] as examples. If one doesn’t exist, consider making one.</p><p>If user-respecting alternatives don’t exist and the application is proprietary, consider using WireShark [3] to see what domains the application is resolving. Once you find the data collection domains, add these domains to your /etc/hosts file or self-hosted DNS server (like a Pi-hole), and have them resolve to 0.0.0.0. This doesn’t always work because the domain that is collecting data is sometimes used for to support the core functionallity of the application, but in an ideal world this should not be necessary as you shouldn’t be using proprietary software to begin with.</p><h2 id="citations">Citations</h2><p>[1] - https://web.archive.org/web/20250929235200/https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/</p><p>[2] - https://en.wikipedia.org/wiki/Cambridge_Analytica</p><p>[3] - https://www.wireshark.org/download.html</p><p>[4] - https://github.com/ungoogled-software/ungoogled-chromium</p><p>[5] - https://librewolf.net/</p>]]></description>
+<pubDate>Sun, 12 Oct 2025 00:00:00 -0500</pubDate>
+<guid>https://blog.laack.co/stop-collecting-user-data.html</guid>
+</item>
+<item>
<title><![CDATA[AdNauseum, Track Me Not, and Privacy Through Obscurity]]></title>
<link>https://blog.laack.co/adnauseum-track-me-not-and-privacy-through-obscurity.html</link>
<description><![CDATA[<h2 id="context">Context</h2><p>AdNauseum [1] is a fork of uBlock Origin [2] that hides ads, clicks them in the background, and aggregates the clicked ads in an easy to view interface. The key difference between UBlock Origin and AdNauseum is AdNauseum both hides and clicks ads.</p><p>Track Me Not [3] is a browser extension that mimics human search queries to obscure real queries in the noise.</p><h2 id="usability">Usability</h2><p>AdNauseum is as effective as uBlock Origin at hiding advertisements. For a user, there is no trade off in the usability of the web when compared with uBlock Origin. This is nice because more restrictive approaches to privacy, like GNU IceCat [4] and Tor [5], hinder modern web usage.</p><p>Similarly, Track Me Not has almost no impact on the usability of the web. I say almost no because the traffic it generates likely increases the probability of being shown CAPTCHAs, given that the traffic it generates is likely distributionally different than normal traffic.</p><h2 id="effectiveness-at-improving-privacy">Effectiveness at Improving Privacy</h2><p>AdNauseum is likely worse at protecting your privacy than UBlock Origin. By clicking ads in the background, there is an inherent trail of where you have been. In some ways this trail exists the moment the ad network sells the ad you are shown, but by using a more obscure technology than UBlock Origin, you are more likely to be fingerprinted. Despite this, AdNauseum makes the modern web a better experience to use than not having an ad blocker.</p><p>Track Me Not may also hinder privacy, depending on your privacy goals. The inherent problem is it is phoning home to search engines over time, giving them information about where you are. Search providers are also likely to fingerprint you on the basis of these strange searches. The possible saving grace is that by having so much noise in your search history, it could difficult to figure out what you are interested in. I am uncertain about the value of this though as there are likely going to be two search distributions; Track Me Not’s, and yours. This allows sophisticated search providers to ignore the synthetic requests and track your real requests while also gaining real time IP information.</p><p>In short, I find the idea that these tools improve privacy to be dubious.</p><h2 id="why-you-still-might-want-to-use-them">Why You Still Might Want to Use Them</h2><p>The value of these tools is they are a form of active resistance against ads and tracking. While your privacy is likely hindered by them, you are sending a message. That message costs ad networks and search providers money. In the case of AdNauseum, clicks are expensive for advertisers because most people ignore ads, and Track Me Not imposes computational costs on search providers. Even so, by clicking on so many ads ad networks may catch on and stop charging as much per click. Similarly, search providers may block you or start giving CAPTCHAs which likely impose less computational costs on them than running a query.</p><h2 id="my-thoughts">My Thoughts</h2><p>You probably shouldn’t be using them. While I enjoy active resistance, this is unlikely to be the right way to do it. It may mess with their knowledge about you if they are not sophisticated, but any sophisticated search provider or ad network, which I think most of them are, will easily sus out inauthentic traffic and gain more information about you as a result.</p><p>Instead of using these tools, I recommend doing the following to improve privacy:</p><ul><li>Use Tor when possible</li><li>Avoid sites that require signing in</li><li>Don’t use social media</li><li>Use a privacy respecting browser</li><li>Use UBlock Origin</li><li>Use a Pi-hole [6] and privacy respecting DNS servers</li><li>Minimize your usage of search engines</li><li>Use a variety of privacy respecting search engines</li><li>Use local AI tools (if you must use any at all)</li><li>Use E2EE messaging when possible</li><li>Minimize the trackability of financial transactions</li><li>Don’t carry a phone and minimize your usage of it</li><li>Avoid proprietary software and software that collects data</li></ul><p>This results in me doing the following:</p><ul><li>Using Tor for most of my traffic</li><li>Avoiding sites that require signing in</li><li>Not using social media sites</li><li>Using LibreWolf [7] as my default non-Tor browser</li><li>Routing all non-Tor DNS requests through a self-hosted Pi-hole with additional domain filtering</li><li>Using DuckDuckGo and a variety of public SearX instances for search</li><li>Running Ollama [8] models locally</li><li>Preferring communication with PGP encrypted emails, Matrix, or Signal</li><li>Using cash or Monero when possible for transactions</li><li>Not carrying my phone with me and only using it when it is the only means of achieving a specific goal (ie. SMS 2FA, communication with certain individuals, etc.)</li><li>Only using Libre software that doesn’t collect data</li></ul><p>Unfortunately there are sometimes exceptions to the above for the purpose of completing my work in an efficient manner, but in my personal life, I am unwilling to compromise on these things.</p><h2 id="citations">Citations</h2><p>[1] - <a href="https://github.com/dhowe/AdNauseam.md">https://github.com/dhowe/AdNauseam</a></p><p>[2] - <a href="https://github.com/gorhill/uBlock.md">https://github.com/gorhill/uBlock</a></p><p>[3] - <a href="https://github.com/vtoubiana/TrackMeNot.md">https://github.com/vtoubiana/TrackMeNot</a></p><p>[4] - <a href="https://www.gnu.org/software/gnuzilla/">https://www.gnu.org/software/gnuzilla/</a></p><p>[5] - <a href="https://www.torproject.org/about/history/">https://www.torproject.org/about/history/</a></p><p>[6] - <a href="https://pi-hole.net/">https://pi-hole.net/</a></p><p>[7] - <a href="https://librewolf.net/">https://librewolf.net/</a></p><p>[8] - <a href="https://ollama.com/">https://ollama.com/</a></p>]]></description>
diff --git a/posts/site/index.html b/posts/site/index.html
@@ -10,6 +10,7 @@
<h1>Blog Posts</h1>
<p><a href="feed.xml">RSS Feed</a></p>
<ol>
+<li><a href="stop-collecting-user-data.html">stop-collecting-user-data</a> - <em>2025/10/12</em></li>
<li><a href="adnauseum-track-me-not-and-privacy-through-obscurity.html">adnauseum-track-me-not-and-privacy-through-obscurity</a> - <em>2025/10/4</em></li>
<li><a href="the-sustainability-of-youtube.html">the-sustainability-of-youtube</a> - <em>2025/9/28</em></li>
</ol>
diff --git a/posts/site/stop-collecting-user-data.html b/posts/site/stop-collecting-user-data.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
+<head>
+ <meta charset="utf-8" />
+ <meta name="generator" content="pandoc" />
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
+ <title>stop-collecting-user-data</title>
+ <style>
+ code{white-space: pre-wrap;}
+ span.smallcaps{font-variant: small-caps;}
+ div.columns{display: flex; gap: min(4vw, 1.5em);}
+ div.column{flex: auto; overflow-x: auto;}
+ div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
+ /* The extra [class] is a hack that increases specificity enough to
+ override a similar rule in reveal.js */
+ ul.task-list[class]{list-style: none;}
+ ul.task-list li input[type="checkbox"] {
+ font-size: inherit;
+ width: 0.8em;
+ margin: 0 0.8em 0.2em -1.6em;
+ vertical-align: middle;
+ }
+ .display.math{display: block; text-align: center; margin: 0.5rem auto;}
+ </style>
+ <link rel="stylesheet" href="style.css" />
+</head>
+<body>
+<h1 id="stop-collecting-user-data">Stop Collecting User Data</h1>
+<h2 id="date-20251012">Date: 2025/10/12</h2>
+<h2 id="problem-statement">Problem Statement</h2>
+<p>Sending the data of people who use applications you built, by default, for any purpose that is not strictly required for the application to function is morally wrong.</p>
+<h2 id="why-does-this-matter">Why Does This Matter</h2>
+<p>This matters because humans are trusting. It abuses this trust by tracking unnecessary data about application usage because most humans implicitly assume this is not being done, and they often don’t understand what the consequences of this tracking can be [1][2]. Additionally, it is unreasonable to expect users to look through your source code, all of your settings, and your docs to understand what data is being collected. If data is being collected, it should be obvious based on the purpose of the application, and if it is not obvious that it must be collected for the application to work, this should be made explicitly clear to users in the most obvious way possible.</p>
+<h2 id="counter-arguments">Counter Arguments</h2>
+<p><strong>But it is necessary to track errors so we can fix bugs and improve UX</strong></p>
+<p>Yes, this is often the case. Does the Linux kernel collect logs? Yes! Do they upload them to a server for aggregation? No! This is how error logging should be done. Write your logs to a log file, but don’t automatically upload them to your servers. If a user has an issue that they would like addressed, they will let you know about it. If they don’t notice or don’t mind the issue, it’s their right to not report it. Some users may not want to deal with the hassle of uploading logs when things break, so they may prefer to have an option to automatically upload their logs. This is totally fine, but only if they are informed about what is being logged and it is an opt-in.</p>
+<p><strong>But it is necessary to track usage to understand what users want</strong></p>
+<p>No, it isn’t. GitHub (bleh) issues exists, Discord (ick) exists, Matrix exists, email exists, there are countless ways software projects crowd source improvements to their applications, but it should not be done using mass surveillance. I would argue it is acceptable to have an opt-in option to collect usage data, but I do wonder about the soundness of the minds of people who choose to opt-in to such surveillance.</p>
+<h2 id="towards-a-solution">Towards a Solution</h2>
+<p>Use applications that respect your privacy. If an application you are using collects your data and is not proprietary, it is quite likely there is a fork of it that strips out the data collection, see ungoogled-chromium [4] and LibreWolf [5] as examples. If one doesn’t exist, consider making one.</p>
+<p>If user-respecting alternatives don’t exist and the application is proprietary, consider using WireShark [3] to see what domains the application is resolving. Once you find the data collection domains, add these domains to your /etc/hosts file or self-hosted DNS server (like a Pi-hole), and have them resolve to 0.0.0.0. This doesn’t always work because the domain that is collecting data is sometimes used for to support the core functionallity of the application, but in an ideal world this should not be necessary as you shouldn’t be using proprietary software to begin with.</p>
+<h2 id="citations">Citations</h2>
+<p>[1] - https://web.archive.org/web/20250929235200/https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/</p>
+<p>[2] - https://en.wikipedia.org/wiki/Cambridge_Analytica</p>
+<p>[3] - https://www.wireshark.org/download.html</p>
+<p>[4] - https://github.com/ungoogled-software/ungoogled-chromium</p>
+<p>[5] - https://librewolf.net/</p>
+</body>
+</html>
diff --git a/posts/wip/on-need.md b/posts/wip/on-need.md
@@ -0,0 +1,23 @@
+# On Need
+
+## The Problem
+
+The words you say have an impact on the way you think. A word I find particularly problematic is the word need.
+
+## Do You Really *NEED* Anything?
+
+This is what I like to say when people use an unqualified need. An unqualified need is as follows:
+
+> I *need* to eat food, I'm starving!
+
+Aside from the fact that they likely aren't actually starving, they don't *need* food. This can be thought of in a similar way as the is-ought problem [1]. If someone says they *need* something you can then ask them, "Why do you *need* that?". In the case of food they may say, "I *need* food so I survive", and to this you may say, "Why do you *need* to survive", and this can continue forever because needs are predicated upon something. Often the usage of the word need has some sort of implicit qualification as is the case of, "I *need* food" implying that it is needed to survive, but you don't *need* to survive. I don't want you to die, but it is not necessary for you to be alive. If you aren't alive there is not something that happens whereby it can't happen like breaking a law of math or physics. Everyone dies and since this doesn't break any fundamental law, there is no *need* to be alive.
+
+The danger in statements like, "I *need* to eat food", is that they create a dependence upon something. By saying you *need* something you are telling yourself that without it you are incomplete. You are beholden unto this thing. This is dangerous because it leads to acts of immorality because of the perception that something must be done. I believe this is what has led to mass surveilance because people think they *need* to do what their boss tells them to do even when they know it's wrong.
+
+ YOU DON'T NEED ANYTHING. You want it because you perceive the consequences as being worse than what you are interested in. This is not a need. This is a want. Understand the difference.
+
+You don't need to live. You don't need food. You don't need water.
+
+You need to live to be able to work. You need food to live. You need water to live. You don't need them.
+
+[1] - https://en.wikipedia.org/wiki/Is%E2%80%93ought_problem
diff --git a/posts/wip/why-people-build-spyware.md b/posts/wip/why-people-build-spyware.md
@@ -0,0 +1,25 @@
+# Why People Build Spyware?
+
+## Date: 2025/10/5
+
+I will argue the main driver behind people building spyware is apathy.
+
+## The Real World vs. The Digital World
+
+Yesterday I was following a person from my apartment complex around because I wanted to know what he did for work. It was quite interesting, he works at a restaurant and I learned some new recipes by watching him cook. It's nice being able to watch people when they don't know they're being watched.
+
+Wait, no, I didn't do that, because that's creepy. What I actually did is added PostHog telemetry to my website to track how users are navigating my website, what they click on, where their mouse goes, their keystrokes, all that. Wait, I didn't do that either because it's equally as creepy.
+
+It is far more palatable for most developers to add input and page navigation tracking to a website than to tail someone in real life. In both cases, you are observing someone who doesn't know they are being observed and likely doesn't want to be observed. This leads me to conclude that if one is not acceptable, neither are.
+
+So why is it palatable to add site tracking? Because it is in the digital world, not the real world. When people are just numbers on a screen and users of software you developed, they are often viewed as less than people. Why does it matter that I know what user 2109478 did on my website? I made the website, I'm the creator of the website, they chose to use my site, don't they know the consequences of that? This framing removes any guilt associated with developing spyware and thrusting it upon people.
+
+## What Can Be Done?
+
+If you are developing software, say no to tracking. I am guilty of transgressions myself, but please consider the consequences of the tracking you add to your software and consider if it would be reasonable to collect this data in person. If it isn't, why is it okay to collect this data online?
+
+If you are using software that has trackers, ask yourself why. Would you be willing to have someone sitting behind you collecting this information? If not, don't put up with it. If the software is libre, make the changes yourself to write these wrongs and re-distribute it to anyone who will use it. If the software is non-libre (proprietary), use not an "alternative" [1] to it, but an improvement upon it in the form of libre software. If no such software exists, ask yourself why that is. Could you build a libre improvement upon it? Why is it you need to use this software in the first place? Does your the task you are trying to achieve supersede the value of privacy and the immorality of proprietary software?
+
+## Citations
+
+[1] - https://www.gnu.org/philosophy/words-to-avoid.html#Alternative
diff --git a/posts/wip/yes-software-does-get-completed.md b/posts/wip/yes-software-does-get-completed.md
@@ -0,0 +1,3 @@
+# Yes, Software Does Get Completed
+
+Not all software needs to be maintained forever, and that's fine. Feature completness does exist. Please stop adding features. I don't want more features. I want simplicity. I want software that is like lego blocks. Each piece doing one thing and one thing only, fitting together in harmony. Please stop adding features.
