Changes to the Blog

I have made a few changes to my blog that I'd like to talk about.

The first is the various buttons associated with each post: a Facebook Like button, a Retweet button, and so on. These buttons are ubiquitous on the Internet now. We publishers like them because it makes it easier for our readers to share our content. I especially like them because I can obsessively watch the totals see how my writings are spreading out across the Internet.

The problem is that these buttons use images, scripts, and/or iframes hosted on the social media site's own servers. This is partly for webmasters' convenience; it makes adoption as easy as copy-and-pasting a few lines of code. But it also gives Facebook, Twitter, Google, and so on a way to track you -- even if you don't click on the button. Remember that: if you see sharing buttons on a webpage, that page is almost certainly being tracked by social media sites or a service like AddThis. Or both.

What I'm using instead is SocialSharePrivacy, which was created by the German website Heise Online and adapted by Mathias Panzenböck. The page shows a grayed-out mockup of a sharing button. You click once to activate it, then a second time to share the page. If you don't click, nothing is loaded from the social media site, so it can't track your visit. If you don't care about the privacy issues, you can click on the Settings icon and enable the sharing buttons permanently.

It's not a perfect solution -- two clicks instead of one -- but it's much more privacy-friendly.

(If you're thinking of doing something similar on your own site, another option to consider is shareNice. ShareNice can be copied to your own webserver; but if you prefer, you can use their hosted version, which makes it as easy to install as AddThis. The difference is that shareNice doesn't set cookies or even log IP addresses -- though you'll have to trust them on the logging part. The problem is that it can't display the aggregate totals.)

The second change is the search function. I changed the site's search engine from Google to DuckDuckGo, which doesn't even store IP addresses. Again, you have to trust them on that, but I'm inclined to.

The third change is to the feed. Starting now, if you click the feed icon in the right-hand column of my blog, you'll be subscribing to a feed that's hosted locally on schneier.com, instead of one produced by Google's Feedburner service. Again, this reduces the amount of data Google collects about you. Over the next couple of days, I will transition existing subscribers off of Feedburner, but since some of you are subscribed directly to a Feedburner URL, I recommend resubscribing to the new link to be sure. And if by chance you have trouble with the new feed, this legacy link will always point to the Feedburner version.

Fighting against the massive amount of surveillance data collected about us as we surf the Internet is hard, and possibly even fruitless. But I think it's important to try.

Posted on March 22, 2013 at 3:46 PM • 77 Comments

Comments

silMarch 22, 2013 3:52 PM

Hrmm... All of our data is at Choicepoint, Spokeo and ECHELON already anyway ;) So privacy means? Now, if you'd have forced SSL, promised to NOT LOG period, then we'd be talking

CheetahMarch 22, 2013 3:57 PM

Hmm ... I notice that the RSS link you offer in the right column is not to the full article text. Is the direct (non-feedburner) RSS link I have that does provide full text going to continue to work?

ModeratorMarch 22, 2013 4:13 PM

Hmm ... I notice that the RSS link you offer in the right column is not to the full article text. Is the direct (non-feedburner) RSS link I have that does provide full text going to continue to work?

The new Atom feed contains both full text and a summary -- the reader chooses which one to display. But yes, any RSS link you have will continue to work.

tobiMarch 22, 2013 4:25 PM

The old feed showed "Bruce Schneier" as the author. The new one shows "schneier". You might be interested in reverting that in order to further your personal brand.

EDMarch 22, 2013 4:34 PM

*yawn* everyone should be running adblock by now or use modified hosts file. all these tracking services have unique links that get filtered out by a simple localhost rule.

bcsMarch 22, 2013 4:40 PM

My (not un-biased) though on the matter is that surveillance data collection should be a choice. If I want to not be tracked, I should be able to get that. If I want some service to collect data about me to for the purpose improving my experience I should be able to get that.

As it happens, I trust some of the players to do more good than harm.

Yah, anonMarch 22, 2013 4:52 PM

Thanks for being pro-active about the slow death of feedburner, as well as the attention to trackers.

I've installed the DoNotTrackMe extension from Abine for Chrome/Safari. It blocks all the social tracking, as well as the insanely large number of ad-demo tracking networks.

So far (a week's use) I like it. Nothing useful has broken as far as I can tell.

NB: the name has nothing to do with the emasculated "do not track" HTTP header, which afaik does nothing.

bobMarch 22, 2013 4:54 PM

i wholeheartedly agree -- may be fruitless, but we have to try to control our own information. thanks bruce.

tonyMarch 22, 2013 5:04 PM

Thank you for looking out for your readers and setting an example at the same time. It's a small thing but it's encouraging.

anonMarch 22, 2013 5:14 PM

So it's OK to (by default) have twitter and Facebook track people but not Google?

Knowing people at all three companies, I've vastly more comfortable with what Google has on me and how i can manage it.

BenMarch 22, 2013 5:16 PM

Thanks for doing this. Those "Share" icons have always bothered me. I run both ABP and NoScript. Running NoScript in particular makes you acutely aware of how often Facebook.net and other domains are being loaded from pretty much every website you visit.

JamesMarch 22, 2013 5:18 PM

That's why I am slowly building my own index and always use that first before using the major ones.

Fool proof? Nope. Will it frustrate someone who sues me? You bet.

ModeratorMarch 22, 2013 5:41 PM

So it's OK to (by default) have twitter and Facebook track people but not Google?

They're all disabled by default.

yet another anonMarch 22, 2013 6:03 PM

I appreciate your self-hosted rss feed. I would like to see more sites to abandon feedburner.

Tor with Noscript does the trickMarch 22, 2013 6:18 PM

TOR with noscript blocks all these trackers.

for web search duckduckgo or
I use ixquick or startpage for searches.


search results on start page have a option to click on the "use proxy to view" button so that I have a double proxy when looking at the web pages

GalahadMarch 22, 2013 6:41 PM

Wonderful, thank you Bruce.

And to all those bragging about how they're already making sure they're not being tracked: good for y'all, have some cookies and feel free to pat yourselves on the shoulder for outhipstering everybody else. And then quit your solipsistic self-congratulation and realize that not everybody's doing what you do, and that in fact not everybody knows how to do it, or that there's even a problem with being tracked all across the Internet in the first place. What Bruce is doing here is good and right and important, and he deserves kudos for it.

TomMarch 22, 2013 6:41 PM

Thanks Bruce! Very thoughtful of you to discover these obscure social mechanisms which also preserve privacy.

Chris HealdMarch 22, 2013 6:58 PM

Hey Bruce, you can have one-click Twitter and G+ buttons without any Javascript. Just construct links of the form:

Twitter: https://twitter.com/intent/tweet?original_referer=%s&source=tweetbutton&text=%s&url=%s

Facebook: https://www.facebook.com/sharer/sharer.php?s=100&p[url]=%s&p[images][0]=%s&p[title]=%s&p[summary]=%s

G+: https://plus.google.com/share?url=%s

Just sub in the %s's as appropriate, and maybe have these links open in a popup when clicked. That will keep all the third-party JS off of your site. You don't get the nice in-page share flow, but you have no JS dependency and no potential for third parties to inject things into your page.

Julien CouvreurMarch 22, 2013 8:00 PM

It's the first time I hear about SocialSharePrivacy, but it seems a simple and ingenious solution.

One thing worth noting is that this solution advertises itself. If you click on that widget, it explains that it offers more privacy. Then people would see that the more common widgets don't have the additional privacy functionality.


That said, I still don't believe people value privacy (as defined by not being tracked by Google or Facebook) very much.
Otherwise, browsers would already have functionality such as "Warning: You are entering this site for the first time. This site uses Facebook tracking. Given your privacy settings, do you want to proceed?".

DonMarch 22, 2013 8:21 PM

IANAL. Are there any intellectual property issues with SocialSharePrivacy? You are displaying modified versions of the buttons, probably without the permission of the Facebook, et. al. Not sure they will be happy with that.

Civil LibertarianMarch 22, 2013 8:34 PM

Thanks, Bruce, both for the consideration and the tips: As a developer I will begin deploying SocialSharePrivacy and ShareNice for clients.

pfoggMarch 22, 2013 9:01 PM

Rendering a few details of one's personal life slightly less accessible (increasing 'obscurity', as per the essay linked here in January), is a marginal gain by itself, and as an exercise it calls attention to the matter, encouraging people to both seek out further marginal gains, and to bump up the priority of the larger issues.

Of course, as a user of 'tor' I've been nudged toward DuckDuckGo by Google itself: DuckDuckGo doesn't interrupt search results to accuse me of being a bot because I'm accessing them from a tor gateway whose IP address has a traffic pattern they've deemed suspicious.

ModeratorMarch 22, 2013 9:03 PM

I didn't even know there's a feedburner feed. I subscribe via http://www.schneier.com/blog/index.rdf Will it still work? Should I abandon it for the atom.xml feed.

I do recommend the new Atom feed, but the one you're using now should still work.

I think there are a total of 7 old blog feed URLs people could be using now. They will all still exist, and only those with feedburner.com in them will use Feedburner.

eggoMarch 22, 2013 10:04 PM

Very interesting, thank you. The concept was so intriguing that I opened my test install of chrome in order to see them.

Angus S-FMarch 22, 2013 10:47 PM

You said "Fighting against the massive amount of surveillance data collected about us as we surf the Internet is hard, and possibly even fruitless. But I think it's important to try."

Thanks for trying.

Nick PMarch 23, 2013 12:17 AM

Then there's people like me who stubbornly use the HTML links. That dated technology that has performed for over a decade. I expect those should work fine, yes?

Michael KellyMarch 23, 2013 1:16 AM

I would double check that those disabled buttons are okay. We worked on a similar technique for some of our sites and found that having a greyed-out Facebook or Twitter button was against their policies, which may or may not matter.

WladimirMarch 23, 2013 1:19 AM

Any small bit helps. Thanks for trying and thanks for the sanity!

And to defuse some of the more critical comments, whether or not the majority values privacy (yet) is really besides the point here.

NesetalisMarch 23, 2013 3:43 AM

I've been using an adblock list to block social media buttons for a while.
One one page I frequent, the page would hang for up to 20 seconds while it tried to load some 60 or 70 iframes of social media buttons. After I blocked them it was instantaneous.

As for security, that is a nice feature as well. I'll have to pass your solution on to others, its much cleaner than forcing these buttons on to your faithful readers!

Marko SaricMarch 23, 2013 4:47 AM

This is a very interesting approach, I really like it. I use Adblock and DuckDuckGo but really like making these changes for my blog visitors as well.

steffenMarch 23, 2013 4:58 AM

I recommend using Startpage (https://startpage.com) as you can even enhance your own websearch settings directly.

Jose MMarch 23, 2013 4:58 AM

Great point, we do have to at least try!
I'll use the SocialPrivacy buttons as well, thanks for sharing.

Now if only Vimeo stopped adding Google Analytics tracking on all embedded videos (even those from paid accounts). My videos are the only tracking I have on my website :(

GweihirMarch 23, 2013 5:45 AM

Total surveillance gives total power and where that leads, history has amply demonstrated. Not only is it important to try, the lessons learned from trying are valuable too.

In short: I like these changes!

martinoMarch 23, 2013 8:12 AM

Yea, nice job! SANS has been using the click-to-activate social media buttons for a while now, but not that I care (I avoid social media, media is bad but being social about it for an IT guy...just doesn't mix with me ;oP)

cakMarch 23, 2013 9:52 AM

I agree 100% with sil. And since the police can't catch all the murders, they should also be disbanded.

Michael.March 23, 2013 10:22 AM

I use RequestPolicy, NoScript and CookieMonster in Firefox. These three seem to protect me from most of the tracking that goes on on the web.

RequestPolicy may take a little bit of work to get working for you. But once it does, it should just work. NoScript should just work as well, as should CookieMonster.

And for those sites that are pulling in thirty different scripts from thirty different domains, just to put together the content, well, I have another Firefox profile I can use if I really want to see the text.

It takes both end users and website owners together to help defeat tracking. That you are willing to help is a big positive.

NotMuchButSomethingMarch 23, 2013 10:30 AM

First comment ever here in this blog. Just wanted to thank you for your effort. While the Heise solution is not perfect, it is indeed much better than the immediate tracking by social media buttons almost everywhere.

It may be a small thing to achieve, but it IS something. Small steps at a time will eventually lead us somewhere. :)

anony4March 23, 2013 1:18 PM

Huh, SocialSharePrivacy appears to be an unattributing clone of Franzi Roesner et al.'s ShareMeNot, released in July 2011 (and advertised here then).

vMarch 23, 2013 5:03 PM

The less tracking the better.
Thank you.
One day all intelligent people will use DuckDuckGo rather than Google... aka why do people want Google to make money from their personal stuff?

sazaryMarch 23, 2013 5:25 PM

there's a firefox plugin named Ghostery. what it does is what SocialSharePrivacy does, in our own browser. it blocks every thing that could track you: advertising companies, social networks, visitors stats collectors and like. of course if you want you can unblock some of them permanently (for example, may be you like the tweet button be always enabled for you) or you can only enable any of them just for one time. it is a really nice plugin.

Mischa TuffieldMarch 23, 2013 7:46 PM

Hello,

I wrote shareNice, and thought that I would say thank you for mentioning it. In the UK, I went on a bit of a rampage trying to get websites like nhs.uk and bbc.co.uk to remove these intrusive sharing objects. And I think I did manage to educate a few people, and the bbc no longer has any sharing which doesn't require at least 1 click.

I know of a bunch of academic institutions are using sharenice in the UK, but because I push all logs to /dev/null on my server, I can't really tell how many people are using it :)

I wrote about how intrusive these "sharing buttons" are on the web a while back.

Awesome to see you talking about this, I do think it is an issue which isn't widely discussed or understood.

Once again, thanks for mentioning shareNice.

Mathias PanzenböckMarch 23, 2013 8:10 PM

It's always awesome when someone actually uses and appreciates your work! :)
(I'm the guy that made the improvements to Heise's Social Share Privacy script.)

Chris Heald:
Yes, there are static links for about every social sharing site and if that's all you want you should use them. Social Share Privacy is meant to be used when you want all the functionality of the original share buttons (the counter, the popups of the Google+, flattr and Xing buttons) or all the title/description/embed code/etc. auto detection magic which I added.

anony4:
I don't think it is. Social Share Privacy is a jQuery plugin that renders share buttons. ShareMeNot is a browser plugin that prevents share buttons from loading (as I understand it).

And thanks for mentioning my Social Share Privacy fork! Since you did I got tons more "stargazers" on github. :)

RapturedShadowMarch 23, 2013 8:13 PM

Thanks for looking out for us.

I do run across posts on this forum from time to time when performing research. It is good to see there is some security added to this to protect poster's privacy.

RichieBMarch 24, 2013 3:09 AM

@Mischa: don't send your logs to /dev/null! It could have been replaced with an auto-forwarder by pro-social-tracking hackers. It is better to not configure any logging at all.

FeverMarch 24, 2013 4:46 AM

Bruce, thank you so much for taking a stand for privacy. I find the amount of tracking on the web today both terrifying and infuriating.

I'm especially happy about DuckDuckGo being used instead of Google. I've been putting my trust in this company for a few months now, and it reassures me a bit to see someone of your stature getting behind them. Then again, it would be easy for DDG to be fooling us all, or for you to be in collusion with them.

This gives me a small thought--does anyone see a way of eventually using verified computation to enforce the claims made by purportedly private services? What I know about the subject (which is very little) suggests that right now it's prohibitively inefficient but possible in principle. If it could be made cheap for the prover but expensive for the verifier it could work because the verifier could just randomly select which computations to check, while the prover proved every single one. With enough users, one could simultaneously achieve a high probability of detecting dishonesty with a negligible average load for each verifier. Verification could even run as a background process that didn't interrupt the user experience.

MischaMarch 24, 2013 5:22 AM

@RichieB thanks for the suggestion, this is my current apache conf, would love to hear how you think i could make it better. But I see what you are suggesting re: not sending to /dev/null http://mmt.me.uk/p/f3PPYF8. Will try and investigate soon.

@Nop badtaste!

@Fever to your last point, I was talking to some folk from Ghostery at SxSW and we came to the conclusion that the best thing to do is to ask some independent third party to eyeball your work and to poke around your service. I see how their is a degree of trust around using a self-proclaimed privacy friendly service like my shareNice tool, and like lots of the web it is down to trust. shareNice is an open-source project which one can choose to host on their on domain one prefers. In the meanwhile I might hit up someone like Ashkan Soltani to see if they would eyeball my service.

TomMarch 24, 2013 12:12 PM

I did not have to click twice to activate the Facebook and Twitter share buttons.

JardaMarch 24, 2013 5:48 PM

If you are concerned about privacy, you can improve your hosts file with these few lines to get rid of Facebook, who sucks probably most of all and which is the one whose buttons you find nowadays even on toilet flushers so that every time you use it it's wtitten in your Tim Line regardles to whether you have or not a Facebook profile.

# Block Facebook
127.0.0.1 www.facebook.com
127.0.0.1 facebook.com
127.0.0.1 static.ak.fbcdn.net
127.0.0.1 www.static.ak.fbcdn.net
127.0.0.1 login.facebook.com
127.0.0.1 www.login.facebook.com
127.0.0.1 fbcdn.net
127.0.0.1 www.fbcdn.net
127.0.0.1 fbcdn.com
127.0.0.1 www.fbcdn.com
127.0.0.1 static.ak.connect.facebook.com
127.0.0.1 www.static.ak.connect.facebook.com

ModeratorMarch 24, 2013 5:48 PM

Tom, I think you're confusing the Subscribe buttons (in the right column of the blog) with the sharing buttons that Bruce is talking about. The Subscribe buttons are just locally hosted images, so there's no communication with Facebook or Twitter unless you click them.

TBAMarch 24, 2013 6:04 PM

Thank you, Bruce. Your efforts prompted me to do the same on my own website, which had become quite Google-ified (translate, search, etc.) Mainly a form of People's Protest, I know.

It'll be interesting to see how the Web evolves as we cut over to using devices and apps that we have less control over than our browsers. Will the Web in general go the same way as Google Reader?

ShevekMarch 25, 2013 4:53 AM

What about yacy as searching engine? (see http://yacy.net)

Yacy is a p2p searcher which is installed in own server. Its main advantage, even considering privacy, is to provide a good index of your own site or about definite topics (cryptography, security...)

IJBMarch 25, 2013 10:18 AM

I've seen a couple of plugs here for startpage.com
I had startpage.com quite aggressively take over my browsers search facilities at one point and considered malicous.

BuckMarch 25, 2013 3:10 PM

I don't know about Duck Duck Go Go. When they were a brand new company, or perhaps when there was an announcement in the business press, I did a lookup on the domain name owner. Unless I seriously screwed that up or got served wrong information, the registration I saw was for one of the big three credit bureau companies. '

But maybe I was having a weird day and my tinfoil hat wasn't correctly oriented. But there's also ixquick.com

JustinMarch 26, 2013 2:50 PM

You could look at triggering that first click (or event) manually when the user hovers over the container of the specific button

vv111yMarch 26, 2013 10:03 PM

Thank You Bruce,

Embarrassingly, it took Google cancelling Reader to wake me up from the soothing comfort of convenience

BenMarch 27, 2013 10:25 AM

These icons are using a lot of screen real estate... And, I'll never click any of them.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..