You have arrived at traas.org—the personal home page of Aaron Traas.
Aaron is a Catholic software engineer with an intense passion for gadgets,
open source software, food, music, theology, and philosophy.
If you wish to find more about the commercial projects Aaron has worked on in
recent years, please visit the portfolio page. If you are
looking for a great solutions-oriented, client-facing technical lead for your
agency, please take a look at Aaron's online, responsive HTML5
résumé, and then send him an email if you
like what you see.
If you want to know Aaron's musings and opinions about many things (mostly
phones and computers), you are invited to read his blog below.
Shortly after I put up the post "Ad-blockers are not evil"
where I lambasted publishing sites and ad networks for tracking their users
across the Internet, I realized that I was running Google Analytics. I got
into the habit of adding Google Analytics to every site I build just because
that's what my clients want. In a lot of cases, it really does make sense,
such as if you're serving ads on your site, or need to generate certain kinds
of reports.
Traas.org, however, doesn't have those needs. So I'm tracking you and your
usage for no reason. I promptly removed the GA tracking code on 9/16/2015,
and am now just relying on Apache's logs for metrics.
As of today, I've also removed the use of third-party CDN hosted Javascript,
CSS, and fonts. Everything is now served from Traas.org's servers. For full
transparency, I am using CloudFlare as a caching
proxy and CDN, but as everything is served up from my domain, I feel a lot more
comfortable with that.
See the new traas.org privacy policy for more info.
Let me know if there are any other steps you think I
should take to maximize user privacy.
Most websites with ads suck. Modern ad-supported sites offend as much as
pop-unders in the early 2000's. Between full-page takeovers,
fixed-position share links that take up 1/8 of the screen on mobile phones,
auto-playing videos, slow, un-optimized JavaScript from ad-delivery and payloads
in the 10's of megabytes, horrendous privacy violations, and
ad networks that serve up malware, the web has never been worse.
Unless you run an ad-blocker, which makes browsing the web painless.
But then some would make you feel guilty for "stealing" free web content. But is
it really stealing?
No. Why? Because this is the open web. The purpose of the web is that you, the
user, get to consume content in any way you want, and if the creators didn't
want that, they have alternatives.
Free content is a choice
Making content freely available is a strategic choice by the creator. Using
advertisements for monetization is another strategic choice. In the former case,
the user gains value, while in the latter, the user experience is degraded.
Neither are strictly necessary.
Some creators choose alternative business models that either do not include free
content or do not include traditional advertising. Two case studies:
1) DaringFireball.net: blog of John Gruber, a popular and snarky Apple
pundit. His site is successful and influential, and has no ads. He does sell
sponsorships, which appear as native posts on his page and in his feed.
2) Stratechery.com: deep tech business analysis by Ben Thompson.
He offers a combination of free weekly articles and a paid subscription
for additional daily writing.
These are two examples in a large field of possibilities. Free content with
ads is not the only possible business model.
Turnabout is fair play
There are multiple ways to detect and
block users that have ad-blockers. Creators have had the option to
thwart ad-blockers since the first Firefox plugins became available. The
majority choose not to block the blockers as a strategy, because the loss of
those users would be a greater blow overall, and blocking the blockers is seen
as an aggressive stance by many users.
That being said, the creators are free to either block the blockers or serve
alternative content to them, but they choose not to.
Ad networks and privacy
The greater issue for many users, myself included, is tracking. Most ads come
from a small number of ad networks which are present on many different sites.
These networks track your usage, so that if you are looking at a product on one
site, you'll see advertisements for that sort of product on many other sites
across the web.
The ad networks track users invisibly and without the user's consent. The
content producers argue for the legitimacy of this tracking, because it is part
of the implicit contract between a site creator and its users. That's a load of
crap. The common user doesn't have the technical education to understand what's
happening behind the scenes. And even if they are sophisticated enough to block
third-party cookies, that doesn't prevent browser fingerprinting,
Flash-based super-cookies, use of the new HTML local storage
API, etc., which are all much more sophisticated, complex, and
hard to prevent.
The way the open web is supposed to work
This is going to get a bit technical; I want to explore the role of the web
browser with respect to content on the web.
A web browser is an HTTP-enabled user agent that renders HTML, CSS, and
JavaScript content into a form that the user can understand, read, and interact
with. According to RFC 1945: Hypertext Transfer Protocol &mdash
HTTP/1.0 defines the user agent as:
The client which initiates a request. These are often browsers,
editors, spiders (web-traversing robots), or other end user tools.
A user agent is any program that interprets a document written in the
document language and applies associated style sheets according to the terms
of this specification. A user agent may display a document, read it aloud,
cause it to be printed, convert it to another format, etc.
Traas.org on a browser that doesn't support CSS and JavaScript
In other words, the browser is a virtual "agent", or piece of software that
performs tasks on behalf of the user. The agent's decision to not render certain
HTML elements or execute certain pieces of JavaScript can be a positive
thing. The browser makes all sorts of decisions on what to render based on the
user's needs, such as hiding elements in responsive web sites when the viewport
is too small, or downloading higher-DPI assets for higher-DPI screens.
Some user agents aren't capable of viewing modern ads. If a user of
NCSA Mosaic browsed a site containing HTML5 banner ads in an
iframe using ad-network supplied JavaScript, the ad would not render, as the
browser does not support any of the technology mentioned. It would likely render
the content from many sites, but it would fail at serving ads.
The inability of a user agent to implement part of this specification due to
the limitations of a particular device (e.g., a user agent cannot render
colors on a monochrome monitor or page) does not imply non-conformance.
UAs must allow users to specify a file that contains the user style sheet.
UAs that run on devices without any means of writing or specifying files are
exempted from this requirement.
The user agent MUST provide ways for users to override the entirety of the
styles on a web site! That is necessary for standards compliance! This
puts an onus on the users' ability to choose which content to display and how.
Conclusion
The user chooses a user agent to decide on his behalf what content and
functionality he wishes to prioritize. This could be a browser with an
ad-blocker, a read-later application, a text-based web
browser, an RSS reader that supports "mobilization" of content,
or any number of other configurations. These are all fine. You don't need
"adblock absolution." If a creator puts his work on the open web,
making no effort to restrict consumption, you are under no obligation to view
the ads on the site, submit to invisible tracking, or consume the content under
any condition other than your own. Conversely, the creator is free to block
ad-blockers, put content behind a paywall, ask users for donations, etc.
Rackspace's Managed Cloud page viewed through the pinnacle of human achievement
The popup blocker did not doom commercial web ventures. Advertisers moved on to
ads that users found less objectionable. which adblockers (currently) can't
target Certain classes of ads, such as sponsorships and native advertising,
These are less obnoxious, and some studies say are more effective.
Finally, without the freedom to modify the way web content gets displayed on
your browser, the world would never have the best browser plugin ever:
Cloud to Butt Plus.
Today, I'm free from Blogger. No longer must I maintain the nasty hacks that
make blog.traas.org work. I'm free.
As I mentioned in a previous entry, I'd like to reduce my dependency
on Google Apps. Writing a static blogging engine took longer than I thought.
Actually, I finished the code months ago, but I was too lazy to clean up the
garbage code that Blogger's editor generated and convert into
Markdown.
The thing that finally got me off my butt was some weird server flag that caused
a recent build of Chrome to try using HTTPS with *.traas.org, whilst Blogger
does not support HTTPS.
If you subscribe to my RSS feed, nothing should change. The redirects should
just work for you. Cacheing is slightly wonky, with my application cache, server
cache, and CDN often acting strangely with each other.
Also, the convention common on static Markdown blogs of adding '.md' to the page
URL listing the Markdown source is implemented here.
It sounds innocuous and even helpful. If you use both Gmail and Google+, people
who can see your Google+ profile will soon be able to email you directly from
your profile. It's handy, because you don't need to manage your own list of
contacts; if you can encounter the person on Google+, you can send them a
message.
Some people have objected on basis of privacy violations:
This is a fucking mess. Google just made it really easy for strangers to email
you https://t.co/uX4gQHmr3i
This is my primary objection to Facebook, and why I've refused to use it as a
medium for communication: it has become the primary mode of exchange between a
large percentage of people. To many friends and family, Facebook is the
Internet, and they never leave it's walled garden. They coordinate events and
meetups exclusively on Facebook, and thus people without a Facebook account are
barred from entry into these events. I literally haven't heard from many of
these people in 6 or more years; they no longer use email or SMS.
I'm not arguing that de facto protocols should never change, be augmented, or be
replaced. I argue that the primary channels of communication must remain open.
Facebook is not Open. Google+ is not open. I cannot make an implementation of
Facebook myself, and communicate with Facebook via published protocols. Google+
is no different. Gmail, a proprietary product that adds functionality on top of
email, enables me to communicate to users of Hotmail, Yahoo Mail, or any other
service that implements the Simple Mail Transport Protocol defined in RFC
821 in 1982. But if Google is trying to
direct people away from using email addresses, and instead make Gmail the
messaging tool for Google+ users, I want out.
This is going to be a long process. I rely on Gmail for all https://traas.org
email for my family. I rely on Google Calandar to keep my family organized. I'm
using Blogger to write this blog post. I use Google+ to complain about gadgets.
I use Google Drive to store and edit documents and notes. I use Google Voice to
have a portable phone number and voicemail that isn't crap. I buy a new Android
phone every year.
Google+ and Blogger will be the first to go. I've already disabled the Google+
comments on this blog. I'll be looking to migrate to something Python/Markdown
based for blogging. On Google+, I will remove all my circles and posts. I will
use it as an identity to improve the SEO of my website, and nothing more.
I won't be leaving Android, because there is no other open-sourced mobile OS
that's gained any traction. I will minimize my use of Google services on the
platform, to aide in my ability to switch to a different platform if one arises.
iOS is not an option for me. I find the walls of its garden too high.
Gmail will be tough. Real tough. It offers a number of features that are
non-negotiable, including great filtering, labels instead of folders, two-factor
authentication, and first-class Android and iOS apps. I don't know what I'm
going to do here. I'd like to switch to something that makes PGP easier, if
possible.
I'm not surprised. Google canned XMPP support when they rebranded Google Talk as
Hangouts. I understand extending the protocol to add capability; that's healthy.
But not maintaining compatibility with a protocol used by a lot of platforms and
blessed by the IETF as a mechanism of interchange between instant messaging
frameworks is negligent at best, and hostile at worst. I accepted, once they did
that, that they would eventually cross one line too far.
Shortly after I put up the post "Ad-blockers are not evil"
where I lambasted publishing sites and ad networks for tracking their users
across the Internet, I realized that I was running Google Analytics. I got
into the habit of adding Google Analytics to every site I build just because
that's what my clients want. In a lot of cases, it really does make sense,
such as if you're serving ads on your site, or need to generate certain kinds
of reports.
