Pinned toot

I forgot this convention when I first setup my instances (though I'm also not sure of the reach on a single user instance).

I develop privacy features for Cliqz and Ghostery browser extensions and Apps, and helped to build the transparency tool.

I'm also interested in the p2p web, specifically DAT, where I'm pushing for dat:// protocol support in Firefox via the dat-fox and dat-webext browser extensions!

Fun find today: we were getting errors from our code only in Firefox dev edition and up, and also only when the devtools were opened. So obviously I had to make a page that detects when the devtools are opened or closed!
(open in FF dev edition or nightly)

Bugzilla ticket is open:

Nice writeup by @darius about Dat, SSB, and ActivityPub and how they can learn from each other:

Indeed, my post-standardization of ActivityPub work (on Spritely) has largely been about exploring similar thoughts! See also the @librelounge episode with @joeyh where we talk about Secure Scuttlebutt (esp in relation to ActivityPub)

And yes, Firefox is still fighting a huge uphill battle against Chrome interop, and I have no idea how they're even able to keep their heads above water. They need all the help they can get, because they're battling stupid bugs like this every single day.

WebKit (Safari) is no less amazing for the comeback they've pulled off in the past few years, although they have fewer interop pressures. Web devs make sure their sites work in Safari, because the CEO has an iPhone.

Anyone know of a collated list of sites broken by firefox/tor's first party isolation?

Had a very interesting chat today with Sebastian from Mozilla who's working on their android components project:

If you want to make a browser for android, this is the place to look. Well written, well-tested, modular and composeable components covering all of the different parts of the browser. This will make making browsers and browser-like apps much easier!

"Why should I use a Reverse Proxy if Node.js is Production-Ready?" by Thomas Hunter

Really well-written and interesting post. I appreciate it has a benchmark to back up the performance argument.

Thank god the entire industry hasn't decided to revolve around Blink/Chromium for 95% of the web's browser traffic, or else Google would have an unlimited ability to push forward whatever bullshit standard they wanted.

Wait hold on, my producer is telling me something [places finger on my ear piece]

Oh no.

Been writing up how basic Dat support is implemented in Firefox with dat-fox:

Next post will be how dat-webext fixes all the shortcomings that dat-fox has!

“These companies are unavoidable because they control internet infrastructure, online commerce, and information flows. Many of them specialize in tracking you around the web, whether you use their products or not. These companies started out selling books, offering search results, or showcasing college hotties, but they have expanded enormously and now touch almost every online interaction. These companies look a lot like modern monopolies.”

DatArchive support is also included, so Dat applications like Solo also work: dat://6af095e72edd6d729bad712ff545c25030111f0c72acf569955939351879f5be/

New milestone - beta build of Cliqz browser with dat:// support built in! Dat urls load natively using the dat-webext extension.

Great news, I've got a #dat archive explorer app sketched out and working with dat-gateway.

Bad news: It only works when debugging remotely and freezes up.

Worse news: I can't debug it since attaching the debugger changes the JS engine that's being used. 😂

That feeling when an awesome idea gets shot down because of limited browser APIs. Sigh.

Fuck reCaptcha.

I am sick of doing unpaid labour classifying images for Google.

We need a captcha widget that contributes to the global commons instead of siphoning value into yet another proprietary lockbox.


HTTP requests to are rejected with 502 Bad Gateway if the User-Agent string contains any case variation of "X11; Linux".

That said, I wanna compile a lil' list of people working on #Dat / #IPFS technologies.

I know @aral's working on it as part of Hypha and @darius plugged me to probably the best guide I've seen.

Who else is out here for the distributed Web / #dweb?

The performance has been shown not to hold for adblocking extensions (, and there are many other problematic webextension APIs w.r.t. privacy.

The solution to these issues should be institutional, not technical. Google should impose performance constraints on extensions, and audit what data extensions are sending home. However, looking at the rampant malware on all their stores, this is something they're unlikely to do, so instead they'll nerf extension's capabilities.

Disagree with this article's thesis that the Webextension webrequest API should be removed.

By moving to a declarative blocking API you are limiting the possible ways for extension to function to blocking and redirecting. This is a very narrow use-case, based on the current prevalence of blocking extensions.

But this is not the only way to solve problems such as blocking ads and improve privacy, as shown by privacy badger and Cliqz' tracking protection.

Show more
Mastodon is one server in the network