How to improve privacy with Laravel file encryption
– geisi.dev - submitted by Tim Geisendörfer
Let's improve your users privacy with file encryption without using any 3rd party packages.
Read more [geisi.dev]
Posts tagged with privacy
Why and how you should remove inactive users and teams original
There are many SaaS applications that allow potential new customers to try out the service using a trial period. Of course, not everybody will convert. After the trial period is over, some people will not use the service anymore. However, if nothing is being done about it, their email address and…
Join 9,500+ smart developers
Every month I share what I learn from running Spatie, building Oh Dear, and maintaining 300+ open source packages. Practical takes on Laravel, PHP, and AI that you can actually use.
No spam. Unsubscribe anytime. You can also follow me on X.
Developing Blocker-Friendly Websites
– tighten.co - submitted by Matt Stauffer
In the age of internet tracking, more users are turning to blocker software for protection. Sara Bin shares some tips to improve your website's UX for these users—and everyone else!
Read more [tighten.co]
How tracking pixels work
– jvns.ca
Julia Evans explains how parties like Facebook can follow you around the web.
In this post we’ll experiment a bit and see exactly how Facebook can know what products you’ve looked at online! I’m using Facebook as an example in this blog post just because it’s easy to find websites with Facebook tracking pixels on them but of course almost every internet advertising company does this kind of tracking.
Read more [jvns.ca]
These cookie warning shenanigans have got to stop
I fully agree with Troy Hunt here.
So in summary, everyone clicks through cookie warnings anyway, if you read them you either can't understand what they're saying or the configuration of privacy settings is a nightmare, depending on where you are in the world you either don't get privacy or you don't get UX hell, if you understand the privacy risks then it's easy to open links incognito or use an ad blocker, you can still be tracked anyway and finally, the whole thing is just conditioning people to make bad security choices.
Read more [www.troyhunt.com]
How to build a cookieless Laravel app
At Spatie We are currenlty building a new company website. One of the cool features is that it won't set a single cookie. In a new blogpost Dieter Stinglhamber explains how you can achieve this in Laravel.
Since May 25th you have been harassed by "We have updated our privacy policy" emails but also websites started to great you with "Please, let us and our 256 partners track you". In response to these abusive practices, some developers have decided to follow a better path, removing every cookie that is not needed.
Read more [dieterstinglhamber.me]
Redecentralising the web
On his blog [Hidde De Vries] recaps a talk by Sir Tim Berners-Lee, the inventor of the web, on redecentralising the web.
However, if we’re not careful, Berners-Lee warned, there can also be a vicious circle, a dystopian scenario. This happens when algorithms cause people to meet more people like themselves, narrows down their circle and alienates them from people who are different. Or when websites are used to harvest people’s personal data that are then used for political gain.
Read more [hiddedevries.nl]
1.1.1.1 is the new 8.8.8.8
For years I've used Google's public DNS service. It's famous IP address is 8.8.8.8. It's a resolves addresses faster that my internet provider.
Yesterday Cloudflare launched their DNS service which promises to be faster and better for your privacy. It has an awesome IP address: 1.1.1.1. Here are some benchmarks.
Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it target you with ads. We think that’s gross. If you do too, now there’s an alternative: 1.1.1.1
The announcement: https://blog.cloudflare.com/announcing-1111/
More info + how to set it up on your device: https://1.1.1.1/
iTerm2 leaks everything you hover in your terminal via DNS requests
iTerm2, a populair terminal app, contained a very bad security issue. Everything you hover over was being checked if it was a clickable url. To determine if it's a valid url, the hovered over string was being checked against DNS server. So if you hover over a password, or a secret key or whatever it sent out to the internet. Obviously this is a big problem. It's fixed in the latest version. So if you use iTerm2 and haven't updated it recently, be sure to do it now! The problem is fixed in version 3.1.1.
iTerm2's leak issue was first discovered ten months ago. iTerm2's creator initially reacted by adding an option to iTerm 3.0.13 that allowed users to disable DNS lookups. The feature remained turned on by default for new and existing installations.Dutch developer Peter van Dijk, software engineer for PowerDNS, a supplier of open-source DNS software and DNS management service, re-reported this feature and this time around, he pointed out some of the severe privacy leaks not included in the first bug report.
"iTerm sent various things (including passwords) in plain text to my ISP's DNS server," van Dijk wrote flabbergasted in a bug report he filed earlier today.
This time around, George Nachman, iTerm2's maintainer, understood the severity of the issue right away and released iTerm2 3.1.1 to fix the problem within hours. He also apologized for enabling this feature by default without analyzing possible consequences in more depth.