JSFoo 2019

On component architecture, front-end engineering and Developer Experience (DX)

Tickets

A Spy In The Battle of Privacy

Submitted by Himanshu Kapoor (@himkp) on Tuesday, 27 August 2019

Section: Full talk (40 mins) Technical level: Intermediate

View proposal in schedule

Abstract

The battle between browsers and trackers has been raging for a few years now. As a web developer, I’m all for privacy of users, the prospect of consent, and protecting the data of users and not sharing it with unauthorised third parties. But also I’ve had experience working for the other side. As a JavaScript developer who has developed and worked on solutions to circumvent anti-privacy rules implemented by browsers, I couldn’t help but feel like a spy in this big battle of privacy. It’s a cat-and-mouse game, where browser vendors and trackers step up their game in each iteration.

Outline

The battle between browsers and trackers has been raging on for several years now. As a web developer, I’m all for privacy of users, the prospect of consent, and protecting the data of users and not sharing it with unauthorised third parties. But also I’ve had experience of working for the other side. As a JavaScript developer who has developed and worked on solutions to circumvent anti-tracking rules implemented by browsers, I couldn’t help but feel like a spy in this big battle of privacy. It’s a cat-and-a-mouse game, where browser vendors and trackers step up their game in each iteration.

In this talk, we discuss what goes behind the scenes when you click that little checkbox that says “I agree to the terms and conditions” of using a website. GDPR laws and active measures taken by browsers have made things a little better, but we still have a long way to go. I will talk about how you are being watched on the Internet, how every little mouse movement and every little keystroke is tracked, and where all that information goes, other than your target website. Clear your cookies, clear your cache, use private browsing — do whatever you want — they still know who you are. If they don’t, they will lock you behind a paywall.

Finally I will conclude with a few tips and tricks of keeping yourself and your data safe, especially the data is sensitive to you, like credit card numbers and passwords. And some other things like opting out of tracking, using browser plugins to block ads and trackers, fighting spam, identifying phishing attacks and using multi-factor authentication. This battle is far from over, and will rage on for years. But, for now, if some of us folks can “opt out” of it, let us do that.

Speaker bio

Himanshu is currently a Senior Frontend Engineer at GitLab Inc. He has been writing JavaScript since it was popularly known as DHTML and had an alternative language VBScript to code in. He has written server-side JavaScript with classic ASP, Windows Scripting Host (WSH), HTML Applications (HTA), and more recently in the browsers for large-scale applications and on the backend using Node.js.

In his spare time, he likes to create video games. He created Sheeping Around — a multiplayer card game about grazing and stealing sheep. He also likes to do illustration and travel to places.

Links

Slides

https://docs.google.com/presentation/d/1OvJ6CMO1f8ft3MsvNc2dZ8_TJZfVo-x2UVN_FHTdfOg/edit?usp=sharing

Comments

  • Zainab Bawa (@zainabbawa) Reviewer a month ago

    Thanks for an excellent rehearsal, Himanshu. Recapping the feedback here:

    1. Focus on the technical aspects to satisfy the intellectual curiosity of JSFoo participants.
    2. To this end, focus on finger printing, Safari TCP and third-party cookies. These are the interesting parts of the talk for JSFoo. Share visuals/diagrams and go deep dive technically.
    3. Provide more technical details and what is state of the art in tracking. Leave out the details on basics such as the cookies part right in the beginning.
    4. Include more images. A simple demo can be created using third party services.
    5. Safari access is a very interesting development. Show an example diagram and go deep dive.
    6. Drop the social engineering part of the talk completely.
    7. Benefits of the tracking can also give you performance gains. This could be also be highlighted. Maybe add something around server-side tracking.

    On the presentation and slides, the specific feedback points were:

    1. Speak in a conversational tone.
    2. Reduce text on slides. Too much text is on the slides. Reduce text on slides and add more in the notes. Otherwise audience will end up reading instead of listening to the speaker.
    3. No more than 3 bullet points per slide.
    4. Add more visuals.
    5. Keep speaker notes short, and to the point of providing you with cues rather than a script.

    Share link to your revised slides by 22 September.

  • Zainab Bawa (@zainabbawa) Reviewer a month ago

    Thanks for the second rehearsal, Himanshu. Here is the consolidated feedback:

    1. Move Part 3 of the current flow to Part 1. First showcase what is the problem. The explain why is this a problem (where the tracker comes into the picture). Then show how the browsers fall into the picture, and finally what you – the participant – can do?
    2. You can relate a couple of other things in terms of what people face time and again. For example, surge pricing because of tracking. Show people these real life examples – things that can be done with data.
    3. Attribute sources in your slides.
    4. Add some of the links and resources to the links section on your proposal page.

    Visually, in general, keep the amount of text on your slides less so that audiences don’t read the slides instead of listening to you.

Login with Twitter or Google to leave a comment