DEV Community

loading...

Is your utility tracking you?

kodekat profile image KodeKat Updated on ・3 min read

I received a user request recently to add a new field in the Buku sqlite database to store the date of addition. I declined it immediately citing the stated strategy of the utility not to track user data (like my other utilities). No, it doesn't want to record that during your last official trip you had been visiting adult sites extensively and let someone sort your stored bookmarks by date and get the information handed out for free.

When we install and use a new software, it's important to know what it does with your private information. There's a great advantage of using free and open source software here because one can audit the code. If we don't do it we may be regularly using software which track our footprints continuously with or without our knowledge or without the correct configuration not to track sensitive data though there are provisions to do that. Note that the continuously is important. As human beings, we will surely lose track of what we are allowing the software to record at some point. That doesn't stop the software recording in the background.

Some examples:

  • A popular software that speeds up file searches on *nix - locate. I've seen people use it extensively. locate generates a database of your files and most users install it but don't configure which paths it scans. The same goes for GNOME tracker.
  • Software that track navigation frequency to take the user to the right directory and simplify navigation.
  • Many popular shells record successful command history (e.g. bash, fish) and users seldom remember to add a space in front of the sensitive commands they run so they don't get history-ed.
  • The first thing many multimedia players do is to scan (auto or with user input) and create a library of your media files. To my horror I discovered one day SMPlayer adds tracks to a playlist by default I never knew existed. So it's possible the last movie you download from torrent is written right there!
  • Bookmarks added in browsers.

The information these utilities store can compromise us any day if we don't choose and configure them carefully (for utilities which offer config options)! We lost the luxury of wiping disks easily when SSDs became popular. What used to be so easy on HDDs is not possible on SSDs because they don't store data the same way HDDs do. Overwriting doesn't work. Secure erase is an option but doing it frequently may reduce the life of the SSD.

It's extremely important to carefully choose software we use daily - tools that respect your privacy. Personally, I am very particular about using software which don't track what I have on my drive, my activities and usage patterns. I don't like to spend time on configuring utilities so by default zero-tracking software is the sanest for me. I also use a high-speed SSD drive on my laptop so speed in not an issue. Here's what I use to handle the above use cases I mentioned:

  • nnn plugins fzopen and fzcd to locate a file in the dir subtree
  • Bookmarks in nnn to jump to frequently used directories. nnn is also great in simplifying navigation.
  • I was a fish shell user for years. I've recently moved on to vanilla sh shell which doesn't have history storing capabilities. If I use a command frequently I add it as a custom plugin in nnn to work with the current filename and dir.
  • MOC doesn't generate any library. You can play a single file or add multiple to it. You can mocp -c to clear the playlist.
  • Buku for web bookmarks.

Which utilities do you prefer to retain control on your privacy?

Update: raised a request for software privacy-awareness-level badges here: https://github.com/badges/shields/issues/4366

Discussion

pic
Editor guide
Collapse
p0oker profile image
Pooria A

Good call, wished there was a badge like a privacy score that we could see on every OSS product we use. So the better the privacy of the user, the badge would show a higher score.

Mozilla is doing it the other way by introducing products that are not privacy friendly but I think that's not the way.

Collapse
kodekat profile image
KodeKat Author

I can in fact discuss with the badge guys if they can come up with a tracking related badge.

Collapse
p0oker profile image
Pooria A

I think it should be done through manual code reviews and it's costly.

Thread Thread
kodekat profile image
KodeKat Author

and it's costly

true but maybe not as much as your privacy

Thread Thread
p0oker profile image
Pooria A

I mean economically OSS projects can't afford to pay a professional group to review their code for a badge.

Thread Thread
kodekat profile image
KodeKat Author

That's true.