Athari / CssGitHubWindows

(UserStyle) GitHub Windows Edition [MIT]
MIT License
941 stars 33 forks source link

Remove Stylish Backlink #1

Closed Spriithy closed 6 years ago

Spriithy commented 6 years ago

Hey there,

As you might probably have seen, Stylish has been removed from Chrome and Mozilla extensions market due to private data exploitation. It would be both logical and of good tone to suppress the backlinks to it you provide in the README file.

Thank you very much in advance ! And grat's on the job

Athari commented 6 years ago

The likely turn of events is that Stylish's current owner will remove URL spying and the extension will be back in the markets. Therefore, most users won't even notice something happenned. As much as I would like to make people switch over to Stylus, it's unlikely to happen.

I can't ignore the fact that Stylish is far more popular than Stylus and its users won't change their extensions and convert all their user styles (a lot won't do that even after hearing the news). As such, I don't want to limit the availability of the user style.

If you want to promote Stylus and discourage people from using Stylish, I would suggest to go to more popular repositories for user styles which can afford forcing people to switch.

That being said, if Stylish remains unavailable in the markets, I'll eventually remove the links. I just consider this highly unlikely.

duraki commented 6 years ago

Jesus Christ. That attitude surely won't help users to move to Stylus.

nukeop commented 6 years ago

They've already made a pinky promise a while ago not to spy on their users. Guess what, they did it again, and they will do it again in the future, as soon as they think that the dust has settled. Stylish has made it abundantly known that it's hostile to users and now exists only as a vehicle for delivering spyware scripts to browsers.

frob commented 6 years ago

I was about to share this repo as a fun little joke, but this is no joke. I came the issues to create an issue to remove this only to find this. Really disappointed. The links should be removed. If this was the first time Stylish did this then maybe I would say that the commit that removed them should be reverted, but spying on users is obviously why the plugin was purchased in the first place.

frob commented 6 years ago

Rather than just complaining about it. Here is a PR that does it.

Athari commented 6 years ago

(Copy of the mesage from the pull request #8.)

@frob You removed not only Stylish extension install link, but perfectly safe and useful UserStyles.org link. As far as I know, UserStyles.org still doesn't have a viable alternative and is supported by all user style extensions, including Stylus. UserStyles.org went from bad to terrible, which is unfortunate, but it's still a valuable source of user styles and it can't spy on your browsing history itself.

Furthermore, UserStyles.org provides a UserJS version of the style which can be installed with TamperMonkey on browsers like Edge which support no UserCSS extensions. As such, you reduce availability of the user style even for users who don't use Stylish, while not improving safety.

While I agree with the "fuck Stylish" sentiment, it's unreasonable to expect every user to care about privacy (SimilarWeb did nothing which Google doesn't do every single day — people got accustomed to this bullshit, unfortunately), it's impractical to require every user to migrate to another extension right away, and it's excessive to extend hate to the UserStyles.org website.

So, what I'm going to do instead, is to remove the links to install Stylish (they still don't work anyway — my assumption that this will be resolved fast was wrong apparently), make the suggestion to migrate to Stylus stronger (as if it wasn't already) and add a big warning into the Stylish instruction section. I think this achives both our goals better that pure removal of links — more people will be aware of what happenned to Stylish and availablity of the user style won't be harmed.

frob commented 6 years ago

You removed not only Stylish extension install link, but perfectly safe and useful UserStyles.org link.

That was unintentional, sorry I was in a hurry.

it's unreasonable to expect every user to care about privacy (SimilarWeb did nothing which Google doesn't do every single day.

This is blatantly incorrect. Google has built opt-in services and products that collect data. But they are opt-in and they are published by Google --a company that is known for this. SimilarWeb is a company that most people have never even heard of that purchased a large userbase and started to collect data on those people without their knowledge. Please understand, collecting data isn't the problem; collecting data without telling people is the problem. Most people didn't even know that the extension was sold/purchased let alone that the extension was updated to collect data. Lastly, Google doesn't sell your data, they sell services that use your data. There is a big difference.

Athari commented 6 years ago

@frob

This is blatantly incorrect.

In a perfect world where every promise is kept, yes. In reality, no. "Opt in" you or not, Google will gather all the data it wants whenever it wants, and that data can be used against you. SimilarWeb may be shady about its practices, but at least it's sencere in what it wants — money. Google, on the other hand, pretends to be a good company, but you never know what happens beyond the closed doors. I don't have any reason to trust it.

Lastly, Google doesn't sell your data, they sell services that use your data. There is a big difference.

I don't see much difference between a burglar selling stolen things himself and the one selling to a middleman.

nukeop commented 6 years ago

"Opt in" you or not, Google will gather all the data it wants whenever it wants, and that data can be used against you.

In Europe, not so since 26/05

frob commented 6 years ago

There is a difference between gathering data for sale and gathering data for use.

Imagine company A has a system that gathered user analytic data for use in A/B comparison for UX studies.

Imagine company B has a system that gathered user analytic data for sale to highest bidder.

Company A uses that data to create better products that it sells. Company B uses that data as a product that it sells.

I don't see much difference between a burglar selling stolen things himself and the one selling to a middleman.

Neither company is stealing data, they are both offering a service for free in exchange for the users data. If it isn't open source, and it is free, then the user is likely the true product.

Athari commented 6 years ago

@frob

There is a difference between gathering data for sale and gathering data for use.

No.

In both cases, my data is gathered and is used to sell me something.

Google is like an oil well company owning an oil refactory. Vertical integration. Makes things more efficient, but the result is the same.

Neither company is stealing data

Mere choice of words. Both companies get data I don't want them to get. Ergo, both are assholes.

I don't care about my privacy enough to inconvenience myself with not using Google/Facebook/whatever accounts which became pretty much mandatory nowadays, but it doesn't mean I consider this a good practice and consider these companies good.

Athari commented 6 years ago

@nukeop

In Europe, not so since 26/05

Google just won't say you about that. You do realize that in Google Analytics, for example, any website owner is free to choose whatever data retention settings they like?

nukeop commented 6 years ago

They are subject to inspections and huge fines in the event of non-compliance.

duraki commented 6 years ago

Google/[...] which became pretty much mandatory nowadays

Mandatory, as in following the cyberlaw? It's unforgivable to steal, yet sales goes up [for them]. But public opinion is pretty straight forward towards privacy. As an open-source community we should strive to support those who protest and not of those who oppress.

Do you not wonder why so many OSINT are not being open-sourced publicly? Ethics defines boundaries between your heart and morals. Interesting enough, approach of newage is seen in various aspects of life, so aren't we the smartest of our kind?

In other words, you have a project that has been starred for quite a lot, an interesting project per se; but don't use the fame to lame. Consent is from you, but avoid my circle.

It's in human nature, the likeness of protected nation (a & p).

Athari commented 6 years ago

@nukeop

They are subject to inspections and huge fines in the event of non-compliance.

Yeah, sure, somebody is totally going to confiscate Google servers and find data which is stored for 1 minute longer than required. Even if that happens, Google will just say that it's a technical limitation, they aren't actually using this data or something like this.

When someone is fined for configuring Google Analytics to ignore data retention laws, let me know. 😁

@duraki

Mandatory, as in following the cyberlaw?

Google is mandatory as in "pain in the butt to use modern Web without it". I, as a geek, can kinda survive Stallman-way if I decide to. Most people can't. They're forced to sell their privacy. This is unhealthy.

But public opinion is pretty straight forward towards privacy.

Only if it's free. If they're paid $10 for their Facebook credentials, they give them way without second thoughts. Nobody is "against" privacy, most people just don't care.

nukeop commented 6 years ago

They, along with some other companies, were already sued for violating GDPR. The regulation has teeth, and they can't afford ignoring it, 4% of annual revenue is way too much for them. They were already fined by EU in the past and there are anti-trust proceedings against them going on now. If they were found to violate another regulation recklessly, the EU would make sure to make an example of them.

frob commented 6 years ago

A gathers my data ➡ A sells data to B ➡ B uses data to sell me something A gathers my data ➡ A uses data to sell me something

@Athari, here is the difference --and it has nothing to do with selling me something. I give my data to company A and it keeps my data and doesn't give it to anyone with enough money to purchase it. If I give my data to company B, it sells my data to someone else and I have no control over who owns my data after the sale.

This is why Facebook got into so much trouble over Cambridge Analytica. Everyone knew that Facebook was collecting their data, what wasn't apparent to most people was just how frivolous it was with the data.