Improving the series, code & site, remove horrible trackers

[aschrijver]

As I said on another issue: I :heart: love your article series, and the real-world example it elaborates. This is constructive feedback, not criticism.

Unfortunately also real-world is surveillance capitalism, and Big Tech (read: ad-tech) domination of the (increasingly corporate) internet. As initiator and facilitator of Humane Tech Community I am advocating anyone that teaches others to adopt best-practices that do not make the current situation even worse, or better, are actual improvements.

There's two parts to this issue:

• Your website itself
• The example codebase

First something about Google. Google is an advertising agency, and all their services are ad-tech! Plain and simple. Any use of them puts security and privacy of your users in jeopardy. And encouragement to do so I consider a worst-practice / anti-pattern.

Website

• You use the worst-possible commenting system Disqus. Luckily Privacy Badger blocks it by default.
• I temporarily unblocked Google Fonts trackers. There's hardly a difference. You can use standard browser fonts, or self-host.
• Instead of Google Analytics you might use Plausible or choose from this list I maintain.

Example code

"You should not build your own authentication. Let Firebase do it for you" .. Please NO! :face_with_head_bandage:

• Delegating your auth to a surveillance capitalist Big Tech provider is a big no-no for privacy and ultimately internet health.
• Firebase is soooo convenient. It is a great service in terms of features. But what does it do in terms of ad-tech? Potentially gather a humongous amount of data from your use of the service!

There's great, test-driven, production-ready Golang OAuth2 libraries and auth provider projects, that would be way cooler to demonstrate in the integration.

[m110]

Hey @aschrijver, thank you for raising this. We share your concerns and will consider alternatives to the services we use.

In regards to Firebase, the post's title might be suggesting that we promote it as the only solution, but it's not really the case. As you probably know by now, our goal with Wild Workouts was to create a seemingly modern serverless application and show that it still can have hidden flaws. Nevertheless, we've also used tools that could be helpful for people looking to put their application on a public cloud. Since the whole project uses Google Cloud Platform, we described mostly Google's services.

As we mentioned when introducing clean architecture, we believe in designing applications in a way that implementation details are separated from the core business logic. Thanks to this, it becomes totally vendor-independent.

We plan to have follow-up posts on "de-serverlessing" the project. Replacing the authentication could be one of them. It's just implementation detail. :)

[aschrijver]

Super. Thank you for taking my feedback in consideration! Sorry for my, maybe perceived as too strong, critical stance on the use of Big Tech. But my involvement with humane technology and the things I read on Hacker News and elsewhere have me extremely worried for the future of the open internet, and the dominance and negative impact of Big Tech on global society.

[aschrijver]

FYI @m110 I just created a Stackoverflow answer where I mention Wild Workouts as an excellent example to start with DDD-wise :)