Developing a tool to check if a website is 'OK'

All,

we (nestor.coop) are working hard to find non-tech partners to promote libre and privacy respecting tools. One of the concepts that came out of this was to create a site/tool that

  • can check whether a website uses any kind of technology that endangers privacy (ranging from google analytics/fonts… to CDNs to hosting platforms…)
  • provides information for website owners on how to solves these issues and of course basics about privacy

The basic idea is that this way non-tech people can put pressure on website owners (including government) and website owners can put pressure on their developers to transform existing websites or implement good practices in new projects.

We are talking to several partners in civil society about a collaboration on this project, but I would love to hear your feedback on this idea in the meantime.

Technically the basics would be that we process the site, check the loaded resources and cookies and then perform a check against a set of rules. We have a very basic proof of concept for the first part but need some serious think about what this set of rules could look like.
And of course any other thoughts are welcome too.

Thanks!

2 Likes

You could probably apply to NGI0 PET for some funding.

It’s a bloody good idea!

Just thinking out loud: the core of what you’re suggesting is quite simple - a program which sucks down the entirety of the website site and trys to match against the text in it. That suggests a “pluggable” approach for the rules, no? Different communities will consider content differently beyond the “core” rules. You might consider a “rules interface” which allows people to program against it. This might save you practically if you’re interfacing with multiple organisations who can’t agree that “No Google” is not a hard and fast rule (should be!). That way, you can still cater to their needs but provide a tool that the community can then run with afterwards and implement the no surveillance capitalist ultra rule set!

:slight_smile:

Nice initiative!

1 Like

the idea would indeed be that we use flexible set of rules and probaly the administration of these rules will be a continuing work. As we see it now the interface would return feedback on the rules it uses and why we consider that important.
For instance: this site uses google products and we consider it as ‘not respecting privacy because Google is a dirty company’ (the wording might not be definite yet :slight_smile: )

2 Likes

The approach reminds me a lot of what Exodus Privacy is doing for Android.

There’s surprisingly little code in that domain, e.g., UpdateScanner, a Firefox extension, and probably some specialized code in Nagios.

@stijn what’s your plan in terms of licensing, programming language, means to do it… Also, given the absence of real competition in the free software world (I guess you have done a more thorough research than I just did), you might want to apply to NGI0 Disco as well at some point.

@how, the idea is of course to publish as libre software, but right no concrete idea on what the steps will be: how far do we want to develop before publishing libre. Probably timing will also depend on the partners we find.

Release early, release often.

First commit should be the README. Second commit the License, with the name of the license as commit message. That way it’s always clear what you’re dealing with. I can’t see why you would not publish your very first commit as free software. You can use branches if you want to be able to maintain a clean master branch.

But even before that, you can specify the kind of checks and workflows you want to implement so we can bikeshed a little and tease people into action. :slight_smile:

What you plan sounds a lot like webbkoll. Its source is distributed under MIT-License.

1 Like