Saptak's Blog Posts
Making my first OnionShare release
Posted: 2024-02-29T18:11:14+05:30One of the biggest bottlenecks in maintaining the OnionShare desktop application has been packaging and releasing the tool. Since OnionShare is a cross platform tool, we need to ensure that release works in most different desktop Operating Systems. To know more about the pain that goes through in making an OnionShare release, read the blogs[1][2][3] that Micah Lee wrote on this topic.
However, one other big bottleneck in our release process apart from all the technical difficulties is that Micah has always been the one making the releases, and even though the other maintainers are aware of process, we have never actually made a release. Hence, to mitigate that, we decided that I will be making the OnionShare 2.6.1 release.
PS: Since Micah has written pretty detailed blogs with code snippets, I am not going to include much code snippets (unless I made significant changes) to not lengthen this already long code further. I am going to keep this blog more like a narrative of my experience.
Read moreGoogle Open Source Peer Bonus Award 2023
Posted: 2023-04-20T13:02:22+05:30I am honored to be a recipient of the Google Open Source Peer Bonus 2023. Thank you Rick Viscomi for nominating me for my work with the Web Almanac 2022 project. I was the author of Security and Accessibility chapters of the Web Almanac 2022.
For the last year, I have started to spend more time in contributing, maintaining and creating Open Source project and reduced the amount of contracts I usually would do. So this letter of appreciated feels great and helps me get an additional boost in continuing to do Open Source Projects.
Some of the other Open Source projects that I have been contributing and trying to spend more time on are:
In case someone is interested in supporting me to continue doing open source projects focused towards security, privacy and accessibility, I also created a GitHub Sponsors account.
Progressive Enhancement is not anti-JavaScript
Posted: 2022-05-21T02:18:32+05:30Yesterday, I came across a tweet by Sara Soueidan, which resonated with me. Mostly because I have had this discussion (or heated arguments) quite a few times with many folks. Please go and read her tweet thread since she mentions some really great points about why progressive enhancement is not anti-js. As someone who cares about security, privacy, and accessibility, I have always been an advocate of progressive enhancement. I always believe that a website (or any web-based solution) should be accessible even without JavaScript in the browser. And more often than not, people take me as someone who is anti-JavaScript. Well, let me explain with the help (a lot of help) of resources already created by other brilliant folks.
Read moreThere is a lot more to autocomplete than you think
Posted: 2022-05-08T16:00:45+05:30Anyone who has dealt with <form>
tag in HTML might have come across the autocomplete
attribute. Most developers just put autocomplete="on"
or autocomplete="off"
based on whether they want users to be able to autocomplete the form fields or not. But there's much more in the autocomplete
attribute than many folks may know.
Opting out of Google FLoC network
Posted: 2021-04-19T15:56:31+05:30Recently, Google announced their new ad-tracking and surveillance tool called Federated Learning of Cohorts (FLoC). This is a new alternative to the third-party cookie tracking that is otherwise widely used for advertising business.
EFF has written more about the issues with using Google FLoC and also created a website where you can test if you are already a victim of their FLoC tests.
Google will track any user visiting your website even if it doesn't have Google analytics or any other services related to Google. One easy way for users visiting websites to opt out of this is to not use Google Chrome and use browsers like Firefox, etc. However, website maintainers can also help against this new tracking technology by opting out of the FLoC network.
Permissions-Policy Header
So the main way of opting out of this surveillance technology is to add a HTTP response header to their websites.
The HTTP response header is
Permissions-Policy: interest-cohort()
The FLoC technology uses interest-cohort to check for an allowlist. By default, everything is allowed as long as the user is visiting from a browser which supports InterestCohort API. However, by mentioning interest-cohort()
in the Permissions-Policy header, the website is opting out from allowing any origin (including the current page) from being tracked using FLoC. Hence the FLoC feature is turned off for the website, even if the user is visiting your website from a Google Chrome browser.
NGINX
To add the above header, go to your nginx configuration file and add the following inside the server block:
server {
...
add_header Permissions-Policy "interest-cohort=()";
...
}
If you have different nginx confs for multiple websites running via nginx, you have to do the above in all the server blocks or nginx configuration files.
Then run nginx -t
to test that everything is correct in your updated nginx configuration.
Then, restart nginx by running the command service nginx restart
(or any other command that you might use based on your OS to restart nginx)
If you are using any other web server or proxy server, you can check this link: https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network