Saptak's Blog Posts

Google Open Source Peer Bonus Award 2023

Posted: 2023-04-20T13:02:22+05:30

I am honored to be a recipient of the Google Open Source Peer Bonus 2023. Thank you Rick Viscomi for nominating me for my work with the Web Almanac 2022 project. I was the author of Security and Accessibility chapters of the Web Almanac 2022.

Google Open Source Peer Bonus 2023 Letter. Dated April 19, 2023. Dear Saptak Sengupta, On behalf of Google Open Source, I would like to thank you for your contribution to 2022 Web Almanac. We are honored to present you with a Google Open Source Peer Bonus. Inside the company, Googlers can give a similar bonus to each other for going above and beyond, so this is just a small way of saying thank you for your hard work and contributions to open source. We hope you enjoy this gift from all of us at Google and Rick Viscomi who nominated you. Thank you again for supporting open source! We look forward to your continued contributions. Best regards, Chris DiBona, Director of Google Open Source

For the last year, I have started to spend more time in contributing, maintaining and creating Open Source project and reduced the amount of contracts I usually would do. So this letter of appreciated feels great and helps me get an additional boost in continuing to do Open Source Projects.

Some of the other Open Source projects that I have been contributing and trying to spend more time on are:

In case someone is interested in supporting me to continue doing open source projects focused towards security, privacy and accessibility, I also created a GitHub Sponsors account.

Progressive Enhancement is not anti-JavaScript

Posted: 2022-05-21T02:18:32+05:30

Yesterday, I came across a tweet by Sara Soueidan, which resonated with me. Mostly because I have had this discussion (or heated arguments) quite a few times with many folks. Please go and read her tweet thread since she mentions some really great points about why progressive enhancement is not anti-js. As someone who cares about security, privacy, and accessibility, I have always been an advocate of progressive enhancement. I always believe that a website (or any web-based solution) should be accessible even without JavaScript in the browser. And more often than not, people take me as someone who is anti-JavaScript. Well, let me explain with the help (a lot of help) of resources already created by other brilliant folks.

Read more

There is a lot more to autocomplete than you think

Posted: 2022-05-08T16:00:45+05:30

Anyone who has dealt with <form> tag in HTML might have come across the autocomplete attribute. Most developers just put autocomplete="on" or autocomplete="off" based on whether they want users to be able to autocomplete the form fields or not. But there's much more in the autocomplete attribute than many folks may know.

Read more

Opting out of Google FLoC network

Posted: 2021-04-19T15:56:31+05:30

Recently, Google announced their new ad-tracking and surveillance tool called Federated Learning of Cohorts (FLoC). This is a new alternative to the third-party cookie tracking that is otherwise widely used for advertising business.

EFF has written more about the issues with using Google FLoC and also created a website where you can test if you are already a victim of their FLoC tests.

Google will track any user visiting your website even if it doesn't have Google analytics or any other services related to Google. One easy way for users visiting websites to opt out of this is to not use Google Chrome and use browsers like Firefox, etc. However, website maintainers can also help against this new tracking technology by opting out of the FLoC network.

Permissions-Policy Header

So the main way of opting out of this surveillance technology is to add a HTTP response header to their websites.

The HTTP response header is

Permissions-Policy: interest-cohort()

The FLoC technology uses interest-cohort to check for an allowlist. By default, everything is allowed as long as the user is visiting from a browser which supports InterestCohort API. However, by mentioning interest-cohort() in the Permissions-Policy header, the website is opting out from allowing any origin (including the current page) from being tracked using FLoC. Hence the FLoC feature is turned off for the website, even if the user is visiting your website from a Google Chrome browser.

NGINX

To add the above header, go to your nginx configuration file and add the following inside the server block:

server {
    ...

    add_header Permissions-Policy "interest-cohort=()";
    
    ...
}

If you have different nginx confs for multiple websites running via nginx, you have to do the above in all the server blocks or nginx configuration files.

Then run nginx -t to test that everything is correct in your updated nginx configuration. Then, restart nginx by running the command service nginx restart (or any other command that you might use based on your OS to restart nginx)

If you are using any other web server or proxy server, you can check this link: https://paramdeo.com/blog/opting-your-website-out-of-googles-floc-network