# Removing 3rd Party "Spyware" from vpsBoard



## drmike (Aug 7, 2013)

So, I am hyper critical of the sites I visit these days and even more critical of what is within the pages I visit.

vpsBoard is one of my favorites, but in light of the NSA, FBI and their spying and entities like Google, Apple, Microsoft, AT&T, Verizon, etc. all being willing co-conspirators to undermine human rights, I don't want those spooks directly sniffing me while I visit here.

These are the elements within one page I looked at from vpsBoard with elements that are of concern (i.e. leaking my viewing to third parties):

0. www.google-analytics.com/analytics.js

    - used for fancy traffic reporting.  There are alternatives and free hosted ones with less malicious companies.

1. http://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js

    - PITA javascript crap.  Sure, you need it for wizbang features.  Can we just download this from Google and serve it directly from now on?

2. http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8/scriptaculous.js?load=effects,dragdrop,builder'

    - PITA javascript crap.  Sure, you need it for wizbang features.  Can we just download this from Google and serve it directly from now on?

3. https://www.google.com/jsapi?

    - PITA javascript crap.  Sure, you need it for wizbang features.  Can we just download this from Google and serve it directly from now on?

4. http://data-vocabulary.org/Breadcrumb

   - no idea what this is other than a tree builder for nested navigation --- can't we facilitate without outsourcing something so silly to remote site?

For record, I block google-analytics at DNS level.  Unsure if they ever work their way around that.   I suspect they might.

I typically block javascript, but the software here isn't so great/happy when you do such.

Discuss.


----------



## drmike (Aug 7, 2013)

And to add to the lovefest:

1. Google +1
https://apis.google.com/js/plusone.js

2. http://connect.facebook.net/en_US/all.js#xfbml=1&appId=376004292525718

More spyola crap infestation found on vpsBoard.

Can we just host the functionality on files served directly from vpsBoard instead?   I'd prefer the teenager girl social media stuff gone, but that's just fuddy old me.


----------



## MannDude (Aug 7, 2013)

Well, I can stop serving some of that from Google, which I have now. Should be requested from vpsboard.com instead of Google.

Analytics may get replaced with Piwik, but data from GA can't be imported into Piwik as far as I know. Means I need to get a separate VPS just for analytics.


----------



## drmike (Aug 7, 2013)

Anything you can do @Manndude to address those would be marvelous.

Just being consistent with overwhelming sentiment of the silent majority about privacy, leakage, monitoring, etc.

Very appreciated!


----------



## notFound (Aug 7, 2013)

I've blocked Google Ads and Analytics from a long time back, actually back when I was pretty new to computers I noticed when I was on dial up in like 2004 or something that google was loading analytics and wasn't too comfertable with it and asking my mum what analytics could have meant. From that point on I learned what the hosts file was.

Bear in mind I was like 7 years old. ;-)


----------



## Aldryic C'boas (Aug 7, 2013)

Always awkward when asking the mum about anal tics.

>_>


----------



## JavaHost (Aug 7, 2013)

Aldryic C said:


> Always awkward when asking the mum about anal tics.
> 
> >_>


Thank you, for this laugh sir. You caught me off guard with this one.


----------



## drmike (Aug 7, 2013)

Anal Ticks.... Funny.  Analytics has to be one of the WORST names one could come up with for a product or line or study, ever.


----------



## MannDude (Aug 7, 2013)

buffalooed said:


> Anal Ticks.... Funny.  Analytics has to be one of the WORST names one could come up with for a product or line or study, ever.


----------



## MannDude (Aug 7, 2013)

But yes, on a serious note, I will look into replacing Google Analytics with a self-hosted solution. A lot of us (including myself) block most things anyway using Ghostery and Ad-Block Plus. The social media buttons will be removed (again). Scripts should be being served from vpsBoard again and not Google anymore (though some day I will get setup with a proper CDN).

Anything else? SSL version of the site?


----------



## drmike (Aug 7, 2013)

*"SSL version of the site?"*

That would be awesome if easily doable.

I didn't expect such a quick and complete cleanup.  No offense meant in dissecting things earlier like this.  Figured it was sane thing to pursue.


----------



## MannDude (Aug 7, 2013)

The social media junk has been removed, don't think it was ever really used anyway.

Google stuff should be limited to analytics right now. May setup Piwik later on another VPS. Have 4 VPSes running for vpsBoard right now, haha. May add that to an existing one to not add an additional cost.

Can add SSL logins soon, though a bit more customization will be required to make the entire site accessible via https:/


----------



## HalfEatenPie (Aug 7, 2013)

WE'LL DO IT LIVE!  

I guess we'll be moving to self-hosting everything!


----------



## GIANT_CRAB (Aug 8, 2013)

Tin foilers detected.


----------



## Amitz (Aug 8, 2013)

buffalooed said:


> Anal Ticks.... Funny.  Analytics has to be one of the WORST names one could come up with for a product or line or study, ever.


Better than telling your mum "Hey, I want to see Uranus one day". Astronauts are perverts...


----------



## drmike (Aug 8, 2013)

GIANT_CRAB said:


> Tin foilers detected.


Really?  No one here in the states makes tin foil (which is actually steel foil).  They haven't made that since 1940's.

See how out of touch you folks who claim tin foil are?  Lost in the 1940's.  Better watch, there could be a Hitler behind every bush.


----------



## KuJoe (Aug 8, 2013)

If given the option between an SSL and non-SSL version, I'll pick non-SSL because the site already acts up enough for me without adding extra overhead. 

I guess what I'm trying to say is _*DO NOT FORCE SSL*_.

Additionally, I tried Piwik a while back and ended up switching back to Google Analytics. Google just does it better IMO. It's a sad fact, but Google is just made up of a bunch of geniuses.


----------



## sleddog (Aug 8, 2013)

MannDude said:


> Analytics may get replaced with Piwik, but data from GA can't be imported into Piwik as far as I know. Means I need to get a separate VPS just for analytics.


https://github.com/clearcode/Google2Piwik

Haven't used it myself, though I do use Piwik quite a bit. I'd really recommend you put it on it's own box and read all the stuff about tweaking for high traffic...


----------



## MannDude (Aug 8, 2013)

sleddog said:


> https://github.com/clearcode/Google2Piwik
> 
> Haven't used it myself, though I do use Piwik quite a bit. I'd really recommend you put it on it's own box and read all the stuff about tweaking for high traffic...


When I get some free time I'll look more into this, can't do too much now. Thanks!


----------



## mikho (Aug 10, 2013)

MannDude said:


> Well, I can stop serving some of that from Google, which I have now. Should be requested from vpsboard.com instead of Google.
> 
> 
> Analytics may get replaced with Piwik, but data from GA can't be imported into Piwik as far as I know. Means I need to get a separate VPS just for analytics.


Raymii offers a hosted piwik but then we might have the same story repeat itself.


----------



## MannDude (Aug 13, 2013)

FYI, got Piwik installed. Will remove Google Analytics once the hostname to the new analytic server is accessible globally.

Lot of privacy-minded options available. You can also opt-out of tracking too, if you wish. (Not that any identifying information is collected, just used for stats.)


----------



## willie (May 31, 2015)

Something weird happened with the site yesterday, I was unable to post without unblocking gogoleapis which the site now uses to serve jquery.min.js.  I'm not sure if jquery was coming from the vpsboard server before, or it was coming from googleapis (which I've had blocked the whole time) and something else changed.  Anyway, it seems to work now with jquery blocked, which makes me wonder why jquery is needed in the first place.

I see there is also a widgets.js transcluded from twitter.com.  Could that be switched to self-hosting also?  I mean just serve the static file from vpsboard instead of twitter.  Thanks!


----------

