
StopBadware - dedalus
https://www.stopbadware.org/
======
DyslexicAtheist
this is great. I've been well shielded from badware thanks to using FOSS since
96, but Android/Windows are a cesspit of apps that have 0 value (e.g.
CMSecurity, Tune-up utilities et al) and are constantly reporting about non-
problems ("risk detected" or "junk found"), with sole purpose of displaying an
ad. Android (and Windows) security apps not only suck but condition you into
an OC behavior for a reward (now your phone is clean).

~~~
Fnoord
Badware has existed for *NIX (FOSS or not). The first internet worm, back in
1988, targeted Sendmail [1]. OSes, including FOSS ones (except OpenBSD), used
to have all kind of services enabled by default in the '90s. Remotely
exploitable vulnerability existed in IPv6 in the Linux kernel around
2005/2006\. We had shellshock as well. Just recently in 2018, there was
Meltdown and Spectre bug which was remotely exploitable via JavaScript. Also,
Android is arguably FOSS. Symbian is as well, nowadays.

[1]
[https://en.wikipedia.org/wiki/Morris_worm](https://en.wikipedia.org/wiki/Morris_worm)

~~~
jfc-ox
There's a difference between unintentional bugs, which it seems a bit harsh to
call "badware", and actual malware or very sloppily written, low-value
commercial software that recklessly behaves almost like malware.

Also, Android, as running on most commercially available phones, is not FOSS
because it contains Google's proprietary extensions and probably hardware
drivers/firmware as well.

~~~
Fnoord
> There's a difference between unintentional bugs, which it seems a bit harsh
> to call "badware", and actual malware or very sloppily written, low-value
> commercial software that recklessly behaves almost like malware.

There's not much difference between the latter and all these smartphones,
smart TVs, and other IoT devices which receive software updates for 2 or 3
years after release _if_ you're lucky.

> Also, Android, as running on most commercially available phones, is not FOSS
> because it contains Google's proprietary extensions and probably hardware
> drivers/firmware as well.

True, its a mix. I can recommend LineageOS + microG [1]

[1] [https://lineage.microg.org/](https://lineage.microg.org/)

------
okayIguessSo
Kind of a simplistic concept, no? Feels almost monosyllabic, like simple
English wikipedia.

[https://simple.wikipedia.org/wiki/Main_Page](https://simple.wikipedia.org/wiki/Main_Page)

Maybe some people need this sort of thing?

I feel like the idea for what “badware” is, according to this site, is put
forward to assist non-english speakers, in negotiating software choices in a
world where the dominant locale option is English.

Beyond a certain level of awareness and computer literacy, this site is only
collecting obvious facts and offering a new name for them. I don’t foresee
anyone fluent in English, above middle school age, finding a great deal of
utility here.

------
vog
This site is very good and informative.

But I find it kind of ironic that a site that warns about malware wants
JavaScript, just to display static content.

On the positive side, the JS code seems to be used only for loading custom
fonts, and the website looks perfectly well without JavaScript using the
standard system fonts.

~~~
favicons
Why would someone need JS to load a font? You can use them just fine with a
link in the header and CSS.

~~~
vog
I don't get it, either. Indeed, they do include their fonts with plain <link>
elements:

    
    
        <link href='//fonts.googleapis.com/css?family=PT+Sans|Signika:400,600' rel='stylesheet' type='text/css'>
        <link href='//fonts.googleapis.com/css?family=Signika:300,700' rel='stylesheet' type='text/css'>
    

But effectively, those fonts are only used when JS is enabled.

Moreover, they load a bunch of other JS libraries whose added value is
practically non-existent (except maybe for their "email protection"):

    
    
        <script type="text/rocketscript" data-rocketsrc="https://www.stopbadware.org/misc/jquery.once.js?v=1.2"></script>
        <script type="text/rocketscript" data-rocketsrc="https://www.stopbadware.org/misc/drupal.js?ooq842"></script>
        <script type="text/rocketscript" data-rocketsrc="https://www.stopbadware.org/sites/all/modules/jquery_update/replace/ui/external/jquery.cookie.js?v=67fb34f6a866c40d0570"></script>
        ...
        <script type="text/rocketscript" data-rocketsrc="https://www.stopbadware.org/sites/all/libraries/superfish/sftouchscreen.js?ooq842"></script>
        ...
    

(Note the that "superfish" here is about menus, i.e. not the well-known
badware distributed by Lenovo.)

~~~
lucb1e
> <link href='//fonts.googleapis.com/...

Your code example reminds me of what I just read on the StopBadware website:

> Some badware may not have malicious intentions, but still fails to put the
> user in control. Consider, for example, a browser toolbar that helps you
> shop online more effectively but does not mention that it will send a list
> of everything you buy online to the company that provides the toolbar.

Using hosted fonts so that they may be cached and CDN-served might not be bad,
but the use of these has the effect of sharing everything you do online with
Google.

~~~
NoGravitas
It's also quite trivial to serve them locally (even fonts that you got from
Google Fonts), and http/2 greatly reduces the impact of serving them (as long
as they are reasonably sized). And font-display: fallback or font-display:
optional in your css will also reduce the impact.

------
geowwy
The CSS on this site is not done very well. There's a noticeable white flash
while the page loads 73 CSS files. Kind of surprising because the site looks
quite professional apart from that.

~~~
iforgotpassword
It doesn't remotely fit the screen on mobile and I cannot zoom out. Was unable
to figure out what the site's purpose is and closed it with slight annoyance.

