Ben Tasker's Blog

So Long WhatsApp

For years, I refused to install WhatsApp messenger because I had customer contact details and other information on my phone.

Eventually, I made a concerted effort to clear all that out, with the side effect that I could then install WhatsApp, based in part on their promise that personal data - names, addresses, internet searches or location data - would not be collected, much less used.

When WhatsApp was acquired by Facebook, it was inevitable that that promise was going to get broken. Something all the more apparent when one of the WA founders left Facebook as a result of a disagreement about privacy.

So disappointing as it is, the recent news really was quite inevitable.

WhatsApp have pushed a notification of a change in their terms and conditions - the new changes allow them to share data with Facebook, including (but not limited to)

  • User's phone numbers
  • User's contact lists (see below)
  • Profile information
  • Status information
  • "Diagnostic data"  - what phone model you're using, what networks you're on etc
  • Location data
  • "User content"
  • Details of purchases made with businesses using WhatsApp, including Financial Information
  • "Usage data"

These changes will come into effect from 8 Feb 2021 - if you disagree with the changes, then the only recourse is to delete your account before then (which probably isn't GDPR compliant, but Facebook tend not to worry about that).

 

Read more ...

Musings on Home Automation

I've dabbled with elements of Home Automation in the past.

In a previous rental, we only had storage heaters, so I equipped each room with an Oil Radiator and an energenie RF plug socket (like these https://www.amazon.co.uk/Energenie-Remote-Control-Sockets-Pack/dp/B004A7XGH8) using a Raspberry Pi and the Energenie remote control header board to set up an effective heating schedule.

However, aside from that, and mild "wouldn't it be nice too..." ideas, I've not really been overly interested into it until relatively recently.

Having spent a bit of time dabbling, I thought I'd write a post on my experience - not least in case it helps people with some of the things I struggled with.

 

Read more ...

Onion V3 Address is live

My site has supported using V3 Onions at the transport layer for quite some time, having implemented Alt-Svc headers to allow Tor to be used opportunistically back in October 2018.

What I hadn't got around to, until now, was actually support direct access via a V3 hostname. I'd put a reasonable amount of effort into generating a personalised V2 address, and making sure it was documented/well used.

However, V2 Onions have been deprecated, and will start generating warnings in a month. Total discontinuation of V2 support is scheduled for July 15th 2021.

So, I figured I should get V3 support up and running, and have today launched the service.

 

Read more ...

Tuning Pi-Hole to cope with huge query rates

As some may already know, I offer a small public encrypted DNS service at dns.bentasker.co.uk, offering DNS resolution via DNS-over-HTTPS (DoH) and DNS-over-TCP (DoT).

The setup I use is an evolution of that one I described when I published Building and Running your own DNS-over-HTTPS Server 18 months ago, providing ad and phishing blocking as well as encrypted transport.

It was never intended that my DNS service take over the world, in fact, on the homepage it says

A small ad and phishing blocking DNS privacy resolver supporting D-o-H and D-o-T .... This service is, at best, a small hobby project to ensure that there are still some privacy-sensitive DNS services out there.

Not all nodes in my edge even run the DNS service.

The service has always seen some use - much more than I really expected - with queries coming in from all over the globe, and query rates are pretty respectable as a result.

However, recently, query rates changed, and there was such a seismic shift in my daily graphs that the previous "routine" usage started to look like 0:

Daily query rater graph

I'm omitting figures and dates out of an abundance of caution, but the lines represent usage across different days (the vertical grey lines each denoting a day)

You can see that usage increased by several orders of magnitude (the turquoise line is the number of advertising domains blocked, so usually increases roughly proportionately).

The change in traffic rates triggered a few things

  • Alarms/notifications from my monitoring
  • Notifications from some of my connectivity providers to say they were mitigating an apparent DoS

This post is about the (very few, actually) minor things I found I needed to do to ensure Pi-Hole could keep up with the new load.

Read more ...

A comparative analysis of search terms used on bentasker.co.uk and it's Onion

My site has had search pretty much since it's very inception. However, it is used relatively rarely - most visitors arrive at my site via a search engine, view whatever article they clicked on, perhaps follow related internal links, but otherwise don't feel the need to do manual searches (analysis in the past showed that use of the search function dropped dramatically when article tags were introduced).

But, search does get used. I originally thought it'd be interesting to look at whether searches were being placed for things I could (but don't currently) provide.

Search terms analysis is interesting/beneficial, because they represent things that users are actively looking for. Page views might be accidental (users clicked your result in Google but the result wasn't what they needed), but search terms indicate exactly what they're trying to get you to provide.

As an aside to that though, I thought it be far more interesting to look at what category search terms fall under, and how the distribution across those categories varies depending on whether the search was placed against the Tor onion, or the clearnet site.

 

This post details some of those findings, some of which were fairly unexpected (all images are clicky)

If you've unexpectedly found this in my site results, then congratulations, you've probably searched a surprising enough term that I included in this post.

 

Read more ...