Please don’t flame me too bad, I understand that although privacy and libre software are important to many in the Linux community, my opinions may be outside the scope of consideration for some and I respect that.

Personally, conscientious consumerism and privacy are some of the primary reasons I use Linux. I prefer community>private business>corporate when I am choosing products and services.

-System76

About 8 years ago I purchased a laptop from System76, the customer service was incredible and the machine exceeded my expectations in build quality and performance.

Recently I’ve been in the market for a smaller machine, like a Thinkpad X1, StarBook 14 or System76 Lemur.

Last week, when I visited the System76 website they used Plausible’s open source analytics on the home page (which is a great alternative to Google’s proprietary hardware fingerprinting algorithm), but once I added the laptop to my cart to checkout, I noticed the third-party trackers, apis.google and ajax.googleapis load on the webpage. Google’s reCAPTCHA was also required to complete the purchase. Hell, even Discord has switched to hCaptcha at this point citing their laughable “Gamer Privacy First” policy.

IMHO, I find it hypocritical that System76 does so much great work disabling Intel’s IME and contributing to coreboot, but chooses to embed proprietary tracking software on their website when open source alternatives are readily available.

  • Reaching out to System 76

After completing 14 reCAPTCHA’s I was finally able to get a dialogue with Stetson at System 76. He said that “System 76 takes user data privacy and security extremely seriously, but they would continue to use Google services.” His recommended solution was placing the order over the phone if I wasn’t comfortable having third-party tracking during checkout.

This is not a solution for me because I don’t want to do business with a company that monetizes user data for profit. In my experience, companies that monetize data (Alphabet, Meta, etc…) offer web services cheaper than competitors that don’t, in exchange for access to user data. So, if you’re getting a commercial service cheaper from a company that sells your user’s data, you’re also profiting from the sale by paying a lower premium for those services.

Personally, I do not think you’re taking user privacy “extremely” seriously if you’re running third party trackers and choosing reCAPTCHA (not a privacy respecting service) over hCaptcha on your website.

I really like System 76 and I want to support them with my next purchase, but presently I feel like they are saying one thing and doing another and choosing privacy respecting libre software some of the time when it suits their marketing, but proprietary anti-consumer tracking services when it’s more profitable.

  • Southern WolfA
    link
    fedilink
    arrow-up
    33
    ·
    1 年前

    It’s likely something out of their control. I imagine their payment processor either uses it, or requires the site to use it. Mostly to combat automated fraud.

    You likely won’t find any site, that has online shopping, that doesn’t use some sort of way to gatekeep against this behavior, unless it’s crypto-based. And even then it likely still has something like that. Even if the site redirects to Paypal, you’re gonna face that.

    Your approach simply isn’t realistic to the modern web. You can try uBlock, but blocking those connections likely will make the site ultimately not work for you.

    • ReversalHatchery@beehaw.org
      link
      fedilink
      arrow-up
      4
      arrow-down
      3
      ·
      1 年前

      First of all, they could just have been honest at tell that.

      Second, you do not try ublock, you use ublock. That’s a minimum of you care about privacy. It does not break anything.
      What you try is umatrix.

      • Southern WolfA
        link
        fedilink
        arrow-up
        1
        ·
        1 年前

        Could be it’s a requirements for their payment processor, and details like that aren’t something you talk openly about freely.

        Also, you will have sites that u lock will break beyond repair, so try is the correct word. I know this well from using Brave, which is even less than uBlock does, and even then some sites are still broken and requires the shields turned off. Just an unfortunate reality with today’s web.

        • ReversalHatchery@beehaw.org
          link
          fedilink
          arrow-up
          1
          ·
          1 年前

          In a long time I didn’t experience ublock breaking websites. I never turn it off.
          Actually this is the developer’s goal with ublock, and it’s default blocklists, that it shouldn’t break websites. And when a website does brake, a fix is made very quickly.

          I don’t know how brave’s solution works, but ublock allows blocklists to patch websites besides blocking resources or requests.
          There are multiple different ways, but there’s one allowing a script to load, but stop it’s execution if it reads/sets a variable or calls a function, another to fake the value of a variable or function call, and more. I think it allows patching network traffic too (request params, headers, body), not just js code

    • Thom Gray@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      3
      arrow-down
      4
      ·
      1 年前

      It’s certainly not out of their control and Stetson at System 76 confirmed that they choose Google as a business partner regarding the website. There are plenty of websites and online shopping services not using tracking scripts to monetize their customers data. Yes, most do, but most people also don’t use Linux as their desktop operating system or care much about privacy. Regarding not finding “any site”, Here are 2, I know off the top of my head. System 76 could also easily switch to hCaptcha (privacy preserving service) over reCAPTCHA as Discord previously did. If Discord is making better choices than System 76 regarding privacy respecting web services I think it speaks volumes about System 76’s claim to “take user privacy extremely seriously.”

      I’ve made purchases on both of these websites without being tracked by a third-party advertising company.

      https://www.adafruit.com/

      https://puri.sm/

      • twei@feddit.de
        link
        fedilink
        arrow-up
        3
        ·
        1 年前

        adafruit is using cloudflare and it automatically loads stuff from paypal, amazon and cloudfront. it will also ship your stuff using dhl, ups etc.

        would you say that you trust all of those companies with your (meta)data? if yes, reCAPTCHA won’t make a difference. although i do agree that everyone should use hCaptcha

        • Southern WolfA
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          1 年前

          Quite frankly no one should be using captchas at all. They are mostly pointless, and AI’s have reached the point of being able to solve them. It’s mostly just a gratis thing at this point… The illusion of trust and safety, probably for both users and providers.

      • Michael Murphy (S76)@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 年前

        not using tracking scripts

        System76 uses Plausible, not Google Analytics. Google is only required for Captcha.

        hCAPTCHA

        This is not any better from a privacy perspective.

        https://puri.sm/

        Purism also uses the same captcha services… Honestly, all of your comments here sound like a poor attempt at Purism promotion. You’ve been repeatedly spreading misinformation while simultaneously promoting Purism in each comment here.

      • Southern WolfA
        link
        fedilink
        arrow-up
        1
        ·
        1 年前

        Considering Purism is running a pump and dump scam with their phone, I wouldn’t grace them or their website with a single cent. There are worse things than a potential privacy issue…