Toolbar == Spyware

6/14/06

Some MetaFilter people were talking about a kewl new browser toolbar that adds the ability to preview links on a web page before you click on them.

It also adds spyware and adware. Because that’s what browser toolbars are for.

So I wrote a GreaseMonkey script that does the same thing but without the spyware — because somebody asked nicely, and because I’d never written a GreaseMonkey script before, and most of all because I find venture-based startups that push trivial technology as a cover for spyware and adware incredibly irritating.

(Just to briefly explain what it does: if you mouse over any link on a page, a little icon will appear next to the link. If you mouse over that icon, a scrollable pane will appear in the window containing the page that link was pointing to. You can get rid of the pane by clicking its “Close this” link. That’s about all there is to it.)

Some important caveats before I link to the thing:

  • Don’t use it. It currently preloads every link on every page, which will make browsing kind of slow. Sort of. A bit.
  • Don’t use it. The preloading is equivalent to clicking every link on the page, including links which may do things you don’t want (like “log out”, for example — as I’ve discovered multiple times, by forgetting to turn off the script before editing this blog post.) [UPDATE: This is now (mostly) fixed, in version 0.002.]
  • Don’t use it. It’s ugly. I put zero time into making it look decent.
  • Don’t use it. It doesn’t handle in-page links very well (read: at all), probably has lots of other bugs too, and will devour your first-born children if left unattended.

That said, if you’re using Firefox, have GreaseMonkey installed, and want to live dangerously:

Click here to install BetterBrowster.

But don’t use it.

Most of those problems listed above can be fixed — except the first-born child thing, of course — by me spending more time on it, better controlling which links it’ll act on, etc. I may or may not bother to do this; personally I’d find this functionality kind of irritating so don’t have much personal motivation to do the final 20% of code that takes 80% of the work. But if it turns out that anybody actually wants to use this thing, that’d be enough motivation. Hint hint.

Now a rant

I have never, ever, ever seen a browser toolbar that didn’t collect information on your browsing habits, display advertising, or both. And every single one of these companies seems to have weasel-worded FAQs that make it look like oh, no, we’re the good guys, we’d never show you ads or collect your information — followed by even more weasel-worded fine print that completely contradicts those bland reassurances: they do, in fact, show ads and collect information about your browsing habits. Bastards.

I’ve also never seen one that had any useful functionality in it other than that spyware and advertising. Because they don’t care about that functionality that much; it’s just the trojan horse that lets them do what they really care about, which is feeding you ads and collecting your information. As evidenced by the fact that I was able to reproduce the useful part of this VC-funded, multiple-employee, multinational1 company’s product in less than eight hours:

1(“Multinational” because, based on the requirements on their jobs page, they outsource most of their coding to Russia. Another guarantee of quality.)

  • 12:39 pm: bugbread plants the idea in my head
  • 12:40 pm: mow lawn
  • 2:00 pm: yeah, what the heck. let’s build this thing.
  • 2:02 pm: hello world is running, live editing
  • 4:00 pm: tangled in the fact that functions defined in the GM script disappear after the script is run; need to embed them in the page somehow…. but the sample code at http://diveintogreasemonkey.org that’s supposed to do that, doesn’t do that
  • 5:30 pm: Gotta go visit the real world for a bit
  • 10:30 pm: Back online. Start researching why GM 0.5 is different from GM 0.3, have epiphany about my code problems
  • 12:00 am: appearing and disappearing icon works; preview pane now appears when needed (but empty)
  • 12:30 am: got Ajax almost working on demand for each preview pane, but hitting a permissions error. Giving it up for the night.
  • 9:00 am: morning coffee. I’m waking up oddly early these days. For me.
  • 9:30 am: Ajax working completely, now that I’ve realized that GM_xmlhttprequest isn’t subject to the same restrictions that regular old xmlhttprequest is. Means I can’t load them on demand, have to do them all at once — but I guess that’s what ‘preload’ is all about anyway.
  • 9:35 am: Realize that the retrieved Ajax html comes with broken image paths, css, etc because the base href is different. Realize that I’m being stupid and doing this the hard way.
  • 9:36 am: Replace those fancy Ajax divs with boring old iframes. It works fine now.
  • 10:00 am: Added some window dressing, publish it to my site, start typing up a rant.

If I’d actually written GM scripts before, this would have taken no more than a lunch break to build; most of my time was spent learning about the unfortunately convoluted XPCNativeWrappers the hard way.

Now, okay, that’s not a totally fair time comparison: I’m depending on GreaseMonkey to do most of the heavy lifting, while they’re doing “real” C++ code for theirs. (Though given that their preview panes act exactly like iframes, I’d be pretty suprised if they aren’t deferring most of their heavy lifting to existing frameworks as well.)

But the point is: their code is hidden. It’s compiled, installed, you can’t look at it and see what it does. They can modify it whenever they like, change what it does whenever they like, do whatever they’d like. It’s installed software, which means it has total access to anything on your machine.

My code is open. It’s visible. You can see what it does, and I can’t change it on you without you actively updating it; when I do, you’ll be able to see what I changed. It runs in a strictly defined sandbox, which controls what I can do to your machine. And as gravy, it was easy for one guy with a bug up his ass to build, without having to collect any VC funding or outsource anything to any post-soviet nations.

Which of these is the wave of the future?