This website uses third party cookies exclusively to collect analytics data. If you continue browsing or close this notice, you will accept their use. The EU now requires all sites to display this banner which confuses users and does nothing, actually, to improve your privacy.
Read more on why this law is ignorantLearn about this website's cookiesDisallow cookies
Carlos Fenollosa

Carlos Fenollosa

Developer & unix enthusiast

Carlos Fenollosa — Blog

Thoughts on science and tips for researchers who use computers

The ignorant EU cookie law

March 18, 2014 — Carlos Fenollosa

It is 2014, and many webmasters still don't know that there is a new EU law which regulates cookies and other data stored in user computers. This is part of a noble effort to protect user privacy, which, well, I personally support.

Unfortunately, the actual law is technically incompetent and does nothing for user privacy while placing a lot of responsibility on webmasters and costing them a lot of time and money.

Put it another way, this law wants to protect users by forcing spoon merchants to inform clients about the chance of being harmed by a spoon while ignoring knife, drug or gun merchants. It's useless.

This uselessness and absolute ignorance of how the Internet works is costing EU webmasters a lot of time and money. In my case, I counted them, about ten hours. For large companies, it can be a lot more.

Why am I against this law? Why do I say it is useless?

It doesn't protect user privacy

Cookies are not the only way to track us. Modern methods use just Javascript (i.e. the Facebook 'like' button) and leave no data on the user's browser.

Furthermore, the browser itself can be used to uniquely identify you. Test it

What's worse, it says nothing about doing analytics with personal data, like the IP.

And how could we forget the fact that it is the governments themselves who are spying on users? How on Earth need cookies legislation if the UK and US just steal pictures from our webcams, data from our emails and information from our text messages?

Our legislators must be absolutely ignorant or absolute hypocrites to regulate cookies while governments spy on us. I'm not sure which one is worse.

Cookie management was solved 20 years ago

Let's assume that the previous reason wasn't valid. Let's assume cookies were a real menace to user privacy.

Well, this problem was solved since IE4, when browsers invented the cookie warning popup window.

Managing cookies in the browser is the best idea, for many reasons:

  • It is a central tool to manage cookies.
  • Display a common interface for all cookie warnings. With the current law, every webpage displays the notification with a different style and location: on top, on the bottom, on a side, on a popup. Visitors don't know where to find it.
  • We should trust user software instead of website policies. What if a website was using cookies to track me? Should I trust them? Would it solve anything that they had to pay a fine if they have already stolen my data? Concerned people should use trusted browsers, and hardened open-source operating systems, if possible. To state an example, Facebook would earn more money by breaking this law and spying on us with cookies than the fine it would have to pay if they get caught.

It confuses users

I did a quick survey with some non-technical people, asking them if they had seen this "cookies notice". They said they had. I then asked them if they did understand what it meant. They didn't.

Modern UXs have overwhelmed us with notification windows, up to a point that we just click on "dismiss" without even looking at them. Well, we should read the text, but the truth is that many people don't. Instead of arguing over what should be done, let's try to avoid contributing to the too-many-notifications problem, and just solve them on the browser.

By the way, I bet that the most clicked button on IE6 was the "Accept all cookies, do not bother me again" checkbox.

It costs people a lot of pain and money

Let's imagine there are a million websites in the EU. Let's imagine every webmaster takes, in average, 8 hours to adapt each to the new cookie laws. Let's imagine the average webmaster cost is 50€/hr

This useless law has costed EU companies and individuals 400 million euros. Nice way to impulse the internet economy.

Different countries have different requirements

In the UK, it is enough to provide a notice to tell users that the website uses cookies.

About ten years ago, browser developers decided to remove the UX label that notified the user when cookies were received because they thought there was not much to show. Now we have to implement them again, on a per-site basis. Outstanding, given that the cookie is set anyway.

Bad as it is, in Spain, a website can't set cookies unless the user accepts them, either by scrolling or clicking a link. At least, well, the user is "protected" by default, even though the technical solution is harder.

Helping the community

Angry as I am right now for having wasted ten hours of my life implementing a useless law, I thought the least I could do, besides writing a rage post, was to share my solution.

You can go to Github and download the sample I prepared. It's the same code that you can see running here if you noticed the banner. It might not be the best, but at least it gives webmasters a starting idea, and no-PHP, 100% HTML+javascript routine to run all Analytics and cookie-dependent code.

To summarize my implementation, it consists of a javascript file which handles the cookie banner, sets the actual cookie when the user gives consent, and also manages some exceptions. Unlike most of the solutions I found, which only display the banner, this code does actually handle cookies.

Check it out, and please, feel free to send pull requests and discuss its issues.

Final thoughts

I think my points are quite valid, and this is actually a useless and annoying law that serves nothing and costs money. If the regulators had consulted a competent panel, they would have learned that the cookie law does not serve their noble intention of protecting users.

The root problem, again, is that our politicians don't have the slightest idea of how the internet works. These are the same guys that now must decide on the fate of the internet as we know it.

I don't know about you, but I lost all my hopes long ago.

Did my code save you any time and money? Please donate it to the EFF.

Tags: law, web


Use whatsapp from the command line

March 10, 2014 — Carlos Fenollosa

In this post I'm going to show you how to run a commandline Whatsapp client. It can be very useful to connect it to a unix pipe and automatically get messages from your server, via Whatsapp. Also, it's cool B-)

Disclaimer: Whatsapp is sending DMCAs to take down Yowsup's Github repos, so either the software or the process may break with any update of their protocol. However, to date, I've been using it for a couple of months with no hassle.

  1. Download Yoswup from Gitorious and extract it somewhere
  2. Edit the config file and input your cc, phone and id. Leave the password blank
  3. We are going to force a re-auth on your phone's whatsapp in order to cache the password. Authenticate with yowsup: ./yowsup-cli -c config -r sms and wait for the SMS
  4. Second step of the authentication: ./yowsup-cli -c config -R [6-digit sms code]
  5. Now your phone's Whatsapp is disabled. Open the app and re-auth with either a SMS or a phone call, whatever is available first. You may have to wait some minutes.
  6. Download iFunBox
  7. Connect your phone, open the iFunBox app in your computer, and navigate to whatsapp/Library/Caches/net.whatsapp.WhatsApp
  8. Copy all files named Cache.db* to some place
  9. Download SQLiteStudio
  10. Open SQLiteStudio, and open the database on Cache.db. Navigate to the table cfurl_cache_receiver_data and scroll to the end. You will see a large json string. This is your current authentication data.
  11. Look on the json string for pw:XXXXXXX. That's your password. Copy it to yowsup's config file
  12. We are ready! ./yowsup-cli -c config -s [cc][phonenumber] "I'm texting you from a terminal"

Enjoy! Yowsup can also be used for full conversations, send messages to yourself which you'll receive on your phone or, as mentioned in the beginning of this post, pipe some other command to your phone.

Tags: software, tricks


Bashblog now supports tags

February 27, 2014 — Carlos Fenollosa

Motivated by some friends generating activity at Github I decided to add one of the main missing issues of bashblog: support for tags, or categories, whichever name one prefers.

It turned out to be a bit of work because I had to do some tricks to process comma-separated words, but in the end the result is nice enough. Now, a line accepting tags is displayed at the bottom of each post, and it automatically creates new tag archive files and links them from posts.

This doesn't break compatibility with previous posts, but unfortunately adding categories to old entries needs to be done manually. Here's how. For each post:

  1. Run ./bb.sh edit post.html
  2. You will see a full HTML file. Don't panic! Look for a line which says <!-- text end -->. It is always after the content of the post.
  3. Open a new line above that one, and paste the following template:
    <p>Tags:<a href="tag_tagname.html">tagname</a></p>
  4. Replace tagname (both occurrences) with the desired name for the tag
  5. The part in bold represents one tag. Copy and paste as many as you want between <p> and </p>, separating them with commas.
  6. Make sure that all the tag information is on a single line

When you are done editing the desired posts, run ./bb.sh rebuild and voila! The tag files will be generated.

Don't edit html files manually! Always use bb.sh edit since it keeps the file timestamp, which is necessary for storing the blogpost dates.

Tags: bashblog


What's so great about Whatsapp?

February 20, 2014 — Carlos Fenollosa

Facebook bought Whatsapp for $19B. There has been a lot of discussion on the net since the numbers are crazy. Even for today's standards, where startups are measured in Instagrams or Yahoo!s much like length is measured in football courts, that is a large sum.

To summarize my thoughts on the money; maybe we should start thinking about a new Web 2.0 bubble? Whether $12B in Facebook shares is actually twelve billion dollars cash is left as an exercise for the reader. Smarter people than me defend the acquisition, and I will definitely not argue against that.

So why did Facebook buy Whatsapp? TL;DR: because of what people use it for.

Notwithstanding Line's 350M users, or the hype with Telegram, Facebook went for Whatsapp for a reason, and that is because they are huge outside the US.

I don't think this is an acqui-hire as Whatsapp needs every employee and it wouldn't be a smart move to shut it down while it's #1 with this huge competition. However, Facebook can probably learn a lot from Whatsapp's engineers. Their amazing staff can scale at a ratio of 450M users per 32 engineers. That's 14M users per engineer. But again, this isn't about the people, the risk of Whatsapp being bought by Google, or just their user base.

It is most likely the fact that Whatsapp has more than 300M daily active users, and Facebook could greatly benefit from having all this people's data. Remember what Facebook, and all the other big companies on the net, are. They are advertisers. And all this people using Whatsapp is communicating outside Facebook's network.

Google wants to collect all the world's data, but Facebook wants to know everything about people. Now it will reach an additional 450M that they weren't previously controlling.

What's so special about Whatsapp users? From my experience, Whatsapp is a great mix of Instagram, Twitter, chat and Facebook. It is totally spontaneous, friendly, private, and chaotic. Non-geeks love the ability to send pics, text and audio and let messages scroll to the top. It is so comfortable to use.

But what's more interesting, users communicate intentions, meetings, events. Outside the US, nobody creates Facebook events any more; we create Whatsapp groups. Groups for parties, dinner, quick stuff that's happening and needs immediate action. We use Facebook to discuss what happened —maybe with a cool beach pic— but Whatsapp is all about the immediate future. Plans are made on Whatsapp.

And here goes my conclusion. What could be sweeter for Facebook's advertisers than knowing in advance what people are up to? It's the perfect user data. Remember, next time you create a Whatsapp group for that birthday party, restaurant ads will pop in your Facebook. And I'm not saying that it's a bad thing necessarily.

Tags: news


Unix tricks you should be using

February 17, 2014 — Carlos Fenollosa

Some time ago I started a compilation of unix tricks regarding bash completion, obscure tools and some ssh magic.

The list grew bit by bit until it was posted to Hacker News and quickly exploded. It got about 200k visits the first day and has been accessed and linked frequently since then.

I still maintain it, and I'd like to share it again, as the first post of this blog's new era. I have been tempted to re-write it as a longer blog post many times, but I believe that many people were attracted to the simplicity of the original text file.

Tags: unix, tricks