Introduction
Statistics
Contact
Development
Disclaimer
Help
===========================================================
Digital inequality and degrowth web: a biased glance =
(revision 2) =
by Clover Wood, 2023 =
===========================================================
> This essay is about 3900 words long, so it probably
> will take you about 15 minutes to read through.
l;dr: I tried to access some sites about degrowth from
omputers and smartphones that are powerful enough for
aily usage in 2023, but are not supported by software
r hardware vendors anymore. Some sites worked, some
ites didn't, so I researched "why" and "what to do".
he main issues, not surprisingly, are caused by HTTPS,
SS and JavaScript; I offer some workarounds for those.
opefully this essay could help to make grass-roots
eb sites more accessible to people who cannot afford
up-to-date" hardware, and starts a discussion about
he contribution of the Internet to the staggering
mount of e-waste humanity produces.
-----------------------------------------------------------
s "Degrowth&Strategy" (2022) states, "engaging actively in
he international degrowth networks demands a priviliged
osition", with one of the things mentioned being access
o a computer and a decent internet connection.
decided to evaluate this claim, or, rather, how poorly
hings are in reality, with the help of my budget laptops
nd a handful of smartphones I could access. The links
o the various degrowth communities were provided in the
hapter five of the said book. I also checked out the site
f my favourite magazine, Low Tech (solar version), as well
s Google search engine.
ooking at my findings, I realised that the root causes of
he issues I have identified with degrowth web might be
nteresting outside of the scope of the degrowth or even
ow-tech areas alone. So, I decided to expand the essay
o make it more accessible for people far from IT, trying
o offer a balanced (but inevitably biased) view on the
tate of web, especially in the contexts of building online
rass-root communities and reducing e-waste.
= Why does it matter? - Computers and people ==
efore giving you the raw results, I would like to explain
y reasoning behind doing this little "research".
umanity has been mass-producing computers for over seventy
ears, and by today we have enough computers to satisfy all
ersonal computing needs for many years to come. According
o the data I found online, in the years 2007-2021, only
martphones alone make 14.4 billion computers produced, with
ome 1.5 billion smartphones added to this number annually.
dd 374 millions of laptop and desktop CPUs sold in 2022
lone to this whopping mountain of computers. And now add
o this 20+ billions of microcontrollers manufactured every
ear for the last ten years or so, with most of those as
owerful as personal computers and game consoles of the 80s.
mention microcontroller devices comparable to 40-year-old
ersonal computers intentionally. While computers of the
0s were not capable of playing HD video and generating
mpressive fake news articles, they were successfully used
or text editing, home budgeting, research and science,
ducation, play and - yes - accessing the internet services.
here is little doubt a significant portion of controllers
umanity manfucatures is internet-capable; we use them for
Internet of Things", after all.
ven putting the question of microcontrollers aside, we are
eft with at least two powerful computers per every person
live today. If these computers were sufficient to satisfy
ur needs of personal computing, we could just stop making
ew ones. If only they were sufficient to access the
esources about degrowth and low-tech...
= Quick glossary for non-techies ==
eel free to skip this section for now, and return to it if
you meet a term you don't know.
HTML - hypertext (text with links) mark-up language,
way to explain to the browser how you want it to display
he text on the page.
HTTP - hypertext transfer protocol, a way for two
omputers (server and client) to send and receive HTML and
ther files.
SSL - secure sockets layer, a way for the server and the
lient to exchange encrypted data in a way that should be
airly safe from wiretapping.
TLS - basically the same thing as SSL, but newer.
SSL certificate - a digital document, usually issued by
ome sort of authority, to verify that the owner of an
ncryption key is indeed who they say they are.
HTTPS - Secure HTTP, as in HTTP inside of SSL or TLS.
RSA, 3DES, ECDH - families of encryption algorithms.
CSS - cascade stylesheets, a technology that allows the
ame HTML documents to look differently; to enable
the separation of content and presentation". Examples of
SS usage are: different fonts, colors and page layouts.
xtreme example: CSSZenGarden.com
JavaScript (JS) - a programming language that can be
nderstood by many web browsers; it is used to convert
HTML page into an application that is run in a browser's
ab. If you have buttons or input fields on the page,
nd they work without refreshing the page or redirecting
ou to a different one, the site is using JavaScript.
xtreme examples: https://macos9.app/ or JSLinux.
MHz, GHz - million of Hertz, billions of Hertz. A unit of
requency. In computer science it is often used to describe
he performance of a computer processor, as it is related
o the number of operations this processor (CPU) can
erform in a second.
KB/kB, MB - kilo-bYte, mega-bYte. A unit of information.
or western script in most computers, one kilobyte equals
024 plain-text characters. For other script systems and
omputers, one kilobyte might fit as little as 512 or 256
haracters. A megabyte is 1024 kilobytes.
kb/kbit, mb/mbit - kilo-bIt, mega-bIt. A unit of
nformation, in modern computers one bit equals 1/8th of a
yte. If it wasn't confusing enough, 1 kb = 1000 bits, and
mb is 1000 kbit. Hence, "one megabit per second" roughly
quals "122 KB per second".
= Reality check - Degrowth networks ==
ain test device:
* My laptop. I use it for everything, from drawing to games
* Model of June 1998
* It's Pentium II 266 MHz with 192 MB RAM
* I have a stable Internet connection (GPRS)
* For this test, I used Windows 98 SE with patches to
add Windows 2000 and XP compatibility
* Guesstimated number of devices with comparable
capabilities manufactured: over 500 million
* People who still use similar devices: ~60 million
rowsers (the latest working or recommended version), and
he codes used in the table below:
* IE: Internet Explorer 6 (with security patches)
* D+: D+ (a variant of Dillo browser)
* O1: Opera 10
* KM: K-Meleon 1.6 (based on Mozilla engine)
econdary test device:
* A laptop I could borrow for a short time
* The cheapest laptop on eBay
* Lenovo Thinkpad X131e (2013)
* Intel Celeron CPU, two cores at 1.5GHz
* 4GB RAM
* Locked ChromeOS; support stopped in 2018
* CR: built-in Chrome browser
* Guesstimated number of devices with similar capabilities:
about 2 billion devices
* People who still use this version of Chrome: ~45 million
obile test devices:
* Windows Mobile 6 smartphone (2008)
- CPU 500 MHz, 128Mb RAM
- WM: Internet Explorer 7
* Android 5.1 smartphone (2017)
- Sold as a budget model in 2017
- Popular second-hand model in Pakistan (~$30)
- 4 CPU cores 1.1GHz, 1Gb RAM
- AC: Chromium-based built-in Browser
- About 1.5 billion Android 5-capable devices were
manufactured
- Android 5 is still used by 100 million people
* KaiOS 2.5 "feature phone" (2019)
- Based on "low-power hardware", as Wikipedia states
- Very similar to cheap (~$30 for a new one) JioPhone
- 2 CPU cores 1.1GHz, 512 Mb RAM
- KO: Powered by Mozilla browser engine (ex-Firefox OS)
- 170 million devices manufactured
- 100 million people keep using them
egend:
* S - superb, works great
* + - works with minor issues (i.e. slow but readable)
* - - loads, but isn't readable or useable
* x - does not load at all
IE D+ O1 KM CR WM AC KO
oogle.com S + + + S + S S
egrowth.org x + - - S + S +
egrowth.info x + - + + + S -
egrowth.net x - - - - - S +
ists.degrowth.net x + + S S + + +
ists.riseup.net x x + S S + + +
owtechmagazine.com x x x + S + S +
also have checked a few international communities with a
educed set of browsers.
D+ CR WM KO
ecrescita.it x S x +
pe.hr + S x +
escreimiento.org x S x +
ss.nl x x x +
s you can see, the test results are not great, but they
re better than I expected. Before you jump to the
onclusion that I am here to unnecessary critique portals
un by pure enthusiasm of their creators, first I want
o inform you that most websites are struggling with the
ame issues, and second, I would like you to take a look
t the elephant in the room.
= Key findings, or "Why Google works everywhere?" ==
s you might have noticed, Google works on all and every
latform I have tested. Ine fact, it works even with the
ldest Netscape and Internet Explorer browsers, and in some
osaic versions, too. There are two reasons for that.
irst, Google can afford this. They can and do test their
ain site using many different devices, and go as far as
erve different version of the site depending on the device
ou use.
econd, Google can afford this. Starting 2014, they demote
ites without HTTPS (encrypted HTTP) in the search results.
ut the reason Google still works in Internet Explorer 6
r Netscape 3 is that they serve an "insecure" version of
oogle with HTTPS disabled to such devices. Who is going
o punish Google for using such a trick? Google?
have to note that the commonplace usage of SSL and HTTPS
s not a bad thing per se. On sites that handle any sort
f input from users (logins, passwords, comments), secure
onnection prevents malicious third parties from snooping
nd stealing private information. The sites serving any
ort of information that can be perceived as dangerous by
eople in power (governments, service providers, and even
mployers), the usage of HTTPS prevents the alteration of
he information by the third party while this information
s on the way to the end user. Finally, HTTPS prevents a
ractice of inserting unwanted advertisment right into the
ebsite's content by your Internet provider.
ut the practice of using SSL and HTTPS brings death to
he devices that still could have been useful today. There
re two major routes for that:
* Dropping support for older encryption algorithms
- For example, RSA-256 is considered insecure, as it
can be cracked in a few minutes using an 8 or 16
core desktop CPU.
- While updating the encryption algorithms of the
devices is possible in theory, in reality it does
not happen after the device stops receiveing
updates from the manufacturer.
- Today (March 2023), all the devices running
Android 4.3 and below, Chrome 30 and below,
Firefox 26 and below, Internet Explorer of all
versions except for IE11 on Windows 10, and
Safari 8 and below (iPhone 4) do not support
any algorithms that can be considered secure,
according to SSLLabs.
- Newer algorithms require more CPU power.
Software implementations of ECDH algorithms can
require seconds to establish a connection when
used on devices with CPUs running at dozens to
hundreds MHz. There are research papers suggesting
that efficient implementations of secure encryption
on devices with CPU power comparable to personal
computers of the 80s is achievable, though.
* Dropping support for root certificates
- Asymmetric encryption used as a basis of SSL
and HTTPS relies on the system of "root certificates"
pre-installed on the devices by the manufacturer.
The root certificates are used to confirm that the
site you are visiting was not replaced by a hacker.
- It is fairly normal for root certificates to expire
eventually. If your root certificate was issued in
2003, chances are it was compromised by 2023.
- A recent example of root certificate expiration is
Windows 7 (released in 2009). One of its important
root certificates has expired in September 2021.
- It is usually possible to add new root certificates,
or ignore the error message about the expired
certificate. It is possible that the new root
certificates will be using an algorithm not supported
by the manufacturer of the device, though.
~ What can be done about it ~~
If you hope that your website can be used from a device
lder than a few years, try to find the balance between
ecurity and compatibility.
Your web server can detect the SSL capabilities of the
ser's browser. In many cases, it might be acceptable
o serve a version of your site with weak encryption (3DES
or ~60 million people who still use Internet Explorer),
r without any encryption at all.
Please be mindful of privacy needs of the visitors of
our site. If you offer a forum board or comments section,
t would be a very bad idea to give a false sense of
ecurity, privacy or anonymity when your site uses weak
ncryption or no encryption at all.
A site called SSLLabs has information about algorithms
upported by different browsers running on different
perating systems, and can also show you what algorithms
re offered by your web server. It can help you to decide
hat algorithms (and what SSL/TLS protocol versions) you
ant to offer to your site visitors.
When it comes to checking whether the site is going to
oad, nothing beats trying out your site from a target
evice. Check your attic, find your previous laptop or
hone, and try to use it. If this is too much of a hassle,
r you want to check multiple OS+browser combinations,
omputer emulation can be handy. For a wow-effect (and a
idiculous display of power), check out Fabrice Bellard's
SLinux from a web browser of your computer or phone. It
an boot to Windows 2000 with Firefox, Internet Explorer
nd D+ preinstalled.
ut, most importantly:
The right to repair must include the right to replace
he software shipped with the device. It is imperative for
anufacturers and operating system vendors to provide
simple way of updating SSL libraries and root
ertificates on any device. Otherwise, billions of
marthpones and hundreds of millions of computers will
nd up mostly useless.
= Pretty/Useless ==
ome feel-good browsers, including D+, Links and K-Meleon,
an handle HTTPS and SSL business separately from the
perating system. But even when the browser can establish
HTTPS connection and load the site's data, there are no
uarantees that the site will be useable. Even the support
f HTML, CSS and JavaScript standards cannot guarantee
hat: there are sites that work in lightweight D+ (no
avaScript, limited CSS), but refuse to work in Acid3-
ompliant K-Meleon (with HTML5, CSS3, JS and so on). What
s going on here?
f you have too much CSS and JavaScript on your site, it
an result in two seemingly contradictory symptoms:
he site might not work without a certain level of CSS
nd JavaScript support, AND it might start working again
hen such support is missing completely.
riginally, all the web pages used only HTML, as a way to
dd links and images to the text. When WebKit (Safari) and
ts "fork" (spin-off) Chrome became monopolists on the arena
f web browsers, it became commonplace to "enhance" sites
ith lots of JavaScript and CSS. Some uses of these
echnologies:
- changing the appearance of a site when mobile device
hanges its orientation (i.e. landscape to portrait),
- adding accessibility customisation options,
- showing site search results without changing the page,
- adding a comment or a post without changing the page,
- loading new content without changing the page, also known
s "endless scroll" or "endless feed".
hen a site is using CSS features not available in the
rowser you are using, it is possible that some or all the
ontent of the site will be displayed incorrectly, covered
y other site elements, or invisible altogether. Turning off
SS will "reset" the appearance of the website to defaults
usually black letters on white background, with blue
yperlinks); the images resized by the means of CSS will
e displayed in their original resolution, even if it's
oo small or too big for the screen. Complex navigation
enus hidden by CSS will be displayed as a list.
xamples:
- K-Meleon misinterprets CSS features of degrowth.org,
howing only an empty white page, despite loading all the
ext and images from the site.
- D+ ignores most CSS features of degrowth.org, so the
ite doesn't look the way it was intended, but all text and
mages are perfectly readable.
hen a site is using JavaScript features not available
n the browser, some menus and buttons might not work
orrectly. If the site is using JavaScript to load
ew content on the fly, and JavaScript isn't working
orrectly, then parts of the site or the whole site will
ot be available.
xamples:
- JavaScript content on degrowth.org causes Opera 10 to
rash and close by itself in a second or two when a mouse
ursor is hovering over a link.
- D+ doesn't support JavaScript, which is used by
egrowth.net for navigating the site and changing the
ontent shown on the screen, so all the content is displayed
n the screen at the same time.
e might not be that surprised that browsers released
ess than a decade ago cannot properly display sites, even
ites that aren't any different from the sites we've used
en and sometimes twenty years ago. But it is likely that
rowsers that were released only a few months ago aren't
orking correctly with some of the sites created today.
tandards of CSS and JavaScript are ever-evolving, with
ew features added with every release of Chrome and Firefox,
very month or so.
ew standards of CSS and JavaScript are regulated by a
ot-for-profit organisation "World Wide Web Consortium".
any chairs and participants of the W3C standard working
roups are experts employed by Microsoft, Adobe, Baidu,
libaba, Apple, Google, Intel, Samsung, Huawei and many
ther companies. Independent participants, university
esearchers, representatives of socially important projects
Wikimedia foundation, for example) seem to be a minority
n the World Wide Web Consortium today.
will not speculate that capitalist mega-corporations are
cting with malicious intent towards the Internet and
he grass-roots movements using it. After all, there is a
uch simpler explanation: mega-corporations need these new
tandards for the new features of the new versions of the
olutions they produce. It would have been hard or even
mpossible to release new versions of products many of us
se today.
ou see: JavaScript paired with endless possibilities of
SS allows creating large applications that can be run
nside of a browser, like Google Docs or Mozilla PDF viewer.
he temptation to use powers of JavaScript is so great
hat many desktop and mobile programs today are written
n JavaScript and shipped with its own version of a browser
for example, Discord, Twitch, Visual Studio Code).
eb browsers of 2023 are de-facto operating systems, and
avaScript and CSS are their core parts. Web browsers are
ven shipped as operating systems at least in three very
opular product groups: Chromebook laptops, KaiOS phones
nd Fitbit OS watches.
hile big tech has their reasons to push for newer versions
f JS and CSS, among groups of people who suffer from
veruse of JS and CSS disproportionately are not only
eople who cannot afford a new computer, but also people
iving in areas with expensive or unstable internet access
nd people with disabilities.
~ What can be done about it ~~
Most sites, including degrowth networks, are not meant
o be run-in-browser applications. There is no pressing
eed to use the latest browser features for them,
specially if you hope to make your site accessible to
eople using "obsolete" computers (note that Chrome won't
e updating on Windows 7 and Windows 8 anymore).
If you still believe your visitors absolutely must
ave CSS and JS to see your site, consider this:
oogle and Amazon are among the sites that will work
ithout either. If mega-corporations can make this work
or their money-making products, we can do this for
ur grass-roots web, too.
Ready-to-use solutions for building websites can be
empting for their simplicity, but it's worth checking
ow they behave in browsers that aren't up to date.
Using "obsolete" browsers can be dangerous, as they
re not protected from known security vulnerabilities,
nd should not be encouraged. Unfortunately, most browsers
o not provide updates for "obsolete" computers and phones.
he browsers that support such devices and still provide
ecurity patches and updates, on the other hand, often lack
ot only "bleeding edge" features, but well-established
tandards like CSS 2.1 (2011) or JavaScript ES5 (2009).
Check out the essay "Command Line Programs for the Blind"
y Karl Dahkle, the developer of edbrowse, a text-only
rowser focusing on accessibility. Strive to make your
nline presence accessible for people with text-only
rowsers, screen readers, adaptive controllers, color
lindness, and so on. Hint: if your site is readable without
SS and JS, has alt text for images and correct markup
or menu and links, you are on the right track.
= A biased analogy ==
y overall impression of the situation? It reminds me of the
merican car culture of the 1950s. "Americans were spending
ore [and more] time in their automobiles and viewing them
s an extension of their identity", writes Wikipedia. When
ew features of the new cars weren't impressive enough to
onvince the customers to buy a new one, sellers were trying
o make cars a kind of fashion. But a car is still a car.
f you replace an old car with a new one, sure, you might
et new safety and entertainment features. It doesn't
utomatically mean you will be able to travel faster,
urther, or cheaper. And the destination of the majority
f your trips, the closest shopping mall and your office,
sn't going to magically change, either.
any similar things can be said about computers and
martphones. They are undoubtedly extensions of our
dentities: "iPhone user", "Android owner", "PC gamer".
aybe the hype around new iPhones isn't as common as it
sed to be. Maybe mobile phones are not a fashion statement
nymore. But the changes they brought to our lives are
oing to last long. To rephrase economist Richard Porter,
the smartphone made today's Web possible, and today's
eb made the smartphone essential."
= Conclusion ==
hope this essay was as useful to you as it was insightful
o me. Despite writing so many words, I realised that I
arely scratched the surface of the digital inequality
uestion. Topics that were left uncovered include, but
ren't limited to, accessibility, connectivity speed and
tability, censorship, state and corporate survelliance
nd internationalisation. Well, perhaps, I will cover those
ome other time.
= Bonus level: Google Fonts ==
ne of the things that seem to break K-Meleon and Opera 10
re Google Fonts. This might not be a good enough reason to
top using them, though. Google Fonts are free and easy to
se, and they come as a default option in some popular web
age "factories", including WordPress.
ut Google Fonts come with a catch. If you use the default
ay to add them to your website Google might receive some
nteresting data about your site's visitor, including:
he site they are visiting (yours), their language,
heir IP address, their web browser version.
urrent Google Fonts terms of service insist that while the
onts might track user behavior, this data will be used only
n analytical purposes, and won't be sold to third parties
r used for advertisement.
rick question: how often do you check whether Google has
pdated their Fonts API terms and conditions?
-----------------------------------------------------------
lease send your comments and questions to:
my email: usagi[at]sdf.org
my Mastodon: https://mastodon.sdf.org/@usagi
inks to share this essay:
ttp://usagi.sdf.org/digital-inequality-and-degrowth-web.htm
opher://sdf.org/1/users/usagi/diary/2023-03-09-DI-DW.txt
emini://sdf.org/usagi/diary/2023-03-09-DI-DW.txt