Please don’t flame me too bad, I understand that although privacy and libre software are important to many in the Linux community, my opinions may be outside the scope of consideration for some and I respect that.

Personally, conscientious consumerism and privacy are some of the primary reasons I use Linux. I prefer community>private business>corporate when I am choosing products and services.

-System76

About 8 years ago I purchased a laptop from System76, the customer service was incredible and the machine exceeded my expectations in build quality and performance.

Recently I’ve been in the market for a smaller machine, like a Thinkpad X1, StarBook 14 or System76 Lemur.

Last week, when I visited the System76 website they used Plausible’s open source analytics on the home page (which is a great alternative to Google’s proprietary hardware fingerprinting algorithm), but once I added the laptop to my cart to checkout, I noticed the third-party trackers, apis.google and ajax.googleapis load on the webpage. Google’s reCAPTCHA was also required to complete the purchase. Hell, even Discord has switched to hCaptcha at this point citing their laughable “Gamer Privacy First” policy.

IMHO, I find it hypocritical that System76 does so much great work disabling Intel’s IME and contributing to coreboot, but chooses to embed proprietary tracking software on their website when open source alternatives are readily available.

  • Reaching out to System 76

After completing 14 reCAPTCHA’s I was finally able to get a dialogue with Stetson at System 76. He said that “System 76 takes user data privacy and security extremely seriously, but they would continue to use Google services.” His recommended solution was placing the order over the phone if I wasn’t comfortable having third-party tracking during checkout.

This is not a solution for me because I don’t want to do business with a company that monetizes user data for profit. In my experience, companies that monetize data (Alphabet, Meta, etc…) offer web services cheaper than competitors that don’t, in exchange for access to user data. So, if you’re getting a commercial service cheaper from a company that sells your user’s data, you’re also profiting from the sale by paying a lower premium for those services.

Personally, I do not think you’re taking user privacy “extremely” seriously if you’re running third party trackers and choosing reCAPTCHA (not a privacy respecting service) over hCaptcha on your website.

I really like System 76 and I want to support them with my next purchase, but presently I feel like they are saying one thing and doing another and choosing privacy respecting libre software some of the time when it suits their marketing, but proprietary anti-consumer tracking services when it’s more profitable.

  • robinj1995@feddit.nl
    link
    fedilink
    arrow-up
    84
    arrow-down
    9
    ·
    1 year ago

    Purist, hard-line stuff like this will honestly just get you nowhere in 2023. I get where you’re coming from, but it’s simply not realistic. This is what browser extensions are for.

    • words_number@programming.dev
      link
      fedilink
      arrow-up
      27
      arrow-down
      3
      ·
      1 year ago

      I don’t understand what’s not realistic about expecting from a company that markets itself as privacy focused to not add surveillance fascist services to their website. It’s not like they demand system76 to implement something crazy difficult. Quite the opposite, they just want them to not do something. That shit doesn’t add itself to a website. So just don’t fucking do it and you’re good. What’s unrealistic about that?

      • deong@lemmy.world
        link
        fedilink
        arrow-up
        2
        arrow-down
        2
        ·
        edit-2
        1 year ago

        Well, we’re here on a web site discussing it, and the top two recommendations are “build one yourself from parts” and “buy a used one in cash”.

        Seems to me that it’s the very definition of unrealistic if the real world has almost no examples that do it.

        • words_number@programming.dev
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          You’re right. I guess what I was trying to say is that I don’t think the author has unreasonable expectations. The fact that it is unrealistic that anyone follows these is kinda sad.

    • Qvest@lemmy.world
      link
      fedilink
      arrow-up
      18
      arrow-down
      2
      ·
      1 year ago

      Exactly. uBlock Origin exists for a reason. No one can block everything, but mitigation tactics exist, and to not use a product just because the website contains trackers, I don’t understand why one would do that if the product itself doesn’t contain trackers, but hey, people are different

    • milicent_bystandr@lemm.ee
      link
      fedilink
      arrow-up
      13
      ·
      1 year ago

      I dunno, us ordinary folks get a lot of benefit from the battles purists have waged before us. And sometimes they win big time.

    • victron@programming.dev
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      1 year ago

      I always wonder how those purists’ lives are better by being… like that. Is there an actual benefit or improvement?

  • hCAPTCHA, the CAPTCHA that allows special tokens distributed exclusively by Apple and Cloudflare to bypass checks for “suspicious” visitors? I’m not sure if that’s such an improvement. If you’ve already installed Privacy Pass or use Safari, perhaps, but you’re giving up a lot of control here.

    hCAPTCHA may have an open source frontend, but the backend is still closed and hosted by Cloudflare. With Cloudflare’s inherent monitoring capabilities as the proxy service half the internet runs through, I’m not sure if either is a privacy improvement or a detriment.

    I don’t think think there’s a single web store out there that still respects user privacy. I honestly think their phone based ordering process for the privacy conscious is an excellent solution and you simply won’t find a better one.

    Want a privacy friendly alternative? Go to a physical store and pay with cash (assuming you can find a laptop that can run Coreboot or are willing to port it yourself). System76 is probably the next best thing, to be honest. Not even Purism can avoid the temptation of Javascript served by Google.

  • Michael Murphy (S76)@lemmy.world
    link
    fedilink
    English
    arrow-up
    41
    arrow-down
    1
    ·
    edit-2
    1 year ago

    It’s not as simple as you think it is. First, we use Plausible instead instead of Google Analytics, so tracking data is not being given to Google. If the choice was purely up to System76’s web team, use of Google services wouldn’t be required. However, you’ll be hard pressed to find any online store that accepts online payments without a captcha service, because most payment processors require it. System76’s payment processor also requires it, and will not allow you to substitute your own solution or bypass that requirement. Same as said here: https://lemmy.world/comment/3137069

    Customer services and other web-facing frontends are also a constant target of attacks, so a captcha service is required.

    • Thom Gray@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      7
      arrow-down
      2
      ·
      1 year ago

      Stripe is one of the largest payment providers on the Internet, they recommend hCaptcha, not Alphabet’s reCAPTCHA in their docs, so it’s obviously a choice. Please don’t proclaim to be “Extremely concerned” with customer privacy and choose a service provided by a data harvesting advertising company to save money when a privacy preserving option is available.

      https://stripe.com/docs/disputes/prevention/card-testing

    • Thom Gray@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 year ago

      Michael, thank you for responding, but Google’s reCAPTCHA isn’t only required for payment on your site, it’s required just to send a message for customer service or to contact sales as I have done both recently. There are plenty of payment provider’s that to not mandate Google services. Personally I enjoy a lot of Google services when I choose to use them, but being mandated to use Google, as my child is forced to do attending school makes me wonder we companies like System 76 perpetuate this trend of the government and private industry forcing people to use services instead of letting consumers make the choice themselves in the so-called “free market.”

      • Michael Murphy (S76)@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        Customer services and other web-facing frontends are a constant target of attacks, so a captcha service is required. This whole comment is hyperbole, honestly.

  • Fazoo@lemmy.ml
    link
    fedilink
    arrow-up
    48
    arrow-down
    10
    ·
    1 year ago

    They just resell Chinese laptops anyway, or used to. I opted for a Framework laptop this time.

  • Southern Wolf@pawb.social
    link
    fedilink
    arrow-up
    34
    ·
    1 year ago

    It’s likely something out of their control. I imagine their payment processor either uses it, or requires the site to use it. Mostly to combat automated fraud.

    You likely won’t find any site, that has online shopping, that doesn’t use some sort of way to gatekeep against this behavior, unless it’s crypto-based. And even then it likely still has something like that. Even if the site redirects to Paypal, you’re gonna face that.

    Your approach simply isn’t realistic to the modern web. You can try uBlock, but blocking those connections likely will make the site ultimately not work for you.

    • ReversalHatchery@beehaw.org
      link
      fedilink
      arrow-up
      4
      arrow-down
      3
      ·
      1 year ago

      First of all, they could just have been honest at tell that.

      Second, you do not try ublock, you use ublock. That’s a minimum of you care about privacy. It does not break anything.
      What you try is umatrix.

      • Southern Wolf@pawb.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Could be it’s a requirements for their payment processor, and details like that aren’t something you talk openly about freely.

        Also, you will have sites that u lock will break beyond repair, so try is the correct word. I know this well from using Brave, which is even less than uBlock does, and even then some sites are still broken and requires the shields turned off. Just an unfortunate reality with today’s web.

    • Thom Gray@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      4
      arrow-down
      4
      ·
      1 year ago

      It’s certainly not out of their control and Stetson at System 76 confirmed that they choose Google as a business partner regarding the website. There are plenty of websites and online shopping services not using tracking scripts to monetize their customers data. Yes, most do, but most people also don’t use Linux as their desktop operating system or care much about privacy. Regarding not finding “any site”, Here are 2, I know off the top of my head. System 76 could also easily switch to hCaptcha (privacy preserving service) over reCAPTCHA as Discord previously did. If Discord is making better choices than System 76 regarding privacy respecting web services I think it speaks volumes about System 76’s claim to “take user privacy extremely seriously.”

      I’ve made purchases on both of these websites without being tracked by a third-party advertising company.

      https://www.adafruit.com/

      https://puri.sm/

      • twei@feddit.de
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        adafruit is using cloudflare and it automatically loads stuff from paypal, amazon and cloudfront. it will also ship your stuff using dhl, ups etc.

        would you say that you trust all of those companies with your (meta)data? if yes, reCAPTCHA won’t make a difference. although i do agree that everyone should use hCaptcha

        • Southern Wolf@pawb.social
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          Quite frankly no one should be using captchas at all. They are mostly pointless, and AI’s have reached the point of being able to solve them. It’s mostly just a gratis thing at this point… The illusion of trust and safety, probably for both users and providers.

      • Michael Murphy (S76)@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        not using tracking scripts

        System76 uses Plausible, not Google Analytics. Google is only required for Captcha.

        hCAPTCHA

        This is not any better from a privacy perspective.

        https://puri.sm/

        Purism also uses the same captcha services… Honestly, all of your comments here sound like a poor attempt at Purism promotion. You’ve been repeatedly spreading misinformation while simultaneously promoting Purism in each comment here.

      • Southern Wolf@pawb.social
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Considering Purism is running a pump and dump scam with their phone, I wouldn’t grace them or their website with a single cent. There are worse things than a potential privacy issue…

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    9
    ·
    1 year ago

    There’s still a business, and they need to be profitable, so they’re doing things a business does to stay profitable. But they’ve stayed very true to their philosophy.

    Is the use of these APIs during the checkout process enough to make you go to a different company? What company would you go to that doesn’t use any trackers?

    • Thom Gray@lemmy.dbzer0.comOP
      link
      fedilink
      arrow-up
      9
      arrow-down
      12
      ·
      1 year ago

      Yes, as I stated in the beginning of my post, personally I value privacy and ethical business practices and imo, if you sell hardware, make money on hardware while not additionally monetizing your customer’s data through discounted web services. So the fact that they use services monetizing user as a way to increase profit margins is enough to make me choose another company. The only company I know of that sells a Linux Laptop not partaking in this sort of thing is Purism and they have very little selection. I’m open to other suggestions if someone knows of another company?

      • Vincent@feddit.nl
        link
        fedilink
        English
        arrow-up
        32
        arrow-down
        1
        ·
        1 year ago

        You might also consider the saying “perfect is the enemy of good”. If you can find something perfect, that’s great, but if not… Don’t go with the worst option.

      • boonhet@lemm.ee
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        They themselves are almost certainly not getting paid for the user data. Rather they might use Google analytics and such to know who the target audience for their products is. So they could pay for better ads.

      • iamonabike@lemmy.ca
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        They’re using Stripe, and they require it if you have any sort of carding attack, or other fraud attempts. They’ll disable your account otherwise. And, this isn’t just Stripe, I’ve encountered it with all payment providers I’ve implemented.

        Ecommerce pretty much requires it these days, and yes, most gateways require Google’s as it’s the “industry standard” at the moment.

      • Michael Murphy (S76)@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        System76 does not make any profit from use of Google’s reCAPTCHA service. You can’t be seriously trying to insinuate that. You keep mentioning Purism, so are you actually a Purism customer, or paid by Purism? Very sketchy comments.

        • Thom Gray@lemmy.dbzer0.comOP
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          I’m a System 76 customer, as I stated in the initial post I made, which you apparently didn’t even take the time to read. Receiving Google services at a discount in exchange for access to System 76 user data is profiting from using Google’s discounted reCAPTCHA, versus competitor pricing models. Don’t think linking Google’s privacy policy that promises not to track your users is of any relevance, Google is currently under more litigation for violating their own privacy policies than any other company in Tech (research the case with Epic Games), not to mention the DoJ’s anti-trust lawsuit currently underway.

          https://arstechnica.com/tech-policy/2023/03/judge-finds-google-destroyed-evidence-and-repeatedly-gave-false-info-to-court/

          https://www.justice.gov/opa/pr/justice-department-sues-google-monopolizing-digital-advertising-technologies

          Have you been to business school in the last decade Sir? Surveillance Capitalism is a mandatory subject in the contemporary world and I believe you’re pretending that isn’t Google’s primary revenue stream. Please have a look at he link below expanding on Alphabet Inc’s business model.

          https://telegra.ph/How-Big-Tech-Revenue-and-Profit-Breaks-Down-by-Company-12-09

          • Michael Murphy (S76)@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            Once again, you are making baseless accusations without evidence. I’ve already corrected you on these misconceptions multiple times here, yet you insist to repeat them. So whether you trust me or not, who are you getting this misinformation from, and where does it state that System76 is giving access to user data to Google, or receiving any form of discounts?

            Yet again, System76 does not give user data to Google, nor does it get any profit or discounts from Google for using a captcha service. We use Plausible instead of Google Analytics. Google’s captcha service is a captcha service, not a big data analytics platform directly feeding “Big Brother”. It is recommended by our payment processor, and is useful to eliminate attempted scams and spam.

            The intent behind your comments here going far off at a tangent is very questionable. You’re grasping for straws where there are none. Hence my questioning about your intentions.

            • Thom Gray@lemmy.dbzer0.comOP
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              I appreciate your response Michael, but I don’t think it’s a misconception that Google monetizes user data and any service they provide is a means to that end. If the payment provider System 76 uses promotes a non-privacy preserving service, then why choose that payment provider?

                • Thom Gray@lemmy.dbzer0.comOP
                  link
                  fedilink
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  edit-2
                  1 year ago

                  Are you implying that Google’s primary business model is something other than the collection and sale of people’s personal data? Google services are discounted or “free” because they monetize user data through tools like their reCAPTCHA hardware fingerprinting technology deployed on System 76’s website. My point is that System 76 claim’s to be “extremely concerned with user privacy”, but chooses a payment processor dependent on the Internet’s least privacy preserving corporation and that is a contradiction of your “proclaimed” values.

                  Btw, I recently learned that Purism also deploys Google scripts with their payment processor and I wasted my money on a Librem 5 a year ago. It has the worst touchscreen and battery life of any device I own, so let me assure you I’m no shill for that company. I honestly buy my hardware from System 76 every chance I get, so when I feel they’re being disingenuous about their values (privacy), I take it personal, since I’m typing this on a Galago Pro.

                  I’ll probably relent and order the Lemur over the phone as Stetson suggested. I’m critical of System 76 because I want them to succeed and I think they should follow other companies (Valve, Discord, etc…) abandoning Google as their ship sinks because of shareholder greed.

                  https://www.pcmag.com/news/steam-ditches-google-analytics-over-customer-privacy-concerns

                  I’m sure a lot of people at System 76, like myself started using Google in the 90s and had an invitation only Gmail account, becoming enchanted with the company 20 years ago. Unfortunately, after their 2004 IPO, the shareholder’s have clamored for the increasingly relentless collection and sale of user data to advertisers and even government tax and intelligence agencies to the point that Alphabet has lost much of it’s goodwill in the tech community and many are now suspicious of Google like myself.

                  I made my post not to bash System 76, but to point out what I believe is a strategic error continuing to have Google as a business partner when payment processor’s like Stripe will allow hCaptcha’s (privacy preserving service) instead.

  • Rentlar@beehaw.org
    link
    fedilink
    arrow-up
    27
    arrow-down
    2
    ·
    edit-2
    1 year ago

    Many payment providers would want websites to implement CAPTCHA for blocking spam and fraud attempts.

    I’m sorry, but you’re just going to have to walk to a store and pay in cash if you don’t want to have any data tracking done at all. Online you’ll often have to pick one or the other: data tracking, or flimsy security/data protection. The phone solution is appropriate in my humble opinion, but you’re welcome to hold your own views on your principles. If you’re hard set against a company tracking ANYBODY via 3rd parties to that level, then I bet you will be very hard-pressed to ever find a computer through an online marketplace from ANY company that will fit that bill perfectly and suits your other needs.

    • iamonabike@lemmy.ca
      link
      fedilink
      English
      arrow-up
      21
      ·
      1 year ago

      Many payment providers would want websites to implement CAPTCHA for blocking spam and fraud attempts.

      This is why. They’re using Stripe, and they require it if you have any sort of carding attack, or other fraud attempts. They’ll disable your account otherwise. And, this isn’t just Stripe, I’ve encountered it with all payment providers I’ve implemented.

  • Fabrik872@apollo.town
    link
    fedilink
    English
    arrow-up
    25
    ·
    1 year ago

    Their focus is i think in making pop os for hardware from clevo or someone similar or themselves in case of desktops not making websites. I mean i agree that this suck because this websites represents them. I am just saying that maybe they dont even have its own web developers for the site and the company that handles their eshop probably dont offer alternative capcha method and for them to change that they need to change the conpany that handles eshop or make their own. Both are very complicated and expensive solutions i think.

  • Raphaël A. Costeau@lemmy.ml
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    6
    ·
    edit-2
    23 days ago

    You see, even Mozilla uses reCaptcha and other Google APIs. Companies that “fight for freedom” will only do the minimal. Still, I think is worthy to send an email do System 76 with this reclamation.

    CC BY-NC-SA 4.0

  • cmnybo@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    1 year ago

    I wasn’t very impressed with their customer service. They wouldn’t sell me a new battery when mine died. Now I’m stuck with an otherwise perfectly good laptop that now has to be plugged in all the time.

      • cmnybo@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I’m rather tempted to get a Framework 16, although I’m still waiting for more information about it to be released.
        I just wish they would come out with a different keyboard. I don’t like the small arrow keys and the lack of dedicated home and end keys.

        • Michael Murphy (S76)@lemmy.world
          link
          fedilink
          English
          arrow-up
          12
          arrow-down
          1
          ·
          edit-2
          1 year ago

          Not sure how that would be the fault of customer service. There were a lot of component shortages during the pandemic. Suppliers often discontinued components in the middle of production because they couldn’t source the chips required. Batteries also require chips to control their charging thresholds and voltages.

  • spacemanspiffy@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    1 year ago

    I agree with you. Purism had this same problem at one point I believe - turns out that the Wordpress plugins that they used for their site came bundled with Google crap.

    It’s possible this wasn’t an intentional choice by anyone at S76, but instead just spyware bundled with other components.

    Both businesses should know to evaluate their dependencies for these sorts of things, but mistakes do happen. It’s good that concerned community members exist to call them out, even if they have no plans to change it.

  • const_void@lemmy.ml
    link
    fedilink
    arrow-up
    17
    arrow-down
    5
    ·
    1 year ago

    You’re worried about Google trackers on their website but you were gonna potentially buy a Lenovo Thinkpad? Lololol

  • Pig@lemmy.world
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I agree with your stance, and I can also acknowledge what other people are saying, about not being able to find companies anymore, that aren’t willing to sell your information to multi-billion dollar targeted-ad companies. I would do what a couple other people, in this post, mentioned. Buy a used laptop/desktop, in cash, that supports coreboot. To my knowledge, anything past an i5 can’t fully remove all of the IME blobs, anyways. If you want something for gaming, and don’t want to support/contribute to the funneling of personal data, I would build a desktop from parts that work well with Linux, from a store like MicroCenter.