============================================================
=   Digital inequality and degrowth web: a biased glance   =
=                      (revision 2)                        =
=                   by Clover Wood, 2023                   =
============================================================

  > This essay is about 3900 words long, so it probably
  > will take you about 15 minutes to read through.

tl;dr: I tried to access some sites about degrowth from
computers and smartphones that are powerful enough for
daily usage in 2023, but are not supported by software
or hardware vendors anymore. Some sites worked, some
sites didn't, so I researched "why" and "what to do".
The main issues, not surprisingly, are caused by HTTPS,
CSS and JavaScript; I offer some workarounds for those.
Hopefully this essay could help to make grass-roots
web sites more accessible to people who cannot afford
"up-to-date" hardware, and starts a discussion about
the contribution of the Internet to the staggering
amount of e-waste humanity produces.

------------------------------------------------------------

As "Degrowth&Strategy" (2022) states, "engaging actively in
the international degrowth networks demands a priviliged 
position", with one of the things mentioned being access
to a computer and a decent internet connection.

I decided to evaluate this claim, or, rather, how poorly
things are in reality, with the help of my budget laptops 
and a handful of smartphones I could access. The links
to the various degrowth communities were provided in the 
chapter five of the said book. I also checked out the site
of my favourite magazine, Low Tech (solar version), as well
as Google search engine.

Looking at my findings, I realised that the root causes of
the issues I have identified with degrowth web might be 
interesting outside of the scope of the degrowth or even 
low-tech areas alone. So, I decided to expand the essay
to make it more accessible for people far from IT, trying
to offer a balanced (but inevitably biased) view on the
state of web, especially in the contexts of building online
grass-root communities and reducing e-waste.


==       Why does it matter? - Computers and people       ==

Before giving you the raw results, I would like to explain
my reasoning behind doing this little "research".

Humanity has been mass-producing computers for over seventy
years, and by today we have enough computers to satisfy all
personal computing needs for many years to come. According
to the data I found online, in the years 2007-2021, only
smartphones alone make 14.4 billion computers produced, with
some 1.5 billion smartphones added to this number annually.
Add 374 millions of laptop and desktop CPUs sold in 2022 
alone to this whopping mountain of computers. And now add
to this 20+ billions of microcontrollers manufactured every
year for the last ten years or so, with most of those as
powerful as personal computers and game consoles of the 80s.

I mention microcontroller devices comparable to 40-year-old
personal computers intentionally. While computers of the 
80s were not capable of playing HD video and generating 
impressive fake news articles, they were successfully used
for text editing, home budgeting, research and science, 
education, play and - yes - accessing the internet services.
There is little doubt a significant portion of controllers
humanity manfucatures is internet-capable; we use them for
"Internet of Things", after all.

Even putting the question of microcontrollers aside, we are
left with at least two powerful computers per every person
alive today. If these computers were sufficient to satisfy 
our needs of personal computing, we could just stop making 
new ones. If only they were sufficient to access the
resources about degrowth and low-tech...


==              Quick glossary for non-techies            ==

Feel free to skip this section for now, and return to it if
 you meet a term you don't know.

* HTML - hypertext (text with links) mark-up language, 
a way to explain to the browser how you want it to display 
the text on the page.
* HTTP - hypertext transfer protocol, a way for two 
computers (server and client) to send and receive HTML and 
other files.
* SSL - secure sockets layer, a way for the server and the 
client to exchange encrypted data in a way that should be
fairly safe from wiretapping.
* TLS - basically the same thing as SSL, but newer.
* SSL certificate - a digital document, usually issued by 
some sort of authority, to verify that the owner of an
encryption key is indeed who they say they are.
* HTTPS - Secure HTTP, as in HTTP inside of SSL or TLS.
* RSA, 3DES, ECDH - families of encryption algorithms.
* CSS - cascade stylesheets, a technology that allows the 
same HTML documents to look differently; to enable
"the separation of content and presentation". Examples of
CSS usage are: different fonts, colors and page layouts.
Extreme example: CSSZenGarden.com
* JavaScript (JS) - a programming language that can be
understood by many web browsers; it is used to convert 
a HTML page into an application that is run in a browser's
tab. If you have buttons or input fields on the page,
and they work without refreshing the page or redirecting
you to a different one, the site is using JavaScript.
Extreme examples: https://macos9.app/ or JSLinux.
* MHz, GHz - million of Hertz, billions of Hertz. A unit of
frequency. In computer science it is often used to describe 
the performance of a computer processor, as it is related 
to the number of operations this processor (CPU) can 
perform in a second.
* KB/kB, MB - kilo-bYte, mega-bYte. A unit of information.
For western script in most computers, one kilobyte equals
1024 plain-text characters. For other script systems and
computers, one kilobyte might fit as little as 512 or 256
characters. A megabyte is 1024 kilobytes.
* kb/kbit, mb/mbit - kilo-bIt, mega-bIt. A unit of 
information, in modern computers one bit equals 1/8th of a
byte. If it wasn't confusing enough, 1 kb = 1000 bits, and 
1 mb is 1000 kbit.  Hence, "one megabit per second" roughly
equals "122 KB per second". 


==            Reality check - Degrowth networks           ==

Main test device:
 * My laptop. I use it for everything, from drawing to games
 * Model of June 1998
 * It's Pentium II 266 MHz with 192 MB RAM
 * I have a stable Internet connection (GPRS)
 * For this test, I used Windows 98 SE with patches to
   add Windows 2000 and XP compatibility
 * Guesstimated number of devices with comparable 
   capabilities manufactured: over 500 million
 * People who still use similar devices: ~60 million

Browsers (the latest working or recommended version), and 
the codes used in the table below:	
 * IE: Internet Explorer 6 (with security patches)
 * D+: D+ (a variant of Dillo browser)
 * O1: Opera 10
 * KM: K-Meleon 1.6 (based on Mozilla engine)

Secondary test device:
 * A laptop I could borrow for a short time
 * The cheapest laptop on eBay
 * Lenovo Thinkpad X131e (2013)
 * Intel Celeron CPU, two cores at 1.5GHz
 * 4GB RAM
 * Locked ChromeOS; support stopped in 2018
 * CR: built-in Chrome browser
 * Guesstimated number of devices with similar capabilities:
   about 2 billion devices
 * People who still use this version of Chrome: ~45 million

Mobile test devices:
 * Windows Mobile 6 smartphone (2008)
   - CPU 500 MHz, 128Mb RAM
   - WM: Internet Explorer 7
 * Android 5.1 smartphone (2017)
   - Sold as a budget model in 2017
   - Popular second-hand model in Pakistan (~$30)
   - 4 CPU cores 1.1GHz, 1Gb RAM
   - AC: Chromium-based built-in Browser
   - About 1.5 billion Android 5-capable devices were
     manufactured
   - Android 5 is still used by 100 million people
 * KaiOS 2.5 "feature phone" (2019)
   - Based on "low-power hardware", as Wikipedia states
   - Very similar to cheap (~$30 for a new one) JioPhone
   - 2 CPU cores 1.1GHz, 512 Mb RAM
   - KO: Powered by Mozilla browser engine (ex-Firefox OS)
   - 170 million devices manufactured
   - 100 million people keep using them


Legend:
 * S - superb, works great
 * + - works with minor issues (i.e. slow but readable)
 * - - loads, but isn't readable or useable
 * x - does not load at all

                      IE   D+   O1   KM   CR   WM   AC   KO
Google.com            S    +    +    +    S    +    S    S
degrowth.org          x    +    -    -    S    +    S    + 
degrowth.info         x    +    -    +    +    +    S    -
degrowth.net          x    -    -    -    -    -    S    +
lists.degrowth.net    x    +    +    S    S    +    +    +
lists.riseup.net      x    x    +    S    S    +    +    +
lowtechmagazine.com   x    x    x    +    S    +    S    +

I also have checked a few international communities with a
reduced set of browsers.

                      D+   CR   WM   KO
decrescita.it         x    S    x    +
ipe.hr                +    S    x    +
descreimiento.org     x    S    x    +
iss.nl                x    x    x    +


As you can see, the test results are not great, but they
are better than I expected. Before you jump to the 
conclusion that I am here to unnecessary critique portals 
run by pure enthusiasm of their creators, first I want
to inform you that most websites are struggling with the
same issues, and second, I would like you to take a look
at the elephant in the room.


==    Key findings, or "Why Google works everywhere?"     ==

As you might have noticed, Google works on all and every 
platform I have tested. Ine fact, it works even with the 
oldest Netscape and Internet Explorer browsers, and in some
Mosaic versions, too. There are two reasons for that.

First, Google can afford this. They can and do test their
main site using many different devices, and go as far as
serve different version of the site depending on the device
you use.

Second, Google can afford this. Starting 2014, they demote
sites without HTTPS (encrypted HTTP) in the search results.
But the reason Google still works in Internet Explorer 6
or Netscape 3 is that they serve an "insecure" version of 
Google with HTTPS disabled to such devices. Who is going 
to punish Google for using such a trick? Google?

I have to note that the commonplace usage of SSL and HTTPS
is not a bad thing per se. On sites that handle any sort
of input from users (logins, passwords, comments), secure
connection prevents malicious third parties from snooping
and stealing private information. The sites serving any
sort of information that can be perceived as dangerous by
people in power (governments, service providers, and even
employers), the usage of HTTPS prevents the alteration of
the information by the third party while this information
is on the way to the end user. Finally, HTTPS prevents a 
practice of inserting unwanted advertisment right into the
website's content by your Internet provider.

But the practice of using SSL and HTTPS brings death to
the devices that still could have been useful today. There
are two major routes for that:

 * Dropping support for older encryption algorithms
   - For example, RSA-256 is considered insecure, as it 
     can be cracked in a few minutes using an 8 or 16
     core desktop CPU.
   - While updating the encryption algorithms of the 
     devices is possible in theory, in reality it does
     not happen after the device stops receiveing
     updates from the manufacturer.
   - Today (March 2023), all the devices running
     Android 4.3 and below, Chrome 30 and below,
     Firefox 26 and below, Internet Explorer of all
     versions except for IE11 on Windows 10, and
     Safari 8 and below (iPhone 4) do not support
     any algorithms that can be considered secure,
     according to SSLLabs. 
   - Newer algorithms require more CPU power.
     Software implementations of ECDH algorithms can
     require seconds to establish a connection when
     used on devices with CPUs running at dozens to 
     hundreds MHz. There are research papers suggesting
     that efficient implementations of secure encryption
     on devices with CPU power comparable to personal
     computers of the 80s is achievable, though.
 * Dropping support for root certificates
   - Asymmetric encryption used as a basis of SSL
     and HTTPS relies on the system of "root certificates"
     pre-installed on the devices by the manufacturer.
     The root certificates are used to confirm that the
     site you are visiting was not replaced by a hacker.
   - It is fairly normal for root certificates to expire
     eventually. If your root certificate was issued in 
     2003, chances are it was compromised by 2023.
   - A recent example of root certificate expiration is
     Windows 7 (released in 2009). One of its important
     root certificates has expired in September 2021.
   - It is usually possible to add new root certificates,
     or ignore the error message about the expired
     certificate. It is possible that the new root 
     certificates will be using an algorithm not supported
     by the manufacturer of the device, though.


~~ What can be done about it ~~
* If you hope that your website can be used from a device
older than a few years, try to find the balance between
security and compatibility. 
* Your web server can detect the SSL capabilities of the
user's browser. In many cases, it might be acceptable 
to serve a version of your site with weak encryption (3DES
for ~60 million people who still use Internet Explorer), 
or without any encryption at all.
* Please be mindful of privacy needs of the visitors of 
your site. If you offer a forum board or comments section,
it would be a very bad idea to give a false sense of
security, privacy or anonymity when your site uses weak
encryption or no encryption at all.
* A site called SSLLabs has information about algorithms 
supported by different browsers running on different 
operating systems, and can also show you what algorithms
are offered by your web server. It can help you to decide
what algorithms (and what SSL/TLS protocol versions) you 
want to offer to your site visitors.
* When it comes to checking whether the site is going to 
load, nothing beats trying out your site from a target 
device. Check your attic, find your previous laptop or 
phone, and try to use it. If this is too much of a hassle,
or you want to check multiple OS+browser combinations,
computer emulation can be handy. For a wow-effect (and a
ridiculous display of power), check out Fabrice Bellard's
JSLinux from a web browser of your computer or phone. It
can boot to Windows 2000 with Firefox, Internet Explorer
and D+ preinstalled.

But, most importantly:
* The right to repair must include the right to replace
the software shipped with the device. It is imperative for
manufacturers and operating system vendors to provide
a simple way of updating SSL libraries and root 
certificates on any device. Otherwise, billions of 
smarthpones and hundreds of millions of computers will
end up mostly useless.


==                      Pretty/Useless                    ==

Some feel-good browsers, including D+, Links and K-Meleon, 
can handle HTTPS and SSL business separately from the
operating system. But even when the browser can establish
a HTTPS connection and load the site's data, there are no
guarantees that the site will be useable. Even the support
of HTML, CSS and JavaScript standards cannot guarantee
that: there are sites that work in lightweight D+ (no 
JavaScript, limited CSS), but refuse to work in Acid3-
compliant K-Meleon (with HTML5, CSS3, JS and so on). What
is going on here?

If you have too much CSS and JavaScript on your site, it
can result in two seemingly contradictory symptoms: 
the site might not work without a certain level of CSS 
and JavaScript support, AND it might start working again 
when such support is missing completely.

Originally, all the web pages used only HTML, as a way to 
add links and images to the text. When WebKit (Safari) and
its "fork" (spin-off) Chrome became monopolists on the arena
of web browsers, it became commonplace to "enhance" sites
with lots of JavaScript and CSS. Some uses of these 
technologies:
 - changing the appearance of a site when mobile device
changes its orientation (i.e. landscape to portrait),
 - adding accessibility customisation options,
 - showing site search results without changing the page,
 - adding a comment or a post without changing the page,
 - loading new content without changing the page, also known
as "endless scroll" or "endless feed".

When a site is using CSS features not available in the
browser you are using, it is possible that some or all the
content of the site will be displayed incorrectly, covered 
by other site elements, or invisible altogether. Turning off
CSS will "reset" the appearance of the website to defaults
(usually black letters on white background, with blue
hyperlinks); the images resized by the means of CSS will
be displayed in their original resolution, even if it's
too small or too big for the screen. Complex navigation
menus hidden by CSS will be displayed as a list.

Examples:
 - K-Meleon misinterprets CSS features of degrowth.org,
showing only an empty white page, despite loading all the
text and images from the site.
 - D+ ignores most CSS features of degrowth.org, so the
site doesn't look the way it was intended, but all text and
images are perfectly readable.

When a site is using JavaScript features not available
in the browser, some menus and buttons might not work
correctly. If the site is using JavaScript to load
new content on the fly, and JavaScript isn't working
correctly, then parts of the site or the whole site will
not be available.

Examples:
 - JavaScript content on degrowth.org causes Opera 10 to
crash and close by itself in a second or two when a mouse 
cursor is hovering over a link.
 - D+ doesn't support JavaScript, which is used by 
degrowth.net for navigating the site and changing the 
content shown on the screen, so all the content is displayed
on the screen at the same time.

We might not be that surprised that browsers released
less than a decade ago cannot properly display sites, even
sites that aren't any different from the sites we've used 
ten and sometimes twenty years ago. But it is likely that 
browsers that were released only a few months ago aren't 
working correctly with some of the sites created today. 
Standards of CSS and JavaScript are ever-evolving, with 
new features added with every release of Chrome and Firefox,
every month or so.

New standards of CSS and JavaScript are regulated by a 
not-for-profit organisation "World Wide Web Consortium".
Many chairs and participants of the W3C standard working
groups are experts employed by Microsoft, Adobe, Baidu, 
Alibaba, Apple, Google, Intel, Samsung, Huawei and many
other companies. Independent participants, university 
researchers, representatives of socially important projects 
(Wikimedia foundation, for example) seem to be a minority
in the World Wide Web Consortium today.

I will not speculate that capitalist mega-corporations are
acting with malicious intent towards the Internet and
the grass-roots movements using it. After all, there is a
much simpler explanation: mega-corporations need these new
standards for the new features of the new versions of the 
solutions they produce. It would have been hard or even
impossible to release new versions of products many of us
use today.

You see: JavaScript paired with endless possibilities of 
CSS allows creating large applications that can be run 
inside of a browser, like Google Docs or Mozilla PDF viewer.
 
The temptation to use powers of JavaScript is so great
that many desktop and mobile programs today are written 
in JavaScript and shipped with its own version of a browser
(for example, Discord, Twitch, Visual Studio Code).
Web browsers of 2023 are de-facto operating systems, and
JavaScript and CSS are their core parts. Web browsers are 
even shipped as operating systems at least in three very 
popular product groups: Chromebook laptops, KaiOS phones 
and Fitbit OS watches.

While big tech has their reasons to push for newer versions
of JS and CSS, among groups of people who suffer from
overuse of JS and CSS disproportionately are not only 
people who cannot afford a new computer, but also people 
living in areas with expensive or unstable internet access
and people with disabilities.


~~ What can be done about it ~~
* Most sites, including degrowth networks, are not meant
to be run-in-browser applications. There is no pressing
need to use the latest browser features for them,
especially if you hope to make your site accessible to
people using "obsolete" computers (note that Chrome won't
be updating on Windows 7 and Windows 8 anymore).
* If you still believe your visitors absolutely must
have CSS and JS to see your site, consider this:
Google and Amazon are among the sites that will work
without either. If mega-corporations can make this work
for their money-making products, we can do this for 
our grass-roots web, too.
* Ready-to-use solutions for building websites can be 
tempting for their simplicity, but it's worth checking 
how they behave in browsers that aren't up to date.
* Using "obsolete" browsers can be dangerous, as they
are not protected from known security vulnerabilities,
and should not be encouraged. Unfortunately, most browsers
do not provide updates for "obsolete" computers and phones.
The browsers that support such devices and still provide
security patches and updates, on the other hand, often lack
not only "bleeding edge" features, but well-established
standards like CSS 2.1 (2011) or JavaScript ES5 (2009).
* Check out the essay "Command Line Programs for the Blind"
by Karl Dahkle, the developer of edbrowse, a text-only
browser focusing on accessibility. Strive to make your
online presence accessible for people with text-only
browsers, screen readers, adaptive controllers, color
blindness, and so on. Hint: if your site is readable without
CSS and JS, has alt text for images and correct markup
for menu and links, you are on the right track.


==                   A biased analogy                     ==

My overall impression of the situation? It reminds me of the
American car culture of the 1950s. "Americans were spending
more [and more] time in their automobiles and viewing them
as an extension of their identity", writes Wikipedia. When
new features of the new cars weren't impressive enough to
convince the customers to buy a new one, sellers were trying
to make cars a kind of fashion. But a car is still a car. 
If you replace an old car with a new one, sure, you might 
get new safety and entertainment features. It doesn't 
automatically mean you will be able to travel faster,
further, or cheaper. And the destination of the majority
of your trips, the closest shopping mall and your office, 
isn't going to magically change, either.

Many similar things can be said about computers and 
smartphones. They are undoubtedly extensions of our 
identities: "iPhone user", "Android owner", "PC gamer".
Maybe the hype around new iPhones isn't as common as it
used to be. Maybe mobile phones are not a fashion statement
anymore. But the changes they brought to our lives are
going to last long. To rephrase economist Richard Porter, 
"the smartphone made today's Web possible, and today's 
Web made the smartphone essential."

                                                           
==                        Conclusion                      ==

I hope this essay was as useful to you as it was insightful
to me. Despite writing so many words, I realised that I 
barely scratched the surface of the digital inequality
question. Topics that were left uncovered include, but
aren't limited to, accessibility, connectivity speed and
stability, censorship, state and corporate survelliance
and internationalisation. Well, perhaps, I will cover those
some other time.


==                Bonus level: Google Fonts               ==

One of the things that seem to break K-Meleon and Opera 10
are Google Fonts. This might not be a good enough reason to 
stop using them, though. Google Fonts are free and easy to
use, and they come as a default option in some popular web 
page "factories", including WordPress.

But Google Fonts come with a catch. If you use the default
way to add them to your website Google might receive some
interesting data about your site's visitor, including:
the site they are visiting (yours), their language, 
their IP address, their web browser version. 

Current Google Fonts terms of service insist that while the
Fonts might track user behavior, this data will be used only
in analytical purposes, and won't be sold to third parties
or used for advertisement.

Trick question: how often do you check whether Google has 
updated their Fonts API terms and conditions?

------------------------------------------------------------

Please send your comments and questions to:
* my email: usagi[at]sdf.org
* my Mastodon: https://mastodon.sdf.org/@usagi

Links to share this essay:

http://usagi.sdf.org/digital-inequality-and-degrowth-web.htm

gopher://sdf.org/1/users/usagi/diary/2023-03-09-DI-DW.txt
gemini://sdf.org/usagi/diary/2023-03-09-DI-DW.txt