Private by Default

by Ben Ubois

I want Feedbin to be the opposite of Big Social. I think people should have the right not to be tracked on the Internet and Feedbin can help facilitate that.

Since Feedbin is 100% funded by paying customers, I can focus solely on making the best product possible without compromises. Therefore, Feedbin can be private by default.

To me this means eliminating all potential points of leaking user data while using Feedbin.

Since Feedbin displays web content, this isn’t the easiest thing to do. Here are the leaks I’ve identified and eliminated.

iFrames

The biggest visual and functional change is how iFrames work.

Feedbin previously whitelisted a number of iFrame sources like YouTube and Vimeo so you could see embedded content. iFrames embed full web-pages from a 3rd-party source. They’re usually resource intensive to load and they enable cross-site tracking.

Feedbin now replaces all iFrames with a custom new module. The new module still includes the poster frame from videos (where available) and will fetch the title and other metadata.

Clicking on the module will swap in the original iFrame. For YouTube and Vimeo, clicking will also start playing the video.

I prefer the look of this module to the original iFrame. It loads faster, has a clearer, consistent look with richer meta-data, and uses fewer resources doing it.

Third-party JavaScript

Google Analytics is probably the number-one tracker. It’s ubiquitous on the web. For a long time it was a no-brainer to install on any website because you get a lot of functionality for free.

Feedbin used Google Analytics up until April, 2018. It was useful to see some of the stats it provided. The browser stats were good to get a sense of when it would be appropriate to drop support for older browsers. It was also useful to see referrer information to see where customers were coming from.

There are good private alternatives to Google Analytics out there. Matomo is one that I came across. They have a great privacy policy for their hosted product and you can choose to run it yourself for even more control.

I thought about replacing Google Analytics with Matomo, but I came to the same conclusion that it didn’t provide anything I need in order to run Feedbin. Better to not collect that data at all.

Twitter & Instagram embeds were another source of third-party JavaScript I identified. I would bet that the second largest contributor to tracking you across the web, comes from sites that embed social widgets. Feedbin previously used the Twitter and Instagram widgets to render embedded tweets and images that appeared in blog posts. This provided a richer experience by showing the full embed as intended by the author.

However there is an alternative. Both Twitter and Instagram offer public oEmbed endpoints. oEmbed can give you much of the data needed to properly render this content. Feedbin takes this a step further by making the oEmbed requests from the server. If your browser made the requests client-side, this would give the publishers the opportunity to read and set tracking cookies. The end result is that you see pretty much the same content as you did before.

JavaScript in blog posts is worth mentioning. RSS uses HTML for rendering content. All HTML is allowed including <script> tags. Feedbin has always used an HTML sanitizer to strip dangerous content out of posts, including scripts, since that would be the definition of an XSS vulnerability.

Images

Images are another potential source of leaking data. Feedbin has used an image proxy since launch to prevent mixed content warnings. A side benefit of the image proxy, is that your browser only makes requests to the proxy and the proxy gets the image data, preventing your request from reaching the origin.

Fonts

Feedbin has the option to use fonts from Hoefler & Co.. This requires a single request to their service, which means that they have the opportunity to track you if they wish. To eliminate this source, the default article font is now a system font. Custom fonts will only be loaded if they’re chosen.

Exceptions

Stripe is the only third-party exception I can think of. Stripe provides the invaluable functionality of billing and subscriptions. Using Stripe means Feedbin does not have to collect, store or ever see any sensitive payment data. However, since Stripe makes their money from paying customers, I think they are incentivized to be careful with this data. Their privacy policy has more details on how they store and use data.

I think with these changes in place, the only external requests that should ever be made by your browser, with the exception of Stripe, are ones initiated by you.

Favicon Fun

by Ben Ubois

Favicons are an important and often over-looked part of publishing a website. Favicons help to distinguish open tabs in web browsers and make the source of an article instantly recognizable in Feedbin.

Unfortunately, not every website publisher takes the time to create a favicon for their site. In this case, Feedbin uses a generic icon as a placeholder. The problem with this approach is that I feel it de-emphasizes feeds that do not have a custom favicon and provides no way of distinguishing the source.

To improve this situation, Feedbin now generates a unique icon color for every site that uses the default favicon. This gives equal emphasis to all sites, whether they have a favicon or not.

Colors are generated using Color Hash, with the hostname as the seed. This way the color will always be the same for the same domain.

For example:

var colorHash = new ColorHash();
colorHash.hex("feedbin.com");

Produces the color #538EAC:

If you have a website, I’d recommend adding a favicon. They’re easy to implement. Even if you already have one, it’s possible it could be improved. With the advent of retina screens, it’s important to double the size to 32×32 pixels so it does not look blurry.

Subscribe to Your Micro.blog Timeline

by Ben Ubois

Micro.blog offers open RSS/JSON feeds for all the content published on it.

The timeline feed is an aggregation of all posts from just the accounts you follow.

Feedbin now takes advantage of the extra metadata available in the timeline feed to optimize the display of Micro.blog posts.

You can follow anybody’s timeline using the timeline URL:

https://micro.blog/feeds/USERNAME.json

Currently, this is limited to just the timeline JSON feed, but I’m hoping all the other feeds will eventually get the extra metadata.

Hardware Upgrades

by Ben Ubois

I recently spent some time upgrading Feedbin’s hardware, and wanted to share the results.

Feedbin is a Ruby on Rails app, and for the most part Rails is constrained by the single-threaded performance of a CPU. So for the application servers that means favoring higher-clocked CPUs at the expense of number of cores.

The application servers use Intel Xeon E3-1270V6 CPUs. This is a four-core 3.8Ghz CPU. Each application server is configured with 16GB of DDR4 RAM. The application servers primarily run Unicorn and Sidekiq. This amount of RAM gives the processes plenty of room to spread out.

One measurement that is CPU constrained is view generation.

This chart shows the 95th percentile performance of all views generated by Feedbin. 95th percentile means that 95% of all views were generated in less time than the line in the chart. Michael Kopp wrote a good overview of how average performance can be misleading and the benefits of measuring in percentiles instead.

Looks like the new hardware gives us a nice 20%+ boost in performance.

The database servers were also upgraded. These servers are configured with dual Intel Xeon Gold 5120 CPUs. Each CPU has 14 2.2Ghz cores. With hyperthreading, that gives them an embarrassing 56 usable threads. They also have 64GB of DDR4 RAM and use Intel S3710 Series SSDs for primary storage. They each have secondary SSDs used for PostgreSQL’s write-ahead logging, so more disk I/O is available for queries.

This upgrade gives us another nice boost. If you look at the graph, you’ll notice a daily spike. These are the times when the database server is running vacuumdb. This is an important maintenance process that is used to reclaim space and optimize query planning.

Before the upgrade, vacuum caused a significant delay. After the upgrade, the performance at its worst is the same or better than pre-upgrade performance at its best.

Overall I’m happy with the upgrades. The hardware is more expensive now, but it’s important to me that Feedbin always performs well. If I can achieve that by just spending a little more money, then it makes that decision easy.

Share to Micro.blog

by Ben Ubois

Feedbin supports posting to Micro.blog directly.

If you’re not familiar with Micro.blog, here’s how its creator, Manton Reece, describes it:

A network of independent microblogs. Short posts like tweets but on your own web site that you control.

Micro.blog is a safe community for microblogs. A timeline to follow friends and discover new posts. Hosting built on open standards.

The experience of using Micro.blog is like the early days of Twitter, in all the best ways.

Micro.blog is good for blogging, because it acts as sort of gateway-drug into that habit. Say you start off just using it for Twitter-like microposts, but then you realize you have more you want to say. Micro.blog detects the length of your post and prompts you to add a title, turning that post into a full-fledged blog post.

The closest service that I can think of is App.net. However, Micro.blog is different in important ways.

  • Manton has a unique perspective and vision.
  • It is not VC backed, so there’s no pressure to maximize returns. Instead, it can focus on being the best possible product.
  • It has fewer employees. In order for Micro.blog to succeed it doesn’t need to support a whole company, it just needs to support Manton.

You can activate it on Feedbin’s Share & Save settings page. You’ll need an app token from your Micro.blog account page.

Feedbin is the Best Way to Read Twitter

by Ben Ubois

You can now subscribe to Twitter content in Feedbin.

Tweets have become media rich, with support for multiple photos, videos and links. However, traditional Twitter clients are limited to showing tiny thumbnails and plain links. They make it too easy to mindlessly scroll through endless inane thoughts.

Feedbin treats tweets differently. The idea of the feature is to fully unpack the tweet. If a tweet links to an article, Feedbin will attempt to load the full article and display it alongside the tweet. Feedbin will also include full-size images, videos and gifs with native YouTube, Vimeo and Instagram embeds.

You can start adding Twitter content to Feedbin the same way you would subscribe to a feed. Feedbin will recognize any Twitter URL that contains tweets. It also supports shortcuts for subscribing directly to twitter @usernames as well as #hashtags. For example:

To achieve the best possible experience, I have a few recommendations:

  1. The best stuff on Twitter exists in the form of media attached to tweets like links and images. Feedbin includes a built-in filter that will only show you these tweets. The filter is on by default, but when you subscribe you’ll be able to choose to see all tweets instead.

  2. Follow fewer accounts in Feedbin. Rather than following your entire home timeline, try creating a Twitter list that only includes a few of your favorite accounts.

Twitter is deeply integrated with Feedbin and tweets include a number of new searchable fields. Using these fields you can easily find and filter tweets:

  • twitter_screen_name:"@feedbin"
  • twitter_name:"Feedbin"
  • twitter_retweet:true|false
  • twitter_media:true|false (link or image)
  • twitter_image:true|false
  • twitter_link:true|false

I’d be interested to hear your feedback on this feature. Get in touch!

Feedbin Notifier 1.1

by Ben Ubois

There’s a big update to Feedbin Notifier for iOS and Apple Watch available now.

Both the iOS app and the watch app now feature images in the notifications. This leverages the images found by Feedbin’s image finder so you’ll see the best image for a post when available.

The Apple Watch app has been re-written to make it work without your iPhone present. It will work over LTE or WiFi.

Full release notes:

iPhone & iPad

  • NEW: App Icon
  • NEW: Notifications now include images (when available)
  • NEW: Password AutoFill
  • IMPROVED: Better performance loading articles
  • FIXED: Various iOS 11 compatibility issues

Apple Watch

  • NEW: App Icon
  • NEW: Notifications now include images (when available)
  • NEW: Works over WiFi and LTE, no phone required
  • NEW: Syncs in the background so your content is always up-to-date
  • IMPROVED: Much better performance loading articles from notifications
  • FIXED: Haptic feedback once-again plays when notifications are received
  • FIXED: Marking as read from a notification

Add to Home Screen Fixed and Improved

by Ben Ubois

Feedbin once-again supports the Add to Home Screen option on iOS.

The experience of using Feedbin in Mobile Safari has been improved too. You can now swipe horizontally to navigate between the panels.

Feedbin used to support Add to Home Screen, but an update was made to home screen web apps that prevented you from navigating between pages. This meant the feature really only worked for single-page sites, because any attempt to login would kick you out to Safari.

This all changed when I came across a simple work-around. If you hijack a link click with JavaScript and then use window.location to direct the the page to the original location then you don’t get kicked to Safari. For example:

<a href="/login" onclick="window.location=this.href; return false;">Login</a>

Podcast Playback Improvements

by Ben Ubois

There’s a few great improvements for playing and managing podcasts in Feedbin.

  1. An all new player. The player has both a mini-view and expanded-view, which features the podcasts’ artwork. You can click on the player to toggle between the views.
  2. The player is persistent. You can continue to use Feedbin while the podcast is playing.
  3. Feedbin remembers your progress for all podcasts so you can resume where you left off.
  4. A new Recently Played section so you can quickly find anything you were in the middle of listening to.

View Links in Feedbin

by Ben Ubois

Articles often link to other websites and blogs. I’ll usually open these links in a new tab as I go, to read what the links contain. However, I like to do all my reading in Feedbin because it’s a pleasant and consistent reading environment.

This feature adds the ability to view the contents of a link, all without leaving Feedbin. Only the article contents are displayed, so anything loaded this way is optimized for reading.