• 0 Posts
  • 47 Comments
Joined 2 years ago
cake
Cake day: June 10th, 2023

help-circle
  • You should also add secretly whitelisted Facebook trackers in their adblocker, something they did a while back.

    • Shipped a TOR feature that leaked DNS

    Yikes I didn’t know they did that but I’m not surprised. There’s a reason the people behind Tor say it should only be used via the official Tor browser, because only the Tor browser can provide that level of protection against those kind s of leaks, as well as much better fingerprinting resistance than chromium-based brave is going to give you.


  • Don’t forget about the fact that a while back they secretly whitelisted Facebook trackers in their adblocker to “make pages run more smoothly” they got a lot of shit for it when people found out looking through the source code. When I heard that they did that it basically cemented in my mind that they were shady and untrustworthy, that’s in addition to the Crypto and rewards stuff.


  • See guys, I know people didn’t believe me when I said there are people who push for and encourage for projects to be corporatized instead of community run but here is one of them. These types of garbage arguments always bring up the idea of cybersecurity but always neglect to mention one of the biggest security and privacy threats to the corporate governed model, the corporation itself. Especially once enshittification really sets in.

    And before you vomit some horrible misrepresenting argument reminiscent of Dave Plumber’s speech against backdoors in Windows, you know damn well that when I say the company itself is a privacy and security threat to the project that I’m talking about deliberate attempts by the company to make money off the project through tracking, ads, crypto mining, and any other number of shady shit. You know, things that are officially sanctioned.



  • I think you’re misunderstanding just like the Mastodon users who think every tool should be opt-in. The consent piece IS moving to a closed system with whitelisted federation. If you’re giving data out publicly with no restrictions but trying to put stipulations on how it’s used, it’s the same as trying to enforce control through robots.txt, which is by the way a standard protocol.

    So if you’re going to whine about votes being shown, you should be using a whitelist to block those actors from seeing it, and should be using authorized fetch to limit access to those whitelisted instances specifically, otherwise this is every stupid argument about “why robots.txt should be respected”.









  • Except ActivityPub data is by in large already not private, it is handed out to any tom dick and harry who run a server and have subscribed to actors on this one, and most of the time, it doesn’t even really require extra authorization. That is fundamentally how ActivityPub and federation work, but you can’t have any expectation of privacy in this system when it comes to the content shared. Expecting it to be private because it’s labeled is as dumb as expecting your website not to get scraped because you said so in robots.txt.


  • It’s not good practice. Really one shouldn’t be assuming anything is private or some entitlement to privacy on a service where all content you post is made publicly available to any and all linked instances. They miss the point of a federated public forum. If one wants privacy, data must be kept locally only. That’s why Lemmy has local-only communities, the “private” community aspect that many people want just won’t be federated, because you can’t make something like this private otherwise.