Mastodon Now Sends Referer Headers! Hurrah!
https://piefed.social/post/372970
=> More informations about this toot | More toots from rimu@piefed.social
Great!
=> More informations about this toot | More toots from Blaze@feddit.org
That doesn’t sound good? They are privacy invasive.
=> More informations about this toot | More toots from solrize@lemmy.world
It’s the instance admins’ decision whether they want it or not.
Talk to your admins or move to another instance if you disagree with them
=> More informations about this toot | More toots from mitram2@lemmy.pt
I’m not personally affected since I don’t use Mastodon. That doesn’t make it a good idea.
=> More informations about this toot | More toots from solrize@lemmy.world
I guess it depends on what you want. If you want to be totally anonymous on the internet, then it’s a bad idea. If you want people to use Mastodon, then it’s probably an OK one, since the way people use microblogging is to follow famous people, and famous people aren’t using Mastodon unless there’s evidence that there’s an audience there for them to play to.
=> More informations about this toot | More toots from Kichae@lemmy.ca
It’s less a matter of anonymity as wanting to maintain some basic privacy. If you want to tell someone where you learned about something, that’s great, go ahead and tell them. To have them extract the info from you without your knowledge is dystopian. Referers should have been banned as soon as the web became commercial.
=> More informations about this toot | More toots from solrize@lemmy.world
Having info “65 people visit this site from Lemmy.world” doesn’t seem to be that invasive tho.
I can see blogger and other creator utilize this to connect with community.
=> More informations about this toot | More toots from nasi_goreng@lemmy.zip
The referer header tells the site which specific users and which specific clicks came from lemmy world. Revealing the number of users (as Mozilla wants to do) is also invasive even if it doesn’t single out the user. The thing to ask yourself is “site X wants information Y. What does X want to do with the information?”. If the answer can possibly be “something bad”, then should not get the information unless the user opts into sending it.
=> More informations about this toot | More toots from solrize@lemmy.world
I see.
At least making them optional is good, especially for political context.
For creator related stuff, I can see instance like Misskey.design community benefitting from this tracker.
=> More informations about this toot | More toots from nasi_goreng@lemmy.zip
FWIW they should be configurable in your browser, either directly or with a plug-in.
The post makes a pretty reasonable argument as to why it’s a good idea.
=> More informations about this toot | More toots from sbv@sh.itjust.works
Yeah, browser vendors think the same thing, since they are part of the commercial web. Anyway, at minimum, sending referer should be opt-in rather than opt-out.
=> More informations about this toot | More toots from solrize@lemmy.world
According to ths post it will be opt-in, on the instance side.
So smaller instances where there-might be risks associated will be opted out by default, while large instances that might want the attention and where individual users stand out less can opt in.
=> More informations about this toot | More toots from cabbage@piefed.social
Unfortunatly its a cost we must accept since the justification makes it worth it.
=> More informations about this toot | More toots from muntedcrocodile@lemm.ee
Unfortunatly its a cost we must accept since the justification makes it worth it.
That’s for the user to decide. The devs should not presume to make it on the users’ behalf.
=> More informations about this toot | More toots from solrize@lemmy.world
This is not a democracy
=> More informations about this toot | More toots from muntedcrocodile@lemm.ee
Better ask whose benefit the system is being run for in that case. If I want a system run by Elon Musk then I already know where to find one.
=> More informations about this toot | More toots from solrize@lemmy.world
Is that not how this is already being implemented?
=> More informations about this toot | More toots from Chozo@fedia.io
It’s not entirely clear, but it appears to be up to the instance operator.
=> More informations about this toot | More toots from solrize@lemmy.world
Users can disable referers in their browser settings which overrides anything the instance operators can do.
=> More informations about this toot | More toots from barsoap@lemm.ee
Only nerds do stuff like mess with their browser settings through about:config. The bulk of activity is from people who don’t mess with those settings and don’t stay aware of what’s going on. Those are the ones who the info gatherers want to observe, so that’s why the system should be opt-out in every case.
=> More informations about this toot | More toots from solrize@lemmy.world
There’s legitimate interest in knowing where people come from, though, and asking on your own page “how did you get here?” is hardly going to work. Personally I don’t think it’s much of an issue if some random commercial site sees that I got there via lemm.ee, it’s not giving away much at all, not even whether I have an account here and certainly not as much as tracking cookies. OTOH I also think it could be done better, wich tech similar to Mozilla’s aggregate (i.e. you’re just a number in an anonymous mass) ad clickthrough thing. Sites would see “yep we got a number of visitors from lemm.ee, and that number from lemmy.world” but wouldn’t know which of their site impressions corresponded to which origin.
=> More informations about this toot | More toots from barsoap@lemm.ee
There’s legitimate interest in knowing where people come from, though, and asking on your own page “how did you get here?”
I fundamentally disagree, if shops started scanning people’s phones as they walked in to find where they had been last before they entered their shop people would be outraged, but somehow this has become accepted practice on the web.
=> More informations about this toot | More toots from Womble@lemmy.world
You think malls don’t have data on shopper movement? That a random kiosk owner can’t distinguish people who come from high school from the after-church crowd from the office workers from the tinfoil-wearing nerd always coming at 2am so that they can minimise social interaction?
=> More informations about this toot | More toots from barsoap@lemm.ee
I know malls track peoples movements throught them and thats creepy as fuck too, though I dont think they tie IDs to individuals, just monitors where people move throughout them.
The rest of your post makes no sense, yes obviously peole can tell the diference between commuters wanting coffee and people on a night out getting drunk. But that is very different to having a label on everyone saying “came from my mistresses house” or “came from my week dealer” on each person, which is more akin to the level of detail given by referal links.
=> More informations about this toot | More toots from Womble@lemmy.world
“Knowing where people come from” does not imply ID’ing individual people, which is why I specifically mentioned that Mozilla technology. The legitimate interest is in aggregate data, and yes “lots of people come here from the brothel” is legitimate data. “This particular person did” is not.
=> More informations about this toot | More toots from barsoap@lemm.ee
If people dont care enough to mess with their browser settings thenselves, then they can either a. join a privacy-focused Mastodon instance whose admin will keep the “no referer” policy, or b. live with the fact that choices are being made for them. People need to take actions for themselves, we cant treat everyone like babies.
=> More informations about this toot | More toots from Microw@lemm.ee
If people dont care enough to mess with their browser settings thenselves, then they can either a. join a privacy-focused Mastodon instance
“Joining a privacy focused instance” is exactly an opt-out approach so the answer is exactly the same is before, opt-out is the wrong chocie.
live with the fact that choices are being made for them. People need to take actions for themselves, we cant treat everyone like babies.
It’s not that choices are being made for them, it’s that they are adversarial choices. There’s a difference between “treating everyone like babies” and being on their side. Users who want sites run by predatory jerks already know where Elon’s site is. The fediverse’s main apppeal afaict is that it’s run by people who aren’t predatory jerks like Spez and Elon. That is, its operators can be trusted more. They should be looking out for the user. Otherwise there is no point to it.
This article looks good: www.wheresyoured.at/never-forgive-them/ :
The people running the majority of internet services have used a combination of monopolies and a cartel-like commitment to growth-at-all-costs thinking to make war with the user, turning the customer into something between a lab rat and an unpaid intern, with the goal to juice as much value from the interaction as possible.
I’ve only started reading it though. Anyway, if the fedivese has anything to offer, it’s a respite from that. Stop trying to ruin it.
=> More informations about this toot | More toots from solrize@lemmy.world
Oh neat! Is there any way to check if my instance has opted into this?
=> More informations about this toot | More toots from Cris_Color@lemmy.world
That PR is not even merged and deployed yet. When it gets released: simply ask your instance admin, I guess. (I think looking into the source code might also tell you but no idea where to search exactly)
=> More informations about this toot | More toots from Microw@lemm.ee
Ah, gotcha. Thank you!
Probably I should go learn who my admin actually is 😅
=> More informations about this toot | More toots from Cris_Color@lemmy.world
I thought the fediverse was a way to give back the power to the users. This doesn’t seem great. I don’t want mastodon to be famous because it’s useful to companies but because it’s useful to people.
I don’t know the details but hopefully they do something similar to firefox blog.mozilla.org/…/firefox-87-trims-http-referrer…
=> More informations about this toot | More toots from 4Robato@lemmy.world
Read the article. It is a configurable thing and each mastodon server admin has to activate it in order to send a referer.
=> More informations about this toot | More toots from Microw@lemm.ee
I read the article but I’m worried about the implementation which you won’t be able to choose and while you can change server realistically not many people will even know this happened.
I hope the focus is privacy and people and this change dowsn’t have people in mind.
=> More informations about this toot | More toots from 4Robato@lemmy.world
Well, I don’t know how you could implement that from a website that would enable people to choose? Not sure that is technically possible.
And of course if you simply telll your browser not to send referer info in headers you won’t.
=> More informations about this toot | More toots from Microw@lemm.ee
The fediverse is a place where websites automatically share content. What people do with that is wide open.
=> More informations about this toot | More toots from Kichae@lemmy.ca
Mastodon is federated and there are thousands of sites. Even if they all opted-in, their statistics will be fragmented.
Surely this alone defeats the benefits for bloggers and other content hosters.
Good for mastodon admins that want the feature to be enabled, I guess, but I don’t see why anyone would do that.
=> More informations about this toot | More toots from skullgiver@popplesburger.hilciferous.nl
I want to see where visitors are coming from. I also like to see (and sometimes join in) with the conversations they’re having.
Imagine this guy contacting you about your bounce rate.
=> More informations about this toot | More toots from x00z@lemmy.world
Turning that on is probably a GDPR violation for those in Europe.
=> More informations about this toot | More toots from General_Effort@lemmy.world This content has been proxied by September (ba2dc).Proxy Information
text/gemini