198
Mastodon Now Sends Referer Headers! Hurrah!
(shkspr.mobi)
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
That doesn't sound good? They are privacy invasive.
FWIW they should be configurable in your browser, either directly or with a plug-in.
The post makes a pretty reasonable argument as to why it's a good idea.
Yeah, browser vendors think the same thing, since they are part of the commercial web. Anyway, at minimum, sending referer should be opt-in rather than opt-out.
According to ths post it will be opt-in, on the instance side.
So smaller instances where there-might be risks associated will be opted out by default, while large instances that might want the attention and where individual users stand out less can opt in.
It's the instance admins' decision whether they want it or not.
Talk to your admins or move to another instance if you disagree with them
I'm not personally affected since I don't use Mastodon. That doesn't make it a good idea.
I guess it depends on what you want. If you want to be totally anonymous on the internet, then it's a bad idea. If you want people to use Mastodon, then it's probably an OK one, since the way people use microblogging is to follow famous people, and famous people aren't using Mastodon unless there's evidence that there's an audience there for them to play to.
It's less a matter of anonymity as wanting to maintain some basic privacy. If you want to tell someone where you learned about something, that's great, go ahead and tell them. To have them extract the info from you without your knowledge is dystopian. Referers should have been banned as soon as the web became commercial.
Having info "65 people visit this site from Lemmy.world" doesn't seem to be that invasive tho.
I can see blogger and other creator utilize this to connect with community.
The referer header tells the site which specific users and which specific clicks came from lemmy world. That's flat-out invasive. Revealing the number of users (as Mozilla wants to do) is also invasive even if it doesn't single out the user (of course that's much less direct and people usually tolerate it until they become attuned to the issue).
The thing to ask yourself when site X wants information Y is "what does X want to do with the information?". If the answer can possibly be "something bad", then X should not get the information unless the user opts into sending it. That is even if it's statistical or aggregated information. Being included in the count is like casting a vote for X, which (as we see with Trump getting elected) can have significant effects even with no identification of the individual voters.
I see. At least making them optional is good, especially for political context.
For creator related stuff, I can see instance like Misskey.design community benefitting from this tracker.
Unfortunatly its a cost we must accept since the justification makes it worth it.
That's for the user to decide. The devs should not presume to make it on the users' behalf.
Is that not how this is already being implemented?
It's not entirely clear, but it appears to be up to the instance operator.
Users can disable referer headers in their browser settings which overrides anything the instance operators can do.
Only nerds do stuff like mess with their browser settings through about:config. The bulk of activity is from people who don't mess with those settings and don't stay aware of what's going on. Those are the ones who the info gatherers want to observe, so that's why the system should be opt-in in every case, and it's also why they want it to be the opposite.
If people dont care enough to mess with their browser settings thenselves, then they can either a. join a privacy-focused Mastodon instance whose admin will keep the "no referer" policy, or b. live with the fact that choices are being made for them. People need to take actions for themselves, we cant treat everyone like babies.
"Joining a privacy focused instance" is exactly an opt-out approach so the answer is exactly the same is before, opt-out is the wrong chocie.
It's not that choices are being made for them, it's that they are adversarial choices. There's a difference between "treating everyone like babies" and being on their side. Users who want sites run by predatory jerks already know where Elon's site is. The fediverse's main appeal afaict is that it's run by people who aren't like Musk and Spez. That is, its operators can be trusted more. They should be looking out for the user. They should make choices for the user that the user would want them to make. Otherwise there is no point to it.
This article looks good: https://www.wheresyoured.at/never-forgive-them/ :
I've only started reading it though. Anyway, if the fedivese has anything to offer, it's a respite from that. Stop trying to ruin it.
There's legitimate interest in knowing where people come from, though, and asking on your own page "how did you get here?" is hardly going to work. Personally I don't think it's much of an issue if some random commercial site sees that I got there via lemm.ee, it's not giving away much at all, not even whether I have an account here and certainly not as much as tracking cookies. OTOH I also think it could be done better, wich tech similar to Mozilla's aggregate (i.e. you're just a number in an anonymous mass) ad clickthrough thing. Sites would see "yep we got a number of visitors from lemm.ee, and that number from lemmy.world" but wouldn't know which of their site impressions corresponded to which origin.
I fundamentally disagree, if shops started scanning people's phones as they walked in to find where they had been last before they entered their shop people would be outraged, but somehow this has become accepted practice on the web.
You think malls don't have data on shopper movement? That a random kiosk owner can't distinguish people who come from high school from the after-church crowd from the office workers from the tinfoil-wearing nerd always coming at 2am so that they can minimise social interaction? That they will have coffee ready for the morning shift, and beer for the club crowd?
I know malls track peoples movements throught them and thats creepy as fuck too, though I dont think they tie IDs to individuals, just monitors where people move throughout them.
The rest of your post makes no sense, yes obviously peole can tell the diference between commuters wanting coffee and people on a night out getting drunk. But that is very different to having a label on everyone saying "came from my mistresses house" or "came from my weed dealer" on each person, which is more akin to the level of detail given by referal links.
"Knowing where people come from" does not imply ID'ing individual people, which is why I specifically mentioned that Mozilla technology. The legitimate interest is in aggregate data, and yes "lots of people come here from the brothel" is legitimate data. "This particular person did" is not: If you wear a suit and happen to come with the office crowd doesn't mean you're an office worker, you could be a travelling salesman.
This is not a democracy
Better ask whose benefit the system is being run for in that case. If I want a system run by Elon Musk then I already know where to find one.