@neil @Edent Fuck no. I'm really not affected anyway since I nuke them at the U-A layer, but I hope instances that respect their users won't turn this on. Cc @hachyderm.
Conversation
Notices
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 15-Dec-2024 20:28:20 JST 
Rich Felker
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 15-Dec-2024 20:37:46 JST
Rich Felker
@Edent @neil @hachyderm As I said, I block referer at user agent layer, so none for me. But it's bad policy for the public & web at large, doing something that violates user privacy for the sake of giving publishers what they want, and doing that for the sake of "growth" (promoting Mastodon to them).
-
Embed this notice
Terence Eden (edent@mastodon.social)'s status on Sunday, 15-Dec-2024 20:37:47 JST 
Terence Eden
@dalias @neil
There are currently over 11,000 accounts on @hachydermIf they did start providing referer information, what privacy do you think you would lose?
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 15-Dec-2024 20:41:57 JST
Rich Felker
@Edent @neil @hachyderm Publishers have no entitlement or legitimate expectation to know where visitors came from. Facilitating this kind of market research on the user is not something that software whose obligations are to the user, not to 3p publishers, should ever be doing.
-
Embed this notice
Terence Eden (edent@mastodon.social)'s status on Sunday, 15-Dec-2024 20:49:48 JST
Terence Eden
@dalias OK. But what *specifically* do you think people on a very large server will lose in respect to their privacy?
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 15-Dec-2024 20:49:48 JST
Rich Felker
@Edent Privacy is not an individual matter. It's an aggregate one.
Individually, what is exposed without their consent is that they found the link on Mastodon (and what instance they use). This could allow the site to use their identity on the site to try to link them back to an account by the same name, etc.
Collectively, what we lose is the outcome of whatever market knowledge the publisher gains by analyzing user behavior.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 15-Dec-2024 20:51:56 JST
Rich Felker
@benjojo @Edent "I don't understand why someone wouldn't be okay with having their privacy violated this way" does not make it okay. Research on human subjects requires consent. This includes any kind of market research.
-
Embed this notice
benjojo (benjojo@benjojo.co.uk)'s status on Sunday, 15-Dec-2024 20:51:57 JST 
benjojo
@dalias There is nuance here though? _some_ (obviously not you I suppose?) fedi users would like there to be better integrations with publishers (for example, I would prefer that the BBC have their own bots rather than RSS re-publishers), but ️🌈️we live in a society🌈 where you do need to justify doing work, stats help that, and I don't really see a issue if I click a link on mastodon dot social, the BBC knowing that I came from anywhere on mastodon dot social, as @Edent said, there are nuances where you would not want something like that, but generic servers I don't really see the harm, and it does good for a ecosystem (aka, people typically like nice things, this is one of the ways you get nice things)
I just dont understand the threat model of letting the BBC know I came via mastodon.social
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 15-Dec-2024 20:58:07 JST
Rich Felker
@Edent The size of the server is mostly irrelevant. I don't understand why you've fixated on that as the issue.
-
Embed this notice
Terence Eden (edent@mastodon.social)'s status on Sunday, 15-Dec-2024 20:58:08 JST
Terence Eden
@dalias I concur that, for a small server, it is a risk.
But for a sufficiently large server, knowing that a user followed a link from one site to another doesn't seem to me like a viable route to a privacy violation.
I am also unsure that this is a zero-sum game. Just because I gain something, doesn't mean you lose something. We are both (I hope) enjoying this conversation. I have not lost anything if you are enjoying it more than me.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 15-Dec-2024 20:59:16 JST
Rich Felker
@Edent Capitalism is a negative sum game. When someone with a commercial interest has gained valuable research, the public's loss is greater than their valuation of that research.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 15-Dec-2024 21:00:27 JST
Rich Felker
@benjojo It's only the norm because early web architects didn't think about privacy ethics. Erasing the norm of getting referers is one of the great promises of Mastodon.
-
Embed this notice
benjojo (benjojo@benjojo.co.uk)'s status on Sunday, 15-Dec-2024 21:00:28 JST
benjojo
@dalias I feel that a bit of a stretch / bad faith reading of things. Web 'refer' headers have existed for a long time and while they have been curbed in scope (some contexts don't send it at all, some don't send the URL path), it feels a bit extreme to compare this to experimentation on human subjects when if anything the current default was out of the norm
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Sunday, 15-Dec-2024 21:03:19 JST
Rich Felker
-
Embed this notice
CatSalad🐈🥗 (D.Burch) :blobcatrainbow: (catsalad@infosec.exchange)'s status on Sunday, 15-Dec-2024 21:03:20 JST 
CatSalad🐈🥗 (D.Burch) :blobcatrainbow:
@dalias @Edent It's not the size of the server, but how you use it...
(I'll see myself out) >_>
-
Embed this notice
Hachyderm (hachyderm@hachyderm.io)'s status on Monday, 16-Dec-2024 04:23:08 JST 
Hachyderm
Hey, thanks for tagging us. For anyone passing by, the question is (likely) "will Hachyderm enable Referer Headers".
We reviewed the feature and as currently designed determined that this is something that users would need to be able to opt in and out of. Right now the feature, while it starts meeting some needs, is too broad.
1/2
CC
-
Embed this notice
All GNU social JP content and data are available under the