Conversation

Notices

1. Embed this notice
   The Fedilore Otter 🦦 (fedilore@mastodon.social)'s status on Saturday, 19-Jul-2025 06:05:24 JST The Fedilore Otter 🦦

   This is interesting.

   I agree that this is something that most large, corporate, or professional instances should consider doing. If it is actually privacy preserving.

   I also think that this is mostly a bad thing to turn on for most small instances.

   https://mastodon.social/@Edent/114819318744425589

   • Embed this notice
     :blobcathug: (jain@blob.cat)'s status on Saturday, 19-Jul-2025 06:05:23 JST :blobcathug:

     in reply to
     @fedilore :blobcatgoogly: shouldnt it be up to the user itself if one want to turn on a privacy leaking feature? btw, referer cant be set to random domains
   • Embed this notice
     The Fedilore Otter 🦦 (fedilore@mastodon.social)'s status on Saturday, 19-Jul-2025 06:05:24 JST The Fedilore Otter 🦦

     in reply to

     Is there any technical reason that these are instance-specific referral headers?

     I feel like a referral that described the software or protocol being used would make more sense for Fedi.

     Have it say "Mastodon" or "ActivityPub" and then there are no privacy concerns and it's more useful data.

   • Embed this notice
     The Fedilore Otter 🦦 (fedilore@mastodon.social)'s status on Saturday, 19-Jul-2025 06:05:24 JST The Fedilore Otter 🦦

     in reply to

     Have three options.

     - You can set your referral to your instance URL,

     - You can set your referral to JoinMastodon.org, or

     - You can set your referral to be blank.

   • Embed this notice
     :blobcathug: (jain@blob.cat)'s status on Saturday, 19-Jul-2025 06:28:15 JST :blobcathug:

     in reply to
     @fedilore :blobcatgoogly: Why should make the user volume a difference? If you think about that a server's admin (like a blog or so) can potentially find your own user account based on the referer, thats something which probably wont happen because it would be way too much work to do that for every visitor.
     
     Nah, im worried more about the obvious, creating visiting profiles based on a IP Address through larger networks
   • Embed this notice
     The Fedilore Otter 🦦 (fedilore@mastodon.social)'s status on Saturday, 19-Jul-2025 06:28:16 JST The Fedilore Otter 🦦

     in reply to

     • :blobcathug:

     @Jain I think that if you're on a small enough instance where this is a meaningful privacy risk and you don't trust your admin, you have bigger privacy concerns.

   • Embed this notice
     The Fedilore Otter 🦦 (fedilore@mastodon.social)'s status on Saturday, 19-Jul-2025 07:16:53 JST The Fedilore Otter 🦦

     in reply to

     • :blobcathug:

     @Jain In terms of size:

     "One of these 10,000 users clicked a link for 50% off adult diapers" is very different from "one of these 25 users clicked a link for 50% off adult diapers".

     The census hides data on a lot of small communities, because their small size makes it possible to de-anonymize from population-level totals.

   • Embed this notice
     :blobcathug: (jain@blob.cat)'s status on Saturday, 19-Jul-2025 07:16:53 JST :blobcathug:

     in reply to
     @fedilore i get that, but thats too much work for a single website to try to track their visitors down, more likely stuff like this happens:
     
     these 10,000 IP visits certain 10 website regularly through our network
     vs
     these 10,000 IP visits certain 10 website regularly through our network and come from those other 5 websites outside our network
     
     what is more likely happening?
     - single websites trying to figure out who a very specific visitor of them might be
     - whole networks trying tracking and building user profiles based on hard facts like time, ip, referer, user-agent or even browser fingerprinting