Recent searches
Search options
@neil @Edent Fuck no. I'm really not affected anyway since I nuke them at the U-A layer, but I hope instances that respect their users won't turn this on. Cc @hachyderm.
@dalias @neil
There are currently over 11,000 accounts on @hachyderm
If they did start providing referer information, what privacy do you think you would lose?
@Edent @neil @hachyderm As I said, I block referer at user agent layer, so none for me. But it's bad policy for the public & web at large, doing something that violates user privacy for the sake of giving publishers what they want, and doing that for the sake of "growth" (promoting Mastodon to them).
@Edent @neil @hachyderm Publishers have no entitlement or legitimate expectation to know where visitors came from. Facilitating this kind of market research on the user is not something that software whose obligations are to the user, not to 3p publishers, should ever be doing.
@dalias OK. But what *specifically* do you think people on a very large server will lose in respect to their privacy?
@Edent Privacy is not an individual matter. It's an aggregate one.
Individually, what is exposed without their consent is that they found the link on Mastodon (and what instance they use). This could allow the site to use their identity on the site to try to link them back to an account by the same name, etc.
Collectively, what we lose is the outcome of whatever market knowledge the publisher gains by analyzing user behavior.
@dalias I concur that, for a small server, it is a risk.
But for a sufficiently large server, knowing that a user followed a link from one site to another doesn't seem to me like a viable route to a privacy violation.
I am also unsure that this is a zero-sum game. Just because I gain something, doesn't mean you lose something. We are both (I hope) enjoying this conversation. I have not lost anything if you are enjoying it more than me.
@Edent The size of the server is mostly irrelevant. I don't understand why you've fixated on that as the issue.
@Edent Capitalism is a negative sum game. When someone with a commercial interest has gained valuable research, the public's loss is greater than their valuation of that research.
@dalias to briefly answer your points.
If a user is on a single user instance, the referer header will *uniquely* identify their account there.
If a user is on a very large server, knowing the origin of the visit doesn't identify an individual.
(If it is a "themed" instance, e.g. one for Deaf people, it might show an identifying characteristic.)
As for the -ve sum. I think I disagree.
Anyway, I'm off to drink wine and eat cheese now. Have a lovely weekend 
(D.Burch) 
@dalias There is nuance here though? _some_ (obviously not you I suppose?) fedi users would like there to be better integrations with publishers (for example, I would prefer that the BBC have their own bots rather than RSS re-publishers), but ️
️we live in a society where you do need to justify doing work, stats help that, and I don't really see a issue if I click a link on mastodon dot social, the BBC knowing that I came from anywhere on mastodon dot social, as @Edent said, there are nuances where you would not want something like that, but generic servers I don't really see the harm, and it does good for a ecosystem (aka, people typically like nice things, this is one of the ways you get nice things)
I just dont understand the threat model of letting the BBC know I came via mastodon.social
@dalias I feel that a bit of a stretch / bad faith reading of things. Web 'refer' headers have existed for a long time and while they have been curbed in scope (some contexts don't send it at all, some don't send the URL path), it feels a bit extreme to compare this to experimentation on human subjects when if anything the current default was out of the norm
@benjojo It's only the norm because early web architects didn't think about privacy ethics. Erasing the norm of getting referers is one of the great promises of Mastodon.