They’re insufferable commies who keep attacking other parts of the Fediverse by… uh… commenting on posts and… ehm… responding aggressively to bigoted content. They’ve got all these sick ass stickers that we don’t and they keep flexing them in our replies which drives me crazy.

Their instance is an authoritarian distopia where queer people feel safe and they don’t waste time debating the same wrong liberal talking points every time. Also you can just call someone a dumbass if you disagree with them: a totalitarian nightmare.

Worst of all they go around straight up bullying other Fediverse users: right now I’m locked in a bathroom stall that a Hexbear user shoved me into. I’ve been here for an hour missing my maths class, and I’ve had to drink the toilet water. My tummy is starting to hurt. Stay away from Hexbear users…

This is such an amazing article, The Verge’s staff is still capable of some excellent journalism.

Other people in that thread have pointed out that it isn’t showing posts being delivered to Threads despite the block. That should be testable with other instances, but not Threads since it’s not receiving any content from Mastodon at the moment. The concerning thing there is the user still being able to view content from people they’ve blocked, but that seems to be a bug if it’s reproducible.

In the EU companies can’t scrape personally identifiable information without consent, even if it’s already publicly available. IANAL, and there’s probably ways they can sneak around the GDPR, but at least it’s not a free for all. It’s unclear though how it works for federation. It’s definitely not the same legally though.

The reason for not directly federating content to Threads isn’t so nobody there can ever see my amazing posts, it’s so Meta can’t easily profile me. Scraping public posts on a different platform would probably be illegal, at least in the EU, and reposts don’t give them a lot of data about me. Federating content, however, would give them most of the same data that Mastodon has on me without even having to ask.

This post from Eugen Rochko mentions that blocking Threads at the user level “stops your posts from being delivered to or fetched by Threads”. Basically, the user-level instance block is bidirectional.

Limited federation mode is a different feature, at the admin level. It doesn’t really affect the delivery of posts in either direction, it just hides the blocked instance’s content from the global feed. Defederation on the other hand is indeed bidirectional, but again it’s on the admin level rather than users’.

Mastodon instance blocks are already bidirectional AFAIK: if you block an instance your content does not get federated with them. I was actually surprised that this does not seem to be the case for Lemmy. I don’t think this break any core abstraction of AP…

Are these from a video game or Terry Pratchett’s Night Watch books?

Me when I start seeing sickoposting in my default Lemmy comms

Interesting demo! Does this use the user agent string for identifying clients?

Oh I mean, sure, but I don’t think IP logging is the main privacy concern with spy pixels.

I’m assuming this trick uses the user agent string and other request metadata to identify clients. Even if it didn’t recognize Jerboa as a client, it did guess that I was on mobile. That’s not possible just by tracking IPs, unless they’re cross-referencing it with other datasets. Also, I was on VPN anyway, so the IP would have been useless.

It should be possible for clients to obfuscate/fake the metadata of image requests to make tracking with spy pixels less effective.

Can countermeasures be implemented in the clients to mitigate privacy risks, while not having to proxy images?

Or just https://pluralistic.net/2023/07/24/rent-to-pwn/

He has a mirror of his blog on his own website without paywall. Not sure why he still publishes on Medium too, visibility I guess…

Awesome work folks, thanks!

Eh, it’s a bit naive IMO. It’s nice to focus on your small, close-knit community, but it does not live in a vacuum. At some point the world (read: capital) will come knocking at it’s door, and if you’ve been sticking your head in the sand until now you will not be prepared for what happens.

Also, what if I don’t want my community to be small and close-knit? Lemmy is way more interesting now that it was a month ago, after growing by an order of magnitude. Ask anyone who’s grown up in a rural town and they’ll confirm this: tiny communities are fucking boring.

What you’re trying to do is often called “domain delegation” or “well-known delegation”. Here’s an example of the documentation for the same thing in matrix-synapse. I don’t know if the Lemmy server supports this yet, my suggestion would be to join the matrix chat for the development and ask there. You should find a link to the chat room on the github page. If it does support it then most likely the process is the same as the one I linked for matrix.

Sure, but now this system has a dependency on the “centralized” lemmyverse.net service. And also your instance now has to receive and store a copy of almost the entire network’s content. Lots of instances are already struggling to sustain the load, this would make the problem even worse.

If a single instance decides that it can sustain the increased load and doesn’t mind depending on lemmyverse.net sure, nothing’s stopping them. But it shouldn’t be the default behavior for all instances.

In order to avoid this restriction you would need a global instance discovery mechanism, which is extremely hard to implement without a central server that keeps a list of all instances in the network. And if you do implement instance discovery through a central server you really are losing the whole point of decentralization.

Additionally, it’s good that each instance does not federate with everyone else by default. If it did, it would have to process all activity and keep a local copy of all the content in the entire network. This would be insanely inefficient, and make it prohibitively expensive to run even a tiny instance with 1 user and no communities.

Decentralization isn’t useless if you can’t immediately see everything in the network, come on… We’re just spoiled by centralized services.