Firefox loves me…
There are still lots of tracking parameters it doesn’t remove. It does not bypass redirects like
doubleclick.net/redirect?url=...
, either.I’d prefer if it worked with personal and community managed filters, like every good adblocker does now.
It’ll warn you before you go to shit tracking redirectors though.
The point is to bypass them, so it won’t go to
https://click-tracker.com/redirect?url=https%3A%2F%2Fexample.com%2Findex.php%23content%3Fpage%3Dwelcome%26say%3Dhello&clickID=a68bd9003
buthttps://example.com/index.php#content?page=welcome&say=hello
already.
Common Firefox W
there’s even an extension to do that automatically, clearurls if i recall correctly
I didn’t know about that! I always use Ctrl+C of course. I’ll look out for this next time
I guess I really love everyone because I’ve just always done that
Me too, but just to screw over Amazon’s social graph making.
Sometimes I throw garbage in there just got fun ☺️
It’s less love and more spite.
Same
Screenshotting a post from another fediverse app seems a bit crazy. As an alternative, this post is available natively in lemmy, as text and from the original author (so you can reply to him if you’d like).
I can’t give a universal link to a post obviously, but if you’re on lemmy.world, it’s here: https://lemmy.world/post/11631169, and if you’re not, it’s available on the !tails@lemmon.website community.
even on the federated web, you can’t escape the screenshots
Let’s just be thankful they actually took a screenshot and didn’t take a picture of the screen with their phone.
It’s a step up as long as it stays that way and reposters know they can save the screenshot instead of screenshotting the screenshot.
The referent of a link can be changed or deleted. A screenshot cannot.
…seems a bit crazy. …
I can’t give a universal link to a post obviously …
Tee-hee :) Point taken though!
No way to cross post is there?
Also would be neat to have a blended account feature -
infosec.exchange
is defederated fromsh.itjust.works
even though we’re OK I swear. Might be time to raise that discussion again.Anyway only seeing this because of the repost. And for the visually paired (easy of seeing?) (not blind?), screenshots of text can sometimes have a je ne sais quoi. A bit of text fitting just so in the right font, maybe a light background breaking the monotony of one’s dark mode…
Screenshots, surprisingly resilient in $current_year. One day Lemmy could autotranscribe screenshots and include original post date, platform, author… maybe how deep fried it was too.
Honestly I feel like a screenshot of a toot is better than just seeing a Lemmy-formated toot.
Maybe a cross-post feature which generates what the screenshot effectively shows but formatted in html to match mastodon formatting with functioning links that’s hosted on the instance the Lemmy community is in to avoid federation issues?
Edit to add: on the other hand I regularly forward the screenshots to friends on other platforms, so I’d either screenshot the thing created to stop screenshots or need a share/download button to create a image because I know my friends ain’t interested in clicking a wierd fediverse link to view a 2 sentence joke they may or may not find funny
We’re stuck with the HTML formatting that lemmy provides us, unfortunately. It’s not just about an image vs. text though - it’s also about being from the original author. OP for this post is getting plenty of replies, but I’ve no idea if it’s an issue they care about, or just something they saw and found passingly amusing.
As for sending on, a screenshot to friends on non-ActivityPub platforms is more reasonable (although being text means you could just copy/paste it, and then include any friends with vision impairments too).
But yeah, there’s lots of pro’s to a screenshot that I don’t have an argument against (I posted in this thread, but it’s not like I’m going to show up everytime someone yoinks something from Mastodon)
Oh yeah I was just imagining out loud what a better way of handling cross-posted content across federated platforms could look like
Yeah, cross-posts would be a new post from me, rather than the original from e.g. George Takei, which isn’t ideal.
I hadn’t really thought about defederation between servers running both Mastodon and Lemmy. I guess that post wouldn’t show up on sh.itjust.works (I’ll have a look if anyone subscribes from there)
Here’s the most recent post I (on justworks) see:
Defederation can hurt
Hmmm, that’s not defederation though. The community’s outbox has the 20 most recent posts in, and that cat gif is currently at number 20. The only way those earlier posts can be there are if someone brought though the community a day or so ago and then didn’t subscribe. If anyone ever does subscribe, I can manually send the rest (and can see if the infosec one fails)
Hmm, I don’t understand.
Lemmy World & Midwest Social show the community and the latest post. JustWorks doesn’t show the latest post. Infosec doesn’t show the community. Lemmon doesn’t seem to have an actual homepage, but looks a bit like an RSS feed; the Tails community there 403s.
Defed Investigator can’t find Lemmon but reports on some communities which are federated with it. Infosec is reportedly federated but doesn’t show the community.
1.) what’s an outbox (on Lemmy)?
2.) “if someone brought though the community a day or so ago and then didn’t subscribe.”?
3.) “manually send the rest”? Also you’re the Lemmon admin?lemmy.world has the community, and is keeping up to date with it, because someone (me, actually) brought it through and subscribed.
midwest.social has the community, but won’t get further updates because no-one subscribed (so technically I don’t have the inbox address for it - it’ll be the same format as everyone else of course, but it would reject updates with the ‘community has no subscribers’ error if I sent stuff to it anyway).
justworks was in the same situation as midwest.social, but it has a subscriber now, so now it has everything and will keep up to date. I didn’t have to do anything - the new subscriber’s action re-fetched the outbox (discussed below) and luckily that contained everything that was missing. The post from infosec.exchange is there too, so that wasn’t affected by federation blocks.
lemmon.website isn’t running lemmy - the tails community is ‘virtual’ in that it’s just a bunch of static files pretending to be a real community. The main address 403s 'cos thats just a folder.
infosec.pub doesn’t have the community most likely because no-one who is logged in there has searched for it (instances won’t search outside their own database if the query isn’t from a logged-in user). lemmon.website is in their /instances list though, so there’s no blocking.
-
An outbox on lemmy contains the last 20 or so original Announces that the main community uses to tell the communities on other instances about a new post. To illustrate:
curl --header 'accept: application/json' https://lemmy.world/c/microblogmemes/outbox | jq .orderedItems[0]
would be for the most recent post on microblogmemes. (Op’s post is at orderedItems[6]).
Fetching this allows a new instance to re-create recent posts, as if it had received them at the time. -
Someone clicked !tails@lemmon.website, but didn’t go further (they probably got lemmy’s misleading error screen and gave up). As with midwest.social - no subscribers = no more updates.
-
Yeah, lemmon.website is mine. Not running lemmy means I fudge things a bit (including having posts from Mastodon users, of course)
Finally got around to reading this, awesome explanation! Keep up the good work!
I might be that subscriber from justworks BTW 😎
Hi there! Looks like you linked to a Lemmy community using a URL instead of its name, which doesn’t work well for people on different instances. Try fixing it like this: !microblogmemes@lemmy.world
Oh did tails go down two weeks ago?
-
deleted by creator
Neither of those links load in Voyager, so I think a screenshot is great.
What’s happened for you there isn’t a problem for screenshots to really fix - it’s whatever frontend you’re using not giving lemmy’s backend enough time to fetch a remote community. This happens loads - I even made a little video about it the other day: https://lemmy.dbzer0.com/post/13703060
When you clicked on !tails@lemmon.website, it did actually go through to dbzer0, and Voyager has no trouble with the community once it’s though. A little ironically perhaps, but here’s a hastily combined screenshot showing it at dbzer0 and on Voyager:
edit: and the link to the post of course: https://lemmy.dbzer0.com/post/13850191
deleted by creator
Sorry, maybe I’m being a bit dense, but I don’t really understand what you mean. ‘This post’ as in the post on microblogmemes?
deleted by creator
?utm_source=my-crush
and checks it still works
I actually remove stuff like the “feature=sharing” nonsense from the end of youtube memes I share pretty regularly
And send bank account and phone numbers in a separate message for easy copying
Full format addresses so they automatically turn into links
No: 123 Main St Yes: 123 Main St, Burgerville, TN 70302
Some messengers like Telegram allow you to copy preformatted blocks in one click, so you can just write “here’s the number
number
” and it will still be easy to copyWhy would you even be sending them together?
Me and the homies compare paystubs and direct deposits to make sure we aren’t victims of wage theft 💪
I assumed it was something like here’s *'s number: 1245689 in one message making it hard just to copy the phone number on some mobile messengers.
Yeah that’s exactly what I was meaning
Oh yeah that makes more sense xD I was wondering for wait to long why someone would send their phone number and bank account in the same message
Firefox: Rt-click - “Copy without Site Tracking”
Firefox best browser
Oh no I think I’m sending some people the wrong kind of message… I didn’t mean to…
it’s ok. i figured we could never be more than friends
I change it by adding profanities
Will the links still work? This gives me ideas
They’re just for marketing stats, to track where people are visiting from. I’ve had to add them in the past (for work) to differentiate marketing campaigns, links in emails vs SMS, etc
Look up “UTM parameters” for a full breakdown of how these are used.
Yep, they’ll work.
I guess I love more people than I care to acknowledge
jeff, you are mixing love with OCD… again
While fdroid is great for discovery or if you’re running without Play Services, I’m using the Play Store anyway so I’ll use that if they’re on there or if not then Obtanium to get them from the source repo.
Isn’t there some weirdness with signing apps on fdroid? A bit beyond my security knowledge when I last saw it discussed.
F-Droid compiles apps from source by itself, without blindly trusting that the APK provided by the developer actually came from the source code. After independent compilation, one of two things happen:
If the app uses reproducible builds, then F-Droid verifies that its own compiled APK matches byte-for-byte with the APK provided by the developer. If they match, F-Droid distributes the APK signed with the developer’s signing key, same as Play Store does (except Play Store doesn’t verify anything).
Otherwise, F-Droid distributes its own compiled APK signed with F-Droid’s signing key.
In either case, F-Droid guarantees that you get an app that matches the source code exactly.
None of this process should matter to you as a user, and it’s all fairly transparent from a user’s perspective. F-Droid gives you certain guarantees and internally enforces these guarantees, while Play Store does not.
Plus, if the app supports reproducible build, fdorid will just delivers the app to you via the developer’s signature. So it is just a additional verification without adding any trusted party. App signing section https://f-droid.org/docs/Security_Model/
fdroid also manually inspect the source to make sure nothing funky is going on. But of course that cannot be absolutely through, because the time and workforce constraint.
Finally, fdroid has updated to index v2 which improves the security of index v1, specifically:
- As of index-v2, files from the repo are verified based on SHA-256, including icons, screenshots, etc.
- index-v2 uses any algorithm supported by apksigner and android-23 and newer, and relies on OpenJDK’s and Google’s maintenance of the currently valid signing algorithms. When index-v2 was launched, the signature algorithm in use was SHA256withRSA and the digest algorithm was SHA-256. index-v1 is signed by SHA1withRSA. As of this writing, SHA1 are still considered strong against second pre-image attacks, which is what is relevant for index JARs.
Yeah. Basically it builds and then sign the app with their own keys, not the developer’s. The problem people has with this approach is that if F-Droid suffers an hacking attempt, the attackers could mess with the apps.
The team behind F-Droid is already trying to fix that with reproducible builds. It means that an APK downloaded through F-Droid could be compared to a GitHub release, for example, and they would have the same key.
On iOS, I use the Clean URLs iOS shortcut to cleanup links & remove tracking parameters.
Credit: mastodon.social/@DavidBlue
I want to create a version that adds a check for a YouTube link and creates a Piped.video link too - save me a few seconds each time.
Nice to see an app for it.
Android 13 and above comes with a clipboard editor which is super handy. I just edit all my links in that.
Oh nice, I had no idea that’s what that did, cheers!
I feel so seen ❤️
Unless of course you want them to look at something specific that the query string automatically selects for them. It’d be pretty confusing in that case if you removed the query string and they’re just looking at thousands of entries in a table or something.