• ChaoticNeutralCzech@feddit.de
      link
      fedilink
      English
      arrow-up
      28
      ·
      edit-2
      11 months ago

      There are still lots of tracking parameters it doesn’t remove. It does not bypass redirects like doubleclick.net/redirect?url=..., either.

      I’d prefer if it worked with personal and community managed filters, like every good adblocker does now.

        • ChaoticNeutralCzech@feddit.de
          link
          fedilink
          English
          arrow-up
          3
          ·
          11 months ago

          The point is to bypass them, so it won’t go to https://click-tracker.com/redirect?url=https%3A%2F%2Fexample.com%2Findex.php%23content%3Fpage%3Dwelcome%26say%3Dhello&clickID=a68bd9003 but https://example.com/index.php#content?page=welcome&say=hello already.

  • freamon@lemmy.world
    link
    fedilink
    English
    arrow-up
    44
    ·
    11 months ago

    Screenshotting a post from another fediverse app seems a bit crazy. As an alternative, this post is available natively in lemmy, as text and from the original author (so you can reply to him if you’d like).

    I can’t give a universal link to a post obviously, but if you’re on lemmy.world, it’s here: https://lemmy.world/post/11631169, and if you’re not, it’s available on the [email protected] community.

    • brbposting@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      13
      ·
      11 months ago

      …seems a bit crazy. …

      I can’t give a universal link to a post obviously …

      Tee-hee :) Point taken though!

      No way to cross post is there?

      Also would be neat to have a blended account feature - infosec.exchange is defederated from sh.itjust.works even though we’re OK I swear. Might be time to raise that discussion again.

      Anyway only seeing this because of the repost. And for the visually paired (easy of seeing?) (not blind?), screenshots of text can sometimes have a je ne sais quoi. A bit of text fitting just so in the right font, maybe a light background breaking the monotony of one’s dark mode…

      Screenshots, surprisingly resilient in $current_year. One day Lemmy could autotranscribe screenshots and include original post date, platform, author… maybe how deep fried it was too.

      • Trainguyrom@reddthat.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        11 months ago

        Honestly I feel like a screenshot of a toot is better than just seeing a Lemmy-formated toot.

        Maybe a cross-post feature which generates what the screenshot effectively shows but formatted in html to match mastodon formatting with functioning links that’s hosted on the instance the Lemmy community is in to avoid federation issues?

        Edit to add: on the other hand I regularly forward the screenshots to friends on other platforms, so I’d either screenshot the thing created to stop screenshots or need a share/download button to create a image because I know my friends ain’t interested in clicking a wierd fediverse link to view a 2 sentence joke they may or may not find funny

        • freamon@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          We’re stuck with the HTML formatting that lemmy provides us, unfortunately. It’s not just about an image vs. text though - it’s also about being from the original author. OP for this post is getting plenty of replies, but I’ve no idea if it’s an issue they care about, or just something they saw and found passingly amusing.

          As for sending on, a screenshot to friends on non-ActivityPub platforms is more reasonable (although being text means you could just copy/paste it, and then include any friends with vision impairments too).

          But yeah, there’s lots of pro’s to a screenshot that I don’t have an argument against (I posted in this thread, but it’s not like I’m going to show up everytime someone yoinks something from Mastodon)

          • Trainguyrom@reddthat.com
            link
            fedilink
            English
            arrow-up
            3
            ·
            edit-2
            11 months ago

            Oh yeah I was just imagining out loud what a better way of handling cross-posted content across federated platforms could look like

      • freamon@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        Yeah, cross-posts would be a new post from me, rather than the original from e.g. George Takei, which isn’t ideal.

        I hadn’t really thought about defederation between servers running both Mastodon and Lemmy. I guess that post wouldn’t show up on sh.itjust.works (I’ll have a look if anyone subscribes from there)

          • freamon@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            11 months ago

            Hmmm, that’s not defederation though. The community’s outbox has the 20 most recent posts in, and that cat gif is currently at number 20. The only way those earlier posts can be there are if someone brought though the community a day or so ago and then didn’t subscribe. If anyone ever does subscribe, I can manually send the rest (and can see if the infosec one fails)

            • brbposting@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              2
              ·
              11 months ago

              Hmm, I don’t understand.

              Lemmy World & Midwest Social show the community and the latest post. JustWorks doesn’t show the latest post. Infosec doesn’t show the community. Lemmon doesn’t seem to have an actual homepage, but looks a bit like an RSS feed; the Tails community there 403s.

              Defed Investigator can’t find Lemmon but reports on some communities which are federated with it. Infosec is reportedly federated but doesn’t show the community.

              1.) what’s an outbox (on Lemmy)?
              2.) “if someone brought though the community a day or so ago and then didn’t subscribe.”?
              3.) “manually send the rest”? Also you’re the Lemmon admin?

              • freamon@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                11 months ago

                lemmy.world has the community, and is keeping up to date with it, because someone (me, actually) brought it through and subscribed.

                midwest.social has the community, but won’t get further updates because no-one subscribed (so technically I don’t have the inbox address for it - it’ll be the same format as everyone else of course, but it would reject updates with the ‘community has no subscribers’ error if I sent stuff to it anyway).

                justworks was in the same situation as midwest.social, but it has a subscriber now, so now it has everything and will keep up to date. I didn’t have to do anything - the new subscriber’s action re-fetched the outbox (discussed below) and luckily that contained everything that was missing. The post from infosec.exchange is there too, so that wasn’t affected by federation blocks.

                lemmon.website isn’t running lemmy - the tails community is ‘virtual’ in that it’s just a bunch of static files pretending to be a real community. The main address 403s 'cos thats just a folder.

                infosec.pub doesn’t have the community most likely because no-one who is logged in there has searched for it (instances won’t search outside their own database if the query isn’t from a logged-in user). lemmon.website is in their /instances list though, so there’s no blocking.

                1. An outbox on lemmy contains the last 20 or so original Announces that the main community uses to tell the communities on other instances about a new post. To illustrate:
                  curl --header 'accept: application/json' https://lemmy.world/c/microblogmemes/outbox | jq .orderedItems[0] would be for the most recent post on microblogmemes. (Op’s post is at orderedItems[6]).
                  Fetching this allows a new instance to re-create recent posts, as if it had received them at the time.

                2. Someone clicked [email protected], but didn’t go further (they probably got lemmy’s misleading error screen and gave up). As with midwest.social - no subscribers = no more updates.

                3. Yeah, lemmon.website is mine. Not running lemmy means I fudge things a bit (including having posts from Mastodon users, of course)

      • freamon@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        11 months ago

        What’s happened for you there isn’t a problem for screenshots to really fix - it’s whatever frontend you’re using not giving lemmy’s backend enough time to fetch a remote community. This happens loads - I even made a little video about it the other day: https://lemmy.dbzer0.com/post/13703060

        When you clicked on [email protected], it did actually go through to dbzer0, and Voyager has no trouble with the community once it’s though. A little ironically perhaps, but here’s a hastily combined screenshot showing it at dbzer0 and on Voyager:

        edit: and the link to the post of course: https://lemmy.dbzer0.com/post/13850191

  • doctorcrimson@lemmy.today
    link
    fedilink
    English
    arrow-up
    17
    ·
    edit-2
    11 months ago

    I actually remove stuff like the “feature=sharing” nonsense from the end of youtube memes I share pretty regularly

    • intensely_human@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      11 months ago

      Full format addresses so they automatically turn into links

      No: 123 Main St Yes: 123 Main St, Burgerville, TN 70302

    • lad@programming.dev
      link
      fedilink
      English
      arrow-up
      2
      ·
      11 months ago

      Some messengers like Telegram allow you to copy preformatted blocks in one click, so you can just write “here’s the number number” and it will still be easy to copy

      • abbotsbury@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        11 months ago

        Me and the homies compare paystubs and direct deposits to make sure we aren’t victims of wage theft 💪

      • Ziglin@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        I assumed it was something like here’s *'s number: 1245689 in one message making it hard just to copy the phone number on some mobile messengers.

        • Baizey@feddit.dk
          link
          fedilink
          English
          arrow-up
          1
          ·
          11 months ago

          Oh yeah that makes more sense xD I was wondering for wait to long why someone would send their phone number and bank account in the same message

  • Ziglin@lemmy.world
    link
    fedilink
    English
    arrow-up
    15
    ·
    11 months ago

    Oh no I think I’m sending some people the wrong kind of message… I didn’t mean to…

    • EndHD@lemm.ee
      link
      fedilink
      English
      arrow-up
      8
      ·
      11 months ago

      it’s ok. i figured we could never be more than friends

  • smeg@feddit.uk
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    11 months ago

    If you set URLCheck as a default browser and you can automate the process of making people think you love them

      • smeg@feddit.uk
        link
        fedilink
        English
        arrow-up
        3
        ·
        11 months ago

        While fdroid is great for discovery or if you’re running without Play Services, I’m using the Play Store anyway so I’ll use that if they’re on there or if not then Obtanium to get them from the source repo.

        Isn’t there some weirdness with signing apps on fdroid? A bit beyond my security knowledge when I last saw it discussed.

        • NeatNit@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          11 months ago

          F-Droid compiles apps from source by itself, without blindly trusting that the APK provided by the developer actually came from the source code. After independent compilation, one of two things happen:

          If the app uses reproducible builds, then F-Droid verifies that its own compiled APK matches byte-for-byte with the APK provided by the developer. If they match, F-Droid distributes the APK signed with the developer’s signing key, same as Play Store does (except Play Store doesn’t verify anything).

          Otherwise, F-Droid distributes its own compiled APK signed with F-Droid’s signing key.

          In either case, F-Droid guarantees that you get an app that matches the source code exactly.

          None of this process should matter to you as a user, and it’s all fairly transparent from a user’s perspective. F-Droid gives you certain guarantees and internally enforces these guarantees, while Play Store does not.

          • baseless_discourse@mander.xyz
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            11 months ago

            Plus, if the app supports reproducible build, fdorid will just delivers the app to you via the developer’s signature. So it is just a additional verification without adding any trusted party. App signing section https://f-droid.org/docs/Security_Model/

            fdroid also manually inspect the source to make sure nothing funky is going on. But of course that cannot be absolutely through, because the time and workforce constraint.

            Finally, fdroid has updated to index v2 which improves the security of index v1, specifically:

            • As of index-v2, files from the repo are verified based on SHA-256, including icons, screenshots, etc.
            • index-v2 uses any algorithm supported by apksigner and android-23 and newer, and relies on OpenJDK’s and Google’s maintenance of the currently valid signing algorithms. When index-v2 was launched, the signature algorithm in use was SHA256withRSA and the digest algorithm was SHA-256. index-v1 is signed by SHA1withRSA. As of this writing, SHA1 are still considered strong against second pre-image attacks, which is what is relevant for index JARs.

            https://f-droid.org/docs/Security_Model/

        • step6672@lemm.ee
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          Yeah. Basically it builds and then sign the app with their own keys, not the developer’s. The problem people has with this approach is that if F-Droid suffers an hacking attempt, the attackers could mess with the apps.

          The team behind F-Droid is already trying to fix that with reproducible builds. It means that an APK downloaded through F-Droid could be compared to a GitHub release, for example, and they would have the same key.