That doesn’t sound good? They are privacy invasive.
FWIW they should be configurable in your browser, either directly or with a plug-in.
The post makes a pretty reasonable argument as to why it’s a good idea.
Yeah, browser vendors think the same thing, since they are part of the commercial web. Anyway, at minimum, sending referer should be opt-in rather than opt-out.
According to ths post it will be opt-in, on the instance side.
So smaller instances where there-might be risks associated will be opted out by default, while large instances that might want the attention and where individual users stand out less can opt in.
Unfortunatly its a cost we must accept since the justification makes it worth it.
Unfortunatly its a cost we must accept since the justification makes it worth it.
That’s for the user to decide. The devs should not presume to make it on the users’ behalf.
Is that not how this is already being implemented?
It’s not entirely clear, but it appears to be up to the instance operator.
Users can disable referer headers in their browser settings which overrides anything the instance operators can do.
Only nerds do stuff like mess with their browser settings through about:config. The bulk of activity is from people who don’t mess with those settings and don’t stay aware of what’s going on. Those are the ones who the info gatherers want to observe, so that’s why the system should be opt-in in every case, and it’s also why they want it to be the opposite.
If people dont care enough to mess with their browser settings thenselves, then they can either a. join a privacy-focused Mastodon instance whose admin will keep the “no referer” policy, or b. live with the fact that choices are being made for them. People need to take actions for themselves, we cant treat everyone like babies.
There’s legitimate interest in knowing where people come from, though, and asking on your own page “how did you get here?” is hardly going to work. Personally I don’t think it’s much of an issue if some random commercial site sees that I got there via lemm.ee, it’s not giving away much at all, not even whether I have an account here and certainly not as much as tracking cookies. OTOH I also think it could be done better, wich tech similar to Mozilla’s aggregate (i.e. you’re just a number in an anonymous mass) ad clickthrough thing. Sites would see “yep we got a number of visitors from lemm.ee, and that number from lemmy.world” but wouldn’t know which of their site impressions corresponded to which origin.
This is not a democracy
Better ask whose benefit the system is being run for in that case. If I want a system run by Elon Musk then I already know where to find one.
I thought the fediverse was a way to give back the power to the users. This doesn’t seem great. I don’t want mastodon to be famous because it’s useful to companies but because it’s useful to people.
I don’t know the details but hopefully they do something similar to firefox https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/
Read the article. It is a configurable thing and each mastodon server admin has to activate it in order to send a referer.
I read the article but I’m worried about the implementation which you won’t be able to choose and while you can change server realistically not many people will even know this happened.
I hope the focus is privacy and people and this change dowsn’t have people in mind.
Well, I don’t know how you could implement that from a website that would enable people to choose? Not sure that is technically possible.
And of course if you simply telll your browser not to send referer info in headers you won’t.
The fediverse is a place where websites automatically share content. What people do with that is wide open.
Great!
I want to see where visitors are coming from. I also like to see (and sometimes join in) with the conversations they’re having.
Imagine this guy contacting you about your bounce rate.
Oh neat! Is there any way to check if my instance has opted into this?
That PR is not even merged and deployed yet. When it gets released: simply ask your instance admin, I guess. (I think looking into the source code might also tell you but no idea where to search exactly)
Ah, gotcha. Thank you!
Probably I should go learn who my admin actually is 😅
Turning that on is probably a GDPR violation for those in Europe.
ETA: Don’t shoot the messenger. I won’t be suing.