Thank you for the links, I had found a few of these but some are new. The basic idea is there, I’ll see if any of these can work for us. I’m growing more convinced though that hosting a whole app for this super simple use case might not be worth it, I think we might pivot to just hosting a really basic static page for it.

This is way too overkill for what we need. I’m sorry, I’ve been intentionally vague about the context for this but I guess it’s too unclear. We’re an activist group planning a protest. We might have to get this set up literally tomorrow and every penny comes out of (mostly my) pocket. We’re also all paranoid about opsec and anonymity, which is why the requirement about avoiding corporate services is there. Perhaps I should have posted this in a privacy focused comm instead, I apologize.

It’s pretty overkill for what we need, and it would still fall under “corporate” for us. At that point I could just go for the static Notion page which I can get live in 5m for free.

We can set up all of those but again, that’s kinda expensive for us rn. What’s the benefit of using a CMS like Joomla versus wishthis, or even a basic Caddy/Nginx webserver with a static page?

I believe you need root to access those, plus a file manager that supports it (I use Mixplorer which does). Otherwise, as someone else suggested, you can access them from a computer over ADB or MTP.

I had high hopes when I tried it out but frankly it’s been almost unusable for me. Terrible performance, laggy UI, plenty of bugs, long loading times for songs…

I don’t know if something in my mobile environment was messing with it but I use quite a few indie FOSS apps still in beta and none of them worked as badly as Spotube did. I’d love to go back to it if it improves, but for now it’s just not worth the UX pain.

Edit: forgot to mention. The idea of sourcing tracks from YouTube is cool but causes loads od trouble in practice. I’ve found remixed versions streamed as the original, tracks with the intro from the music video, tracks with sound effects from the music video, and tracks that just cannot be streamed cause they aren’t on YouTube. I know there’s a feature to pick which version to stream, but it’s quite a bit of UX friction and it didn’t work often enough to be a showstopper.

Even if its configured correctly to totally obfuscate the data and the final endpoint of the traffic it’s still blatantly obvious that a VPN is in use.

Which is why Chinese users don’t use standard VPNs, they use obfuscated proxies with protocols like Shadowsocks and V2Ray, which mask the tunneled traffic as innocuous HTTPS traffic.

Support for this in core Lemmy has been discussed many times. There’s an open issue for it that’s been gathering dust for a while. Some apps already implement this on the client side I think, not jerboa though.

In the EU companies can’t scrape personally identifiable information without consent, even if it’s already publicly available. IANAL, and there’s probably ways they can sneak around the GDPR, but at least it’s not a free for all. It’s unclear though how it works for federation. It’s definitely not the same legally though.

The reason for not directly federating content to Threads isn’t so nobody there can ever see my amazing posts, it’s so Meta can’t easily profile me. Scraping public posts on a different platform would probably be illegal, at least in the EU, and reposts don’t give them a lot of data about me. Federating content, however, would give them most of the same data that Mastodon has on me without even having to ask.

Ah ok this I’m not sure about. I mean, Lemmy added instance blocks as well in the latest release (0.19), but it seems that, unlike Mastodon, this only hides the content from you and doesn’t prevent your content from being sent to that instance. It does seem like a pretty big oversight, but I haven’t found a discussion about this. There might be good reasons why it’s this way.

I don’t think Lemmy does either…? It pushes updates to subs that at least someone on the receiving instance subscribes to (at least that’s how it worked last time I checked). That’s why there are scripts going around for new instances to automatically follow a bunch of popular subs to populate the All feed.

I think Mastodon works in the same way with users, where it sends updates for accounts that someone on the receiving end follows. So if nobody follows you from Threads it wouldn’t send any of your posts there.

a long form nuanced take

interesting, however have you considered pee pee poo poo

Truly a worthy contribution to the discourse, thank you…

ActivityPub doesn’t just push everything on a server to every federated instance like a fire hose. In the first place, as [email protected] said, it only feeds your content to an instance if somebody on that instance follows you, which you can set to require your manual approval. Your posts could also get pushed if somebody else boosts your post and they have followers on the other instance.

However, if you set an instance block, none of your posts get sent to the instance, period. They would have to resort to scraping. In other words, if you don’t want to give meta your data, just set an instance/domain block.

I’m aware they’re not using a generic model, but that’s not much better. Current custom-made models still fuck up significantly more than humans, and in less predictable ways.

Even if their custom model is slightly incorrect 1% of the time, that’s still a major problem in critical systems like those.

Legacy COBOL code is largely used in critical systems like those of banks and airlines. What could go wrong with having that code rewritten by stochastic parrots who get programming answers wrong half of the time?

Interesting demo! Does this use the user agent string for identifying clients?

Oh I mean, sure, but I don’t think IP logging is the main privacy concern with spy pixels.

I’m assuming this trick uses the user agent string and other request metadata to identify clients. Even if it didn’t recognize Jerboa as a client, it did guess that I was on mobile. That’s not possible just by tracking IPs, unless they’re cross-referencing it with other datasets. Also, I was on VPN anyway, so the IP would have been useless.

It should be possible for clients to obfuscate/fake the metadata of image requests to make tracking with spy pixels less effective.

Can countermeasures be implemented in the clients to mitigate privacy risks, while not having to proxy images?

Got it, thank you!