We really like #qoto services. Today we came to learn there are #Cloudflare fetches on #qotoDotOrg's mastodon for the instance icons.
To see the fetches use F12 for the Network tab.
It gets CSS from miy.pw, one Cf website, and that CSS gets icons for each instance type at https://34.wtf, another Cf, based on HTML content.
Aside from inefficient couldn't this track/out users to Cf?
@MitiGator
@strypey
@bojkotiMalbona @witchescauldron @msaunders @paulsutton@qoto.org
@lupyuen
@dsfgs @MitiGator@101010.pl @strypey @bojkotiMalbona @witchescauldron @msaunders @lupyuen
Not sure maybe @freemo can help
Good question. This comes from the instance tracker feature added to some of our themes (its how we add a banner to posts that show what instance users are from using unique colors and icons for each instance).
We specifically provide theme versions for most of our themes that are o-ticker versions that wont fetch this css or add the tickers. This is specifically for people who dont want to use the tickers third-party css.
So if anyone is worried about this I'd suggest users simply switch to one of the no-ticker themes.
@dsfgs @MitiGator@101010.pl @strypey @bojkotiMalbona @witchescauldron @msaunders @lupyuen
@freemo @dsfgs @MitiGator@101010.pl @strypey @bojkotiMalbona @witchescauldron @msaunders @lupyuen
This is what I like about fedi, a concern / question is raised, and rather than trying to fob people off, you get a response such as this, that explains the issue and suggest possible solutions.
@zleap I mean, its a pretty legit concern :)
I have just made a Short video on how to change the theme. It is transcoding as I type this.
@zleap I cant view it since im in egypt and internet is god awful slow here. But we should find a good spot to put it for people to find it in the future.
@freemo Good point, it is still transcoding at the moment. I have a few similar videos, so could be useful for tutorials etc.
@zleap Yes thank you, im sure some users will find it helpful.
Hi zleap and Freemo (et al),
Thanks for the prompt reply and a video even, @zleap! Unfortunately, we're unable to watch videos at this time, also.
There are, to us, peculiarities to this ticker plugin. It seems to use JS (node.js) on some pages despite us having JS disabled in Tor? @torproject.
It looks like very inefficient client-side code too, iterating…1/3
@MitiGator @strypey @bojkotiMalbona @witchescauldron @msaunders @alex @lupyuen
@freemo
2/3… through thousands of instances per toot on the page? A server-side-added 'class' descriptor may help a lot, especially for users whose battery-life is a concern.
At the very least, however it might be safer/more private/faster to serve the tiny file/icons locally?
In it current form, we…2/3
@zleap @strypey @bojkotiMalbona @witchescauldron @msaunders @alex @lupyuen @freemo
When im back near some proper internet ill link you to the creator of the tickers so you can ask them. There are quite a few instances that use it.
Reason we cant host the css is because yhe maibtainer updates it fairly often as new instances are added or updates.
We did consider maki g it nondefault but after asking the qoto users the vast majority wanted to keep it as default. That said i think its fair to more prominently notify users that it uses cloudflare in our about page so they can be better informed.
@zleap @strypey @bojkotiMalbona @witchescauldron @msaunders @alex @lupyuen
@freemo
2/2… offer files for selfHost? b) when not self-hosting are the remote files integrity-checked (ie 'integrity' attribute)? They should be for when Cf gets attacked (we all know its gonna happen).
It seems the developer updates the CSS every 3-4 months? A script to check for an update each quarter may work well! When #TruthSocial federates though maybe be ready to get that update early :P
@zleap @strypey @bojkotiMalbona @witchescauldron @msaunders @alex @lupyuen
@freemo
Thanks for your reply.
Yes, stating on the About page that the Ticker is Cloudflare would be is a step forward.
The sheer scale of data that Cf can collect/infer may be high but at least ppl will know.
If anyone wants to "tickr tinkr", a server-side 'class'ification of #InstanceType seems a worthy endeavour.
In considering #selfHost vs Cf, a) does the developer…1/2
@zleap @strypey @bojkotiMalbona @witchescauldron @msaunders @alex @lupyuen