Items tagged with: Pleroma
Which server should an new #Fediverse user choose?
Eugen, the creator of Mastodon and admin of the biggest Mastodon server, mastodon.social, talks about the challenges new users might face when they want to register a Mastodon account. In fact these problems aren't limited to Mastodon.
Every user planning to create an account somewhere in the #Fediverse has to make several decisions first:
1. Which platform?
Do I want to settle on #Mastodon, #Diaspora, #Friendica, #Hubzilla, #Pleroma, #Socialhome or one of the more specialised choices? Given that most of these platforms differ in features, chances are high that I can make a choice based on technical facts. Maybe I already know some accounts I want to follow, which might narrow down the list of choices since not all networks are connected (most notably Mastodon and Diaspory can't see each other, so I can either use the one I need or one of the multi-protocol platforms). Even if I can't decide yet, I'll just register one account for every platform.
2. Which server?
Now this might be the harder question. Let's assume I picked a platform and now want to register my account. Which server should I chose and why? For some platforms there are servers that are specialised on single topics, so if, for example, I am an English speaking Open Source evangelist and want to use Mastodon, there is a server that is just right for me.
But what If I have several main interests? There is no special community for people who like knitting and fishing. Or, more likely, what if I can't even decide on my interests right now? See, I'm interested in many things, nothing special though, just want to talk about things. Where should I register?
Of course there are many servers in every network that aren't limited to any set of topics. So I'll just choose the one that most other people already chose, right?
Well, nearly. And that's exactly Eugen's problem here. As a user, you want to use a server that
- is well maintained and is here to stay.
- has some more users so its public timeline isn't empty.
But from a technical view it would be great if users would spread equally over all servers. So I'll just choose the one that has the least users, right?
Well, nearly. Maybe a compromise is the way to go. It could look like this:
- Look for a server with more than one user.
- See if it exists for more than, say, three months.
- Look up the admins, see what they post, ask yourself if you like them.
- Have a look at the server's public timeline.
These tools might help answering a newcomer's questions:
But the main question stays: how do you explain this to a passer-by who just wants to quickly create a Fediverse account? Could a landing page featuring a "I'm feeling lucky" button that will automatically pick a random server help?
♲ Eugen - 2019-03-20 22:00:40 GMT
The role of mastodon.social in the Mastodon ecosystem#decentralised #decentralized #distributed #federation #pod #node #server
"help wanted" - #Hubzilla -> link
"Junior Jobs" - #Friendica -> link
"help wanted" - #diaspora -> link
"fit for beginners" - #Mastodon -> link
"needs help" - #Misskey -> link
"good first issue" - #Peertube -> link
"needs #design" / "easy" - #Pleroma -> link 1 / link 2
"help wanted" - #Socialhome -> link
Which websites featured on the Federation have the worst privacy?
My last post highlighted how ticking the OEmbed box to add a website picture to a post can compromise Federation users if it contains a tracker.
I also mentioned tools, like Disconnect, we could use to detect websites which track their users. In this post I reveal some of the most popular reference websites on the Federation with low privacy and high tracking rates.
I believe Federation users should consider not embedding, or at least warning their readers about the surveillance techniques carried out by these sites.
A Princeton University study identified almost a million websites that track their users. Here are just 5 examples of websites whose stories are commonly quoted on the Federation:
Wired is a popular website referenced on the Federation by many users because it publishes great tech-based stories. But how private is it?
Although it offers an ‘ad-free’ version for subscribers, normal visitors are ruthlessly fleeced for their data.
WIRED has embed deals (agreements to embed tracking codes into their pages for money or gain) with a staggering 171 third parties including Google, Amazon, Facebook, Vogue, GQ, Golf Digest, Bonappetit and Vanity Fair.
Some tracking beacons embedded on WIRED and captured by Ublock Origin
151 of these third parties are known tracking or advertising companies like Google, Amazon, Facebook, Turn, Add This, Scorecard Research, Adobe, Twitter Analytics, Typekit, Criteo and Quantserve. Aggressive trackers like Google Tag Manager (GTM), Add This and Turn are present here.
Below is a screengrab of the many scripts NoScript has blocked from the WIRED website, the 33 scripts, gifs and beacons blocked by Ublock Origin and a couple by Disconnect.
WIRED sets 25 short-term and 28 long-term cookies itself, while allowing its third party partners (including 69 tracking companies) to set 26 short-term and 133 long-term cookies.
It uses Google Analytics without the anonymization feature enabled, so user details are sent to Google servers.
All WIRED servers are based in the US so GDPR privacy rules can be ignored.
Websites loading this many scripts/cookies are usually blacklisted by most users, not least because they drain a device’s battery.
WIRED claims that subscribing with them will mean an ad free experience, but I find it hard to believe that a subscription to WIRED will suddenly load a clean page without a single tracker retrieving data. But then I am not a WIRED subscriber. Please comment if you are and have no trackers.
Seen by some as a safe pro-privacy resource celebrating Free and Open Source Software, FOSSPOST lets its users down by digitally fingerprinting their devices and loading 19 trackers into a browser.
FOSSPOST has embed deals with 27 third parties, making its embed renting in the ‘low’ category, including Google, Amazon, Creative Commons and WordPress.
13 of these are known tracking or advertising companies like Google, Amazon, Mailerlite, One Signal and the data-hungry caterpillar that is WordPress.
FOSSPOST sets 2 short-term and 2 long-term cookies itself while allowing its third party partners (including 3 tracking companies) to set 4 long-term cookies.
It uses Google Analytics without the anonymization feature so user details are sent to Google servers. All FOSSPOST servers are based in the US so GDPR privacy rules can be ignored.
Acquired by Yahoo’s parent company, Oath (a company that includes AOL), under the Verizon umbrella, in 2010, this is a popular reference source for researchers and Federation users.
Historically, Yahoo deserves some kudos as they were one of the few big tech companies that objected to sharing their users’ details with the PRISM
The Bush administration threatened them with $250k a day fines until they complied. Verizon bought them in 2017. Yahoo suffered the largest data breach in history in 2018.
The link to this NYT story is not embedded (consider blocking the GTM tracker on the site)
TECHCRUNCH.com fingerprints the user’s device and dumps 2-7 Yahoo trackers in their browser, depending on the page loaded.
TECHCRUNCH has embed deals with 27 third parties, including Google, Facebook, Yahoo and WordPress.
15 of these are known tracking or advertising companies like Google, Facebook, Yahoo, WordPress, Atwola, Typekit, AOL and Scorecard Research.
TECHCRUNCH sets 4 short-term and 5 long-term cookies itself while allowing its third party partners (including 4 tracking companies) to set 1 short-term and 7 long-term cookies.
It uses Google Analytics but interestingly enables the anonymization feature so some user details are not sent to Google servers.
All servers are based in the US so forget about GDPR privacy rules.
THE REGISTER .co.uk
Although a great resource with well-written and groundbreaking stories, it isn’t as private as I’d hoped.
There is no obvious digital fingerprinting but it seems to have gathered more Google syndication in the last couple of years, (9 of its 16 embed deals are with the Big G). 12 known tracking or advertising companies like Google, Admedo and the Amp Project gather data.
THE REGISTER sets 3 short-term and 4 long-term cookies itself while allowing its third party partners (including 2 tracking companies) to set 7 long-term cookies.
It uses Google Analytics without enabling the anonymization feature so user details are sent to Google servers. Although THE REGISTER’s domain is in the UK, both its data and email servers are based in the US so GDPR privacy rules could be compromised here, though I am not a lawyer.
The Guardian .com
I’ve been sitting on this for a few years now but it’s about time I blew the whistle.
I first noticed the Guardian newspaper’s website was digitally fingerprinting its users’ devices when they published an article on, um, Canvas Fingerprinting.
That page has been removed since, but they still continued doing it, long before Facebook, though not before Google.
I’ve kept quiet about this surveillance because I admire the paper for its incredible journalism, especially exclusives like the Snowdon revelations, and its general championing of freedom issues across many sectors of society. But the hypocrisy has started to wear me down.
Some tracking items & widgets embedded on Guardian .com and captured by Ublock Origin
The Guardian has embed deals with a privacy-sapping 142 third parties, including Google, Amazon, Bing, Twitter, and, despite being one of its main critics, Facebook. 132 of these third party partners are known tracking or advertising companies like Google, Amazon, Facebook, Turn, AddThis, Scorecard Research, Blue Kai, Twitter Analytics, Rubicon, Criteo and Quantserve.
Some of the most aggressive trackers like GTM, AddThis and Turn are present here.
The Guardian also sets 3 short-term and 5 long-term cookies itself, while allowing its third party partners (including 51 tracking companies) to set 10 short-term and 131 long-term cookies.
Yes, we NEED the Guardian’s continued existence, but castigating Facebook et al while allowing them to track its users doesn’t sit well with me.
The website uses Google Analytics but at least enables the anonymization feature, so some user details are not sent to Google servers.
Although The Guardian’s data servers are in Germany, their email servers are based in the US so GDPR privacy rules could be compromised here, though, again, I am not a lawyer.
In conclusion, I’ve given just 5 examples of popular sites Federation users quote in their posts.
I am NOT advocating a boycott of these sites but politely suggest we don’t OEmbed them, just feature a hyperlink and give readers the heads-up about these privacy concerns.
Alternatively, look for other sources featuring the same story. It’s also worth highlighting which websites do NOT add a tracker when we OEmbed a story, or have a low level of surveillance. Please promote those guys.
#news #fakenews #journalism #FreePress #PressFreedom #theguardian
#privacy #tracking #trackers #facebook #social #mass-surveillance #gdpr #google #location #user #device #setup #private #secure #internet #tips #tricks #online #os #windows #apple #ios #advertising #ad #revenue #streams #developers #media #data #corporations #telemetry #consent #spyware #surveillancecapitalism #humanrights, #anonymity #cookies #surveillance #browser #proxy #relay #network #www #leaks #fingerprint #activity #activitytrackers #thefederation #pods #federation #fediverse #friendica #mastodon #pleroma #socialhome # #Gnusocial #Funkwhale #Peertube #pixelfed #hubzilla #Diaspora
Nous préparons une liste de toutes les instances européennes #Pleroma, #Mastodon, #GNUSocial, #Peertube, #Funkwhale, etc.
Contactez-moi. Je n'ai besoin que du nom de domaine, du pays et de l'objectif général de l'instance. Un nombre approximatif d'utilisateur est le bienvenu, mais pas indispensable.
We are preparing a list of all EU-based #Pleroma, #Mastodon, #GNUSocial, #Peertube, #Funkwhale, and any other instances.
Please *contact me*. All I need is the domain name, which EU Member State it's located in, and the rough topic of the instance. Approximate user count welcome, but not necessary.
Please help. This is important.
Pleroma emulates the Mastodon REST API to piggyback on the Mastodon apps that already exist (fair enough). Pleroma changes IDs returned by their emulated API, from numbers encoded as base 10 strings, to numbers encoded as base 62 strings (difference being the method by which they can be sorted in typed systems) (1/2)