search

beakerbrowser / fritter

A peer-to-peer social feed app. (proof of concept)
dat://fritter.hashbase.io
MIT License
363 stars 36 forks source link

Pixel-tracking issue #10

Closed pfrazee closed 6 years ago

pfrazee commented 6 years ago

Allowing image embeds from HTTP/S makes it possible to pixel-track users. Arguably it does for dat:// sites too.

The most paranoid policy would be to only render images from dats that you're following.

We should decide how we want to approach this.

SaFrMo commented 6 years ago

Maybe a setting for rendering images inline that allows a few different levels of privacy:

  1. Embed all images
  2. Embed only dat:// images, treat http/s images as links
  3. Embed only dat:// images from dats you follow, treat others as links
  4. Treat all images as links (default)

There could also be an opt-in next to images so you could change the setting without having to navigate to the main Settings page (and so that new users would understand why images aren't embedding automatically).

I'd be interested in building this feature if it was too time-consuming for y'all, I'd love to learn more about how updating sitewide preferences works.

taravancil commented 6 years ago

This would be fantastic. If you're up for it, we'd love to have you do it!

I like the idea of making it easy for new users to find out that the image embed setting exists. I'm not sure how I'd do that UI element, but I trust your judgement.

Paul and I are talking about how to store settings right now...we're not sure yet. You probably don't want to publish settings on the profile, because that will someday include sensitive info (like words you've muted, for example). Then again localStorage isn't a great option because then the user needs to update their settings each time they try a new client.

taravancil commented 6 years ago

Ok, we decided it's not acceptable to publish settings on user profiles. Even though image embed settings aren't sensitive, we don't want to set a bad precedent for the future.

Let's store a JSON.stringify-ed object in localStorage.settings. This means that anytime you switch clients, you'll lose your settings, but there are ways to make that less painful:

  1. Build a settings export/import tool that copies the settings string from one client and and imports to another client's localStorage
  2. Make it possible for apps to declare settings in a manifest, and rendering that in a standard settings panel. This would require work on Beaker, and we're not quite sure this is 100% a good idea, so 1 seems more reasonable at the moment
taravancil commented 6 years ago

@SaFrMo FYI I added app.updateSettings when I implemented the theme color setting.

SaFrMo commented 6 years ago

That all sounds good to me! Here's a snapshot of the work I managed to get done today - I'll be able to wrap up in the next day or two.

screen shot 2018-01-17 at 9 18 16 am
taravancil commented 6 years ago

Closed by #25