robinlinden
commented
2 years ago If implemented, it would have to be opt-in, inform the user that the feature leaks metadata, and preferably also have an optional domain whitelist.
Open roihershberg opened 2 years ago
robinlinden
commented
2 years ago If implemented, it would have to be opt-in, inform the user that the feature leaks metadata, and preferably also have an optional domain whitelist.
roihershberg
commented
2 years ago I agree about the opt-in. But it doesn't leak anything it just fetches the url and displays a preview. Or you consider it a leak?
robinlinden
commented
2 years ago Being able to have any aTox user connect to any arbitrary domain doesn't feel good. :P Even if a user hasn't set up a proxy in Tox, I wouldn't expect clients to be pinging random web servers.
robinlinden
commented
2 years ago We also need to make sure to use the proxy set by the user when fetching the metadata, since otherwise we'd be leaking their real IP address even if they do have a proxy set.
roihershberg
commented
2 years ago The metadata should only be fetched by the user sending the message. But if the site had configured an image then we can go the route with downloading and transfering that image or passing it as a URL for everybody to fetch. Every single option should always be opt-in.
roihershberg
commented
2 years ago Is it possible to add more info to the current messages protocol without breaking the support with other clients?
robinlinden
commented
2 years ago Not really, no. There's https://github.com/toxext/toxext/ and I have an ~80% done Kotlin port of it, but that would only allow us to define protocol extensions and see which clients support them. If we went that route, we could negotiate something nice with clients that support it and fall back on text or an image file transfer to other clients.
I didn't get that you wanted to generate something sender-side since there's no real protocol support for doing that in a nice way right now. :P You only have images or text, pretty much.
roihershberg
commented
2 years ago That extension library is nice! Maybe we could add to your port a good quality extension for that!
Yeah the info is pretty much embedded in the message as can be seen in Whatsapp, Signal, etc. Only the sender fetches the info and they choose if they want to add it to the message or not (the x button). But I'm not sure about the images. If they act as a transfer or a fetching for every client to do.
robinlinden
commented
2 years ago Yeah, I was just thinking that the only way to ensure that you get link previews on all links is to do it on the receiving end. I guess both could done, with doing it yourself as the fallback if you don't receive a link preview when you want one. E.g. I might always want a preview of imgur or youtube links or something, whereas maybe I never want previews of something like google.com search results. That's why I figured a domain whitelist might be nice too.
roihershberg
commented
2 years ago Hah. It's not a preview of the website. It is an image specified by the og:image metadata.
The example that they give on their site:
<meta property="og:image" content="https://ia.media-imdb.com/images/rock.jpg" />Yeah I like that route!
roihershberg
commented
2 years ago That's how GitHub repositories show as a nice image with the repo info when you share it on social and you can't find that image anywhere on the site itself. You can also customize that image to something different in the repository settings.
roihershberg
commented
2 years ago An example of metadata of a YouTube video. There's all the information you need about the video. That's how messengers do it.
<meta property="og:site_name" content="YouTube">
<meta property="og:url" content="https://www.youtube.com/watch?v=EM1gQsOIj0g">
<meta property="og:title" content="CRYPT SKIP TOX MESSENGER REVIEW PART 1">
<meta property="og:image" content="https://i.ytimg.com/vi/EM1gQsOIj0g/hqdefault.jpg">
<meta property="og:image:width" content="480">
<meta property="og:image:height" content="360">
<meta property="og:description" content="Inthis video I review the TOX decentralized messenger. This is part 1 of 3. This is introduction to TOX">
<meta property="og:type" content="video.other">
<meta property="og:video:url" content="https://www.youtube.com/embed/EM1gQsOIj0g">
<meta property="og:video:secure_url" content="https://www.youtube.com/embed/EM1gQsOIj0g">
<meta property="og:video:type" content="text/html">
<meta property="og:video:width" content="1280">
<meta property="og:video:height" content="720">
<meta property="og:video:tag" content="tox">
<meta property="og:video:tag" content="messenger">
<meta property="og:video:tag" content="instruction">
<meta property="og:video:tag" content="information">
<meta property="og:video:tag" content="decentralized">
<meta property="og:video:tag" content="p2p">I wrote the comments above as there's no preview of search results. There's only preview of the tags shown above and specifically og:title, og:description, og:image and og:site (Maybe forgot more).
But the domain whitelist is good! Maybe also an option for a domain blacklist instead.
Support fetching the Open Graph Protocol metadata stored in sites when sending links previewing them with a nice card like you can see in Facebook, WhatsApp, Twitter, Signal, etc.