-
-
Notifications
You must be signed in to change notification settings - Fork 6.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ability to hide source application #5126
Comments
for the record, this is how we could tell which Trump's tweets were from Trump and which from someone else: http://varianceexplained.org/r/trump-tweets/ |
I think the RFC 6973 could be of use here. One of the main recommendation of this RFC is to reduce the data sent about users. |
How about not recording it at all? |
@jomo I think there's a separate request to expand the from-client abilities to include muting by app source, so that you could mute "Moa" or "Mastodon Twitter Crossposter". (#8271) The problem is that right now, iirc, client names don't federate, and this info shows up only for local users. That was perhaps the biggest historical use of the source field, for 3rd-party Twitter apps to be able to mute crossposted tweets from Facebook or YouTube or other sources. From a technical standpoint,
|
Reasons to expose application:
|
I think spam identification and application based muting are some valid points. I suggest that the account owner can decide for each application whether or not they want to display the source application publicly. Something like this (the wording could be improved): Of course, the owner would still be able to see the source themselves. |
Fixed by #9897? |
Revealing the source application of toots could be considered (low level) unwanted information disclosure. Some users might like showing which apps they're using while others might argue that it's nobody's business which app a toot was sent from.
For Twitter, there are actual tools that gather this data and show which applications a user uses to what percentage – or even at which times of a day, which can be used to gather information about this user. There are crazy people on the internet and they use this kind of OSINT to find patterns in application usage (combined with other patterns) in order to doxx people.
Example: At which times of a day is a user probably at home (tooting from desktop) and when are they probably not (tooting only from phone for a while)? For how long are they leaving home each day and at which times? How many different devices (applications) does this user own? …
If a user decides not to reveal the application, it should be hidden from both API and the web interface.
master
(If you're a user, don't worry about this).The text was updated successfully, but these errors were encountered: