Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make displaying application used to toot opt-in #9897

Merged
merged 2 commits into from Feb 2, 2019

Conversation

@ThibG
Copy link
Collaborator

commented Jan 21, 2019

This PR introduces a setting to control whether an the application used to post toots is stored and displayed, and makes it opt-in (thus changing the default behavior).

The reasoning for this is that this information has little legitimate use, but may be used to get private information about the user (are they posting from their computer or a phone app? Do they use a very little-used app? If so, can we identify them across accounts?)

@ThibG ThibG force-pushed the ThibG:feature/disable-application-info branch 3 times, most recently from efd18d1 to e72d45e Jan 21, 2019
@ThibG ThibG force-pushed the ThibG:feature/disable-application-info branch from e72d45e to bfee2aa Jan 21, 2019
@Gargron

This comment has been minimized.

Copy link
Member

commented Jan 21, 2019

I have disagreements for multiple reasons:

  • Malicious app that modifies preference to hide the source of malicious messages
  • Makes harder to implement any mute-by-source functionality in the future
  • App developers depend on this for app discovery (to some degree)
@ThibG

This comment has been minimized.

Copy link
Collaborator Author

commented Jan 21, 2019

Hm, the first two reasons kind of make sense, but I'm really skeptical about the third point.
I do think that exposing the application used is a liability regarding privacy.

EDIT: Also, you might have responded before I edited the PR to add the rationale

@ThibG ThibG force-pushed the ThibG:feature/disable-application-info branch from bfee2aa to 708b4fd Jan 21, 2019
@ThibG ThibG changed the title Make storing and displaying application used to toot opt-in Make displaying application used to toot opt-in Jan 21, 2019
@ThibG

This comment has been minimized.

Copy link
Collaborator Author

commented Jan 21, 2019

I changed it so that the information is still stored and displayed to the author. I believe this addresses all your concerns.

@Gargron
Gargron approved these changes Feb 2, 2019
@Gargron Gargron merged commit ed30110 into tootsuite:master Feb 2, 2019
11 checks passed
11 checks passed
ci/circleci: build Your tests passed on CircleCI!
Details
ci/circleci: check-i18n Your tests passed on CircleCI!
Details
ci/circleci: install Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.6 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.6 Your tests passed on CircleCI!
Details
ci/circleci: test-webui Your tests passed on CircleCI!
Details
codeclimate All good!
Details
masanbol added a commit to masanbol/snoutsonline that referenced this pull request Feb 3, 2019
@rinsuki

This comment has been minimized.

Copy link
Contributor

commented Feb 6, 2019

@ThibG Why did you change default behavior?
I think, this should be an opt-out...

@ThibG

This comment has been minimized.

Copy link
Collaborator Author

commented Feb 6, 2019

@Gargron

This comment has been minimized.

Copy link
Member

commented Feb 6, 2019

I didn't realize you made it default to false after my concerns. I agree with @rinsuki the default behaviour should not be changed.

I think most users do not care about displaying such information

This is true, but I think there are generally a lot of ideological questions users do not care about. Whether you are using Tusky or Mastalab does not endanger anyone in the majority of cases, and we need to help the app ecosystem, because users generally don't think about an app ecosystem after they've found an app that works for them. Not everyone leaves a 5-star review on the app store, so do you think they will look for an option they do not know is there?

@rinsuki

This comment has been minimized.

Copy link
Contributor

commented Feb 6, 2019

I think that this change will cause malfunction of https://distsn.org/mastodon-apps.html and some sites.

I understand that you are concerned about privacy, but I think that changing default behavior is not favorable.

As an alternative to opt-in, I propose to display some message in "/oauth/authorize".
e.g. "Note: anyone can see the application you used to toot. You can overwrite this behavior in settings."

rinsuki added a commit to rinsuki/mastodon that referenced this pull request Feb 9, 2019
Gargron added a commit that referenced this pull request Feb 9, 2019
@trwnh trwnh referenced this pull request Feb 24, 2019
2 of 2 tasks complete
benharri added a commit to tildeverse/mastodon that referenced this pull request Mar 5, 2019
* Make storing and displaying application used to toot opt-in

* Revert to storing application info, and display it to the author via API
@ThibG ThibG deleted the ThibG:feature/disable-application-info branch Mar 14, 2019
hiyuki2578 added a commit to ProjectMyosotis/mastodon that referenced this pull request Oct 2, 2019
* Make storing and displaying application used to toot opt-in

* Revert to storing application info, and display it to the author via API
hiyuki2578 added a commit to ProjectMyosotis/mastodon that referenced this pull request Oct 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.