The Fedilab developer just admitted to acting in bad faith by removing the user agent identification from their client.
I can understand a browser changing the user agent to something else for compatibility reasons, but for a client to deliberately remove identification to evade the wishes of the servers they connect to?
That’s not something well-behaved clients usually do...
@fedilab how would you characterize removing the user agent explicitly for the reason so that your client can evade a ban?
If you would be consistent in your principles of allowing your app being used to access all content including hate speech, then why would you have an issue with servers exercising their free will and choosing to revoke access for your client?
^^ this is what I mean when I say that people argue in bad faith when it comes to white supremacists. If you argue for certain principles then it has to be applied consistently.
Applications have no business controlling the content of their users except when it comes to abuse such as spam, harassment, hate speech etc.
(Moxie btw was right)
@mathew @szbalint @azure anyway moxie is a control freak and should not be used as a model for behavior. even then the application has no responsibility. the responsibility is on the app provider to not do business with known harmful parties. the app has freedom to do what it pleases, but no responsibility whatsoever (because it is not a person).
@szbalint That makes it a bit more difficult but you can still block it from your instance.It registers an API token with "Fedilab" as application name.You can check for that directly in the Mastodon software.It's currently not possible to ban whole apps using the admin menu but maybe you can add a check yourself somehow.
@Gargron @szbalint @zoe Yes,that's really not a perfect solution but it's a small workaround that does its job more or less.Would be cool if there was a possibility for instance admins to block clients and also tell the users why it's blocked.Sure,some shit like FreeFedilab will pop up then but I don't see any better solutions.
You know it's not possible to block a client.
At least, people will see a random string as a client. Also the app doesn't use a custom user agent for weeks.
You could stop all this shitstorm with few words, like it was created weeks ago by asking dev to take their responsibilities.
As far as I know, Mastodon doesn't block instances by default and no one harasses you for not doing it. Just don't let some people enrol some users by abusing of their lack of knowledge.
@szbalint Fork it !
@szbalint Go to app settings :
Customize your fields then update your app token and check my app name in this toot ?
@szbalint I think that all the apps are allowing this, take Pinafore, Brutaldon and all the other proxy-posting clients allow to change the user-agent and the name of the app and behave like a simple browser.
@szbalint You'd better work for a government that is looking to devellop ways to filter bits and look inside the frames.
@szbalint In this case, I disagree. I think the purpose of a standardized API is to let the user choose what client to use. As servers begin to filter for User-Agent strings which weren't intended for that purpose, app developers have no choice but manipulating it, effectively rendering it useless. I also think this action hits the wrong people. Anyone using your server is probably not using gab. So why worry wether Fedilab blocks gab?
Your argument is as contrived as it is disingenuous.
You do not get to claim that some bit of data must not be used to select what a user wants to see.
Devs are never justified in circumventing user choices that only affect what that user sees.
In fact, YOU are offending against proper use by suggesting that one user should be allowed to force their messages on others.
You have no moral standing, and you're wrong about everything.
@szbalint Him again?
Not a surprise at this point.
@szbalint Removing user agent ID is even a standard setting on the mastodon web UI and most of the client apps as well.
@szbalint By that reasoning, Tor Browser, and even Firefox with anti-fingerprinting mode enabled, are also "acting in bad faith".
@tga anti-fingerprinting is about protecting the user’s privacy by not leaking personally identifiable data. A user agent string is not personally identifiable but rather specific to an application with all it’s users.
There is a big difference also between a user deciding to change the user agent for their installation (which I have no problem with) vs the developer for every user by default.
Tor Browser and Firefox with anti-fingerprinting enabled spoof their user agent to reduce the ability of the server to run fingerprinting code on said useragent (e.g., they identify the OS as Windows, and decrease the version to the last ESR). The user doesn't opt in, and many serverers try to identify the user agent anyway using other avenues (e.g., TCP stack config). Some sites, like the NYT, will disable the site if they detect this behavior, because ads.
Exclusive or something