The Fedilab developer just admitted to acting in bad faith by removing the user agent identification from their client.
I can understand a browser changing the user agent to something else for compatibility reasons, but for a client to deliberately remove identification to evade the wishes of the servers they connect to?
That’s not something well-behaved clients usually do...
@fedilab how would you characterize removing the user agent explicitly for the reason so that your client can evade a ban?
If you would be consistent in your principles of allowing your app being used to access all content including hate speech, then why would you have an issue with servers exercising their free will and choosing to revoke access for your client?
^^ this is what I mean when I say that people argue in bad faith when it comes to white supremacists. If you argue for certain principles then it has to be applied consistently.
@szbalint That makes it a bit more difficult but you can still block it from your instance.It registers an API token with "Fedilab" as application name.You can check for that directly in the Mastodon software.It's currently not possible to ban whole apps using the admin menu but maybe you can add a check yourself somehow.
@Gargron @szbalint @zoe Yes,that's really not a perfect solution but it's a small workaround that does its job more or less.Would be cool if there was a possibility for instance admins to block clients and also tell the users why it's blocked.Sure,some shit like FreeFedilab will pop up then but I don't see any better solutions.
You know it's not possible to block a client.
At least, people will see a random string as a client. Also the app doesn't use a custom user agent for weeks.
You could stop all this shitstorm with few words, like it was created weeks ago by asking dev to take their responsibilities.
As far as I know, Mastodon doesn't block instances by default and no one harasses you for not doing it. Just don't let some people enrol some users by abusing of their lack of knowledge.
@szbalint Fork it !
@szbalint Go to app settings :
Customize your fields then update your app token and check my app name in this toot ?
@szbalint I think that all the apps are allowing this, take Pinafore, Brutaldon and all the other proxy-posting clients allow to change the user-agent and the name of the app and behave like a simple browser.
@szbalint You'd better work for a government that is looking to devellop ways to filter bits and look inside the frames.
@szbalint In this case, I disagree. I think the purpose of a standardized API is to let the user choose what client to use. As servers begin to filter for User-Agent strings which weren't intended for that purpose, app developers have no choice but manipulating it, effectively rendering it useless. I also think this action hits the wrong people. Anyone using your server is probably not using gab. So why worry wether Fedilab blocks gab?
@szbalint Him again?
Not a surprise at this point.
@szbalint Removing user agent ID is even a standard setting on the mastodon web UI and most of the client apps as well.
@szbalint By that reasoning, Tor Browser, and even Firefox with anti-fingerprinting mode enabled, are also "acting in bad faith".
@tga anti-fingerprinting is about protecting the user’s privacy by not leaking personally identifiable data. A user agent string is not personally identifiable but rather specific to an application with all it’s users.
There is a big difference also between a user deciding to change the user agent for their installation (which I have no problem with) vs the developer for every user by default.
Tor Browser and Firefox with anti-fingerprinting enabled spoof their user agent to reduce the ability of the server to run fingerprinting code on said useragent (e.g., they identify the OS as Windows, and decrease the version to the last ESR). The user doesn't opt in, and many serverers try to identify the user agent anyway using other avenues (e.g., TCP stack config). Some sites, like the NYT, will disable the site if they detect this behavior, because ads.
@tga yeah which is a valid usecase so that the Tor using population doesn’t stand out too much for understandable reasons. It’s effectiveness is a different matter though.
I mean at this point it comes down to intent and why a certain app is doing something and who they have in mind to prioritize.
@szbalint your point was that mastalab was somehow acting in bad faith by using a user agent that let their users access the content they wanted, because it circumvented server-side blocks. I agree that the creators have made some disappointing decisions lately, but acting like spoofing a user agent is some nefarious ploy is a disingenuous description of a fairly standard practice.
@tga it depends on intent, fedilab made this modification not for privacy reasons but because they wanted to be both serving white supremacist users and then not have that decision affect the app in any way.
A fediverse server is not the open web. You need to register a user account and that comes with terms of service.
Deliberately going against instance admins here is not some benign change to the user agent that might be the case for a browser. This is the context.
@szbalint fedilab are abusive fascists and it's clear at this point. They dumped a whole load of fashy trolls on one of my girlfriends because she asked a relatively harmless question, and i got shit too for pointing out they were allowing access to spaces where racist, antisemitic mass shootings are planned and celebrated.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!