astro/caveman
astro
/
caveman
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

gatherer/templates/token_donate: add update on token permissions

This commit is contained in:
Astro 2023-08-10 23:28:23 +02:00
parent 4675959896
commit ae1d282940
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
gatherer/templates/token_donate.html
View File

@ -26,7 +26,7 @@
<h2>Reason</h2>
<p>
A token lets us connect to the <a href="https://docs.joinmastodon.org/methods/streaming/#public">the public timeline streaming API</a> of your instance so that we can include it in our sampling of the Fediverse, and to redistribute it through the <a href="https://relay.fedi.buzz">#FediBuzz Relay</a>, a service that is already used by many small instances. We are very happy to run this tool in support of decentralized media, implementing what centralized services do with ease: to provide a global view. Just like search engines do for the Web.
A token lets us connect to the <a href="https://docs.joinmastodon.org/methods/streaming/#public">the public timeline streaming API</a> of your instance so that we can include it in our sampling of the Fediverse, and to redistribute it through the <a href="https://relay.fedi.buzz">#FediBuzz Relay</a> - a service that is already used by many small instances. We are very happy to run this tool in support of decentralized media, implementing what centralized services do with ease: to provide a global view. Just like search engines do for the Web.
</p>
<h2>Background</h2>
@ -36,14 +36,16 @@
<h2>Your privacy</h2>
<p>
We consume only the <em>federated timeline</em>. We don't even see boosts or replies. The permissions that we request shouldn't allow us to do anything else.
</p>
<p>
#FediBuzz gets at less data than what the Web crawlers can see. Of course, we respect the Internet standard <em>robots.txt</em>.
We consume only the <em>federated timeline</em>. We don't even see boosts or replies. Of course, we respect the Internet standard <em>robots.txt</em>.
</p>
<p>
Despite taking these precautions on our side, we still do not recommend using ActivityPub for sensitive communications. After all, it is made for <em>publishing</em>. Your data on Mastodon is already available to secret polices and script kiddies who will laugh at a robots.txt. For private messaging, we recommend <a href="https://omemo.top/">XMPP with OMEMO</a>.
</p>
<h2>Update: Token permissions</h2>
<p>
Since the introduction of this functionality, we have been made aware that the <em>reading statuses</em> permission <b>allows to your read private messages</b> - just like what your Mastodon admins can see. It is unfathomable why anyone would communicate privately without end-to-end encryption in 2023 but if you still do: <em>Consider creating an empty dummy account on your instance for the token!</em>
</p>
</main>
<footer>