You must log in or register to comment.
Isn’t that what honey did in their app?
Are you talking about coupons? Then no, very different things.
It’s a switcheroo, but not the same switcheroo
Anything under direct corporate control will enshittify. It has nothing to do with mission, values, direction, purpose, or any other bullshit in the charter of a service. If it is controlled by an entity with shareholders turning a profit, it will enshittify, because those shareholders will demand ever increasing profit for their investments. It is a one-way process.
The direct counter to enshittification is interoperability: the ability to pack up your content (likes, followers, messages, uploads) and import it into another service provider.
Since Signal is open source and mostly FOSS, you can theoretically create a Signal fork that can import Signal backups. I know because this program can read such backups and convert them into other formats. Ideally, the Atlantic reporter could have exported a Signal backup with the offending group chat messages before they expired.
The only thing I want from companies is just a little transparency and a paid option to opt out.
“Facebook is free, but we will mine the balls off your data, monitor everything you do, we will control your feed and you cant customise anything. Or for $20 a month, we wont mine or track you, your feed and how it works is totally customisable”
Just put a number to it and let me decide if my privacy and experience is worth the money.
20$ is ridiculous. 1-2 would be reasonable.
What they ask for isnt the point, just give me the option to decide for myself. 1
so Signal too?
Yes indeed.
What?
While Signal and the structure of how signal is managed has flaws.
It is not a coorporation and therefore has no need to enshitify
It’s a non-profit.
OpenAI was a non-profit. Then they built something that could earn a profit, stopped being a non-profit, and immediately began to enshittify.
The Susan G. Komen foundation is a non-profit that enshittified with a “pinkwashing” scandal.
“Corporation” is not the predictive factor. “Centralized” is. Any centralized system is subject to the shitty whims of the operators.
The Signal Foundation is not a corporation.
But Signal Messenger, LLC is indeed a corporation, and it operates officially as a subsidiary of the Signal Foundation. The Signal protocol, as well as the official app, is developed by the LLC and not by the foundation.
In any event, there is plenty of room for a future enshittification of Signal. Is it less likely than many other entities? That’s probably a fair statement. Is it impossible? Not in the least.
it’s a “non profit organisation”, just like OpenAI once was
Yeah, this is why BlueSky’s openness is always only to a point. I will say it’s probably not as bad as some are making it out to be, but it’s definitely not something you want to see from a platform purporting to be open. Fortunately this is only a BlueSky thing and not the entire AT Protocol… but at this point, the AT Protocol and BlueSky are inseperable. I mean, are there even any other AT Protocol sites?
What else would happen. Lol
I’m shocked!
Well, not that shocked.
Mastodon is the preferred alternative.
This doesn’t even make sense.
If you are on their domain they can see the things you click on, this is how websites and cookies work.
This isn’t nefarious, it’s the raving delusions of a tech illiterate idiot.
Whatever gets them to see the truth
So why are they hiding it by changing the link with client-side code? Might not be nefarious, but why?
Most probably so that people don’t hover over the link and see that it doesn’t match, which might confuse them if they don’t know how redirects work.
No.
You can see a link was loaded in the page. Link tracking is still needed to know if the link was clicked.
It can be an “on click” JavaScript event, or a redirect to a tracking site.
No, if you click a link that brings you to or from a site your IP is logged
Navigating the internet requires having and disclosing your IP address.
Sorry
No, if you click a link that brings you to or from a site your IP is logged
No, clicked links that bring to a site do not log your IP. For that you would have to add some sort of JavaScript to intercept the click and then have some JavaScript execute a HTTP Request that passes that information (eg: HTTP POST). Then the IP can be grabbed via that request by the receiving server. Or more importantly, a tracking cookie.
When clicking a link, the browser may add to Origin header on the HTTP request (HTTP HEAD/GET) that goes to the link’s server. Or the link itself can have UTM parameters, but there’s no guarantee that ever gets back to the original server.
But the point is if you have a page with 1000 links on it, the server that serves you the page doesn’t know which one you clicked without JavaScript or reframing the link to go elsewhere, which is why this post exists.
Put perfectly. Had I not been on mobile…I would have written it just as lazily as I did.
Thanks for taking the time.
The destination logs the IP. The source doesn’t see the click, because it happens in your client, not in their site.
Source: managed tens of thousands of sites and hundreds of thousands of servers for over 25 years.
Wow so you need an IP to navigate the web and every site you visit sees that IP?
Thanks for explaining what I just explained!
I’m going to educate you on what this is actually about.
You think it’s about tracking someone as they go about the web.
The article is about BLUE SKY tracking the links you click on their site. Two totally different things.
They were correct though, you weren’t.
Which makes your cockiness that much funnier.
I host a page, you load the page and it has 5 links on it. You can click on any, all or none of the links and my server would have no knowledge of it because after the page has loaded that’s our communication finished. All my server can log is that you loaded the page with the links on it and they were sent to you. What you do with that is up to you.
JS or manipulating the links would allow me to track which ones you have clicked.
Not true, many frameworks out there for tracking client side interaction, and not only clicks, also keystroke and even just mouse movements on the page….It is called RUM data. It works similar to google analytics.
Your splitting hairs at this point.
My point was without SOMETHING to track clicks, you… Don’t.
You mean the company that was created by the worst of pre-Musk Twitter leadership, that claims to be open source and federated but actually isn’t, that uses AI to moderate itself, and that has a policy that lets AI scrapers use your posts is actually bad? I’m shocked. Shocked!
It is open source though.
its also federated. I have my own instance set up lol.
How is this technically possible? When I hover over a link, my browser informs me it takes me somewhere; then when I click it, it takes me to go.bluesky. Is the destination changing at the moment the click occurs? Why are they hiding this?
Javascript could change the url on the click event.
That’s messed up. Javascript should never have been introduced T_T
JS isn’t that problem. It’s a tool, and I’d wager your expectation of web page functionality hinges on it in most cases. If we didn’t have it we’d be back to the 90s where web pages fully refresh every time we click on something, if we want to see the information update on the page. JS, CSS, and HTML are the foundations of what we call websites.
Like any tool it can be used for dirty shit, but in order for it to be functional in the ways we want it to be it will also have potential for abuse.
If you want to you can install add-ons that block JS functionality - go ahead and enable them if you like; it let’s you enable JS elements manually so that you can maintain a better security posture online. I’m not even being sassy, I recommend you do it if you care about privacy or security.
It’ll be a giant pain in the ass though and you’ll end up having to enable a bunch of stuff manually to get websites to work. But you’ll learn a lot and you’ll be better protected against tracking, malware, ads, etc.
It’s a tool for the developer, but a security risk for the user. The web should have had a more restrictive set of a features. This would ensure websites operate more similarly to each other and abuse be less rampant. We should have been very conservative adding features to the web, instead of rapidly embracing new technology for short-term benefit.
I had JS off by default on my smartphone for about three years. The web was a miserable experience, not because of a lack of functionality, but because of broken functionality.
Js is absolute the problem and I say this as a developer. There’s just too much power that is almost always used for abuse. Do we really need Navigator api and webrtc to be enabled by default etc?
It’s very clear that JS has been hijacked by bad actors long ago and I love Javascript and all of the cool things it allows us to do its just clearly in an abusive relationship.
One line of Javascript
e.preventDefault()
They never needed to redirect to do that in the first place. It’s probably just done for convenience. Websites quietly tracking outgoing links has been technically possible since the '90s.
fuck it’s almost like the world runs on capitalism
Yeah, we need to do something about that.
state funded internet service and social media?
Late reply but that would be a good start. I really wish something like cjdns would take off. A decentralized, p2p, and fully encrypted IP routing service that is open source and freely available could be used to build a truly free and secure Internet instead of relying on corporate ISPs to provide bandwidth.
Ideally people funded.
Honestly not much of a functional difference between modern states and corporations.
States just do their best to pretend to be democratic while also being mechanisms of control and furthering the siphoning of all material wealth to the rich.
Yes even the social democratic states work like that, and it’ll get way more obvious soon.
The state is publicly funded, but yeah, it is better if the public can solve a problem without the state or without oligarchs like Elon involved.
This can be mitigated in clients, but, yeah… This sucks donky balls
I’ve given up trying to save people from obvious traps. They refuse to listen and they refuse all data.
Absolutely shocked, no one could have predicted this
This has absolutely nothing to do with enshittification. Bluesky doesn’t need that redirect to know what you’re clicking on. You’re already on their platform, they can already track every single click that you do while on Bluesky including navigating to outbound links. I’m a bit shocked that nobody here is calling that out to be honest
So why?
Facebook does the same, even in their own in-app browser to keep tracking you.
Indeed. I have no doubt that BlueSky will eventually enshittify given that they are not truly non-commercial, but this is not an example of such a thing.
I don’t think that is true, iirc you can’t track simple clicks on HTML
aelements.Apart from using JavaScript, there’s also a way to track links in HTML
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/a#ping
TIL, thanks for sharing
With JavaScript you can track your precise mouse cursor movements. Many analytics products even offer that as an “session replay” feature to check how a user moved their mouse, or to see heatmaps of where people are pointing to.
Tracking actual clicks is obviously much more trivial.
Yes, you absolutely can, and it’s super simple. Click listeners are one of the most basic things you can do with JavaScript, and there’s nothing special about
aelements that would make them not work. The only way to stop it from the user’s side is to disable JavaScript in their browser, but that comes with the downside of the majority of websites and apps just plain not working anymore.with javascript you can just use an onclick.
I don’t know much about how any of this stuff works, so these are honest questions in good faith. But how did Bluesky know, before this change, that I clicked a link? Am I not just telling my browser to visit a website? I don’t really understand how it’s different from me copy-pasting the URL manually.
Am I not just telling my browser to visit a website?
Well yes, but actually no. You are clicking on a link, which, by default, will make the browser visit the website behind the link. But the website that shows you the link can have Javascript code in it, which runs in your browser and can, among other things, “intercept” clicks on anything and change what the clicks are doing.
This is how this redirect is happening in the first place. The links on Bluesky still point to the correct target site, but when you click one of them, JavaScript jumps in and changes the target of the navigation to the redirect domain. This is not necessarily to deceive you, it’s actually a good thing that you can still check the website you’ll end up at before you click, and you can still do things like right-click to copy the link manually this way.
That means that even without the redirect, JavaScript could for example not change the navigation target at all, and just send a tracking event to their servers in the background to let them know you clicked the link. This is how it works for most websites that use analytics. For the normal user this is totally invisible, and this is why I’m saying that bsky doesn’t need the redirect to track you. They could do that in a much less obvious way already. And for all we know, they probably are already doing that, as their privacy policy explicitly states that they can collect usage data like what links you click on.
All of this is pretty standard for any commercial service on the web, btw - knowing what your visitors/users are doing makes it much easier to see where your app might be having issues, what features need to be focused on to be improved, etc. It only gets shady if that data is also used for marketing or sold to third parties. And, to be fair, bsky’s privacy policy doesn’t really prevent them from doing that as far as I can tell. It’s just that all of this was already the case before the redirect, so it’s very unlikely that this specifically is suddenly a sign of oncoming enshittification.
The same way that they know that you clicked on literally anything on their website.
It’s foundational to how the modern internet works (more specifically JavaScript)
For a more visual example, let’s say there is a button that makes an animation or changes color when you hover over it.
That is happening because of code running in your browser that was written by the website that served it to you, in order for the button to know to change, the code must know where your mouse is and if the mouse is hovering over the button.
Your browser, emits ‘events’ which the JavaScript code is able to interact with, these are things like keystrokes and mouse actions. The JavaScript running on the page can very trivially record these actions.
Every single way you interact with a website can be tracked, here is a commercial product that specializes in complete session recording (in theory to see how your users interact with your pages to make improvements: https://mouseflow.com/platform/session-replay-tool/
FUD is the name of the rage bait game.
A centralized platform did something? Must be bad. The post title primes that reaction.
Just because they have other means of doing link tracking doesn’t mean they aren’t using this link proxying to track stuff.
I mean… Sure? They might, or they might not. My point is that pointing to this change as a sign of enshittification doesn’t make any sense, because it’s not changing anything about how they can track and exploit you. There’s nothing there to suggest that this is related to a change for the worse regarding enshittification.
If you want something to point to, take their privacy policy that allows them to collect your usage data and possibly use it for marketing purposes, not a random feature that likely has nothing to do with this.
