Scott Reynolds Nelson
Tibor MartiniI developed a tool to show you your twitter friends on #mastodon: https://www.movetodon.org/
๐ All data stays in your browser
๐ No CSV import neccesary
๐ List can be sorted by sign-up date, so that you can find new accounts fast
Nils@Tibor sehr gute Sache, danke! Aber bei 432 hรถrt es bei mir auf
@nilsbremer sollte jetzt klappen
@Tibor in der Tat! 1000 Dank
Blubberbub@Tibor
Isn't the claim "All data stays in your browser" kind of misleading?
To me it looks like all the data and access tokens are passed through your server.
Or am I missing something?
The last time I checked, it wasn't possible to do this browser-only, because twitter was missing a simple CORS header ๐.
@Blubberbub I donโt think CORS headers are a problem, but revealing your secrets is one. The server is only there to hide tokens and pass data, nothing is saved there.
@Tibor
To me "All data stays in your browser" means, that there is no party that could get a hold on my data, even if it wanted to, so no 3rd party to trust. But there is, which I find misleading.
If there would be a CORS header, one could use a "public client" and query the twitter API directly from the browser, truly keeping the data in the browser -but sadly the header is missing.
AppSec stof 
@Blubberbub i think you mean CSP, because CORS is only for those who control both client and server on different origins, and a twitter scenario with CORS would not make sense. CSP however gives us confidence if it defines explicitly what external APIs will work, everything else will be blocked (except plugins)
@stof
No, I mean CORS. Because the twitter API is on a different origin, a header is required to access it from a non-twitter domain in the browser. That header is missing.
https://stackoverflow.com/a/35898961
You can access the twitter API from the browser by using a cors-proxy, that sets that header. (There are some available publicly, I think)
@Blubberbub you're trying to make a point about assurance that data won't leave the browser, CORS provides no such assurance of that no matter how you designed the fetch/xhr to gain it in the first place, thats (CORS) is the opposite direction..
Contrawhit@Tibor thank you! Very useful.
Mae Ost 
@Tibor Wow, das funktioniert ja hervorragend, besten Dank!
Erik MoellerAwesome! Is it open source?
Greg Brooks@eloquence @Tibor not open source and data does go through his server.
Thomas@keyboardg @eloquence @Tibor
So which is it?
"All data stays in your browser" or "data does go through his browser"?
So which is it?
"All data stays in your browser" or "data does go through his browser"?
Stanley Black-Decker@pleaseclap @thomasw @keyboardg @eloquence @Tibor
You can inspect the frontend JavaScript code quite easily and that shows, that the data does in fact go through his server.
You can inspect the frontend JavaScript code quite easily and that shows, that the data does in fact go through his server.
@pleaseclap @keyboardg @eloquence @thomasw yeah, even if I would open source it, you couldn't be sure that it's indeed the code on the server.
@Tibor @keyboardg @eloquence @thomasw
People would host their own
It's weird it's like, despite the stated purpose of the project you don't seem to place a lot of stock in good faith gestures
I wonder why
@eloquence @keyboardg @pleaseclap @thomasw sure, I pay for a server, I develop a complete project for free, and I don't place a lot of stock in good faith gestures. What are yours?
@Tibor @eloquence @keyboardg @thomasw
Yes that's what I said, and this kind of hostility in the face of a simple criticism doesn't support your claim
@Tibor @eloquence @keyboardg @thomasw
He blocked me
Baselessly attacking me instead of explaining his clear derision towards open source saves me time, for sure
Zak@pleaseclap @eloquence @keyboardg @thomasw
Big difference between "stays in user's browser" and "not saved on central server". This one has worked well for me: https://github.com/pruvisto/debirdify
@zak @eloquence @keyboardg @thomasw
I'd also like to correct the record: this is actually my real face
Victoria ๐ปI think the requests re: open source are because it would help to alleviate any concerns about how the tool manages/processes data.
Since a _lot_ of folks are using it now to migrate accounts this seems like a reasonably big deal and would make me personally more comfortable in recommending it.
It's true that as a hosted tool there's still a remaining element of trust, of course.
Do you have any plans in this regard or are you planning to keep it closed for the foreseeable future?
@eloquence not at the moment. I see no advantage for me personally in doing so and I havenโt used github for a long time, so I wouldโve to put some effort into this. And no advantage, but effort is not a good deal.
Please also keep in mind for whom this tool was built: For people who just want a simple solution. Not managing CSVs. Not having to care about anything that looks like code. Other people may use open source CSV solutions if that makes them happy. It wasnโt built for them anyways.
Understood. The argument for open source is more about code auditability, which gives folks who _are_ capable of doing that more comfort in recommending the tool to others.
It's also more in line with Mastodon's philosophy -- after all, you're helping folks migrate to a network that's built entirely on open source software :)
Your call of course - just making the case for in a hopefully non-badgering way!
Recherchemeisterin@Tibor
Vielen Dank - ein tolles Tool!
Vielen Dank - ein tolles Tool!
Gerrit Imsieke@Tibor My instanceโs API returns 429 โ Too many requests. Maybe you can add a throttling option? I donโt know how long a wait will be sufficient though.
Max Petras@Tibor great stuff, thanks!
Christian Saris@Tibor Thanks for that tool and for the remark that the newly addded accounts could be found fast. So it is possible to put them to lists afterwards.
Keywan Tonekaboni@Tibor sehr schรถne UI, einfach zu benutzen. Hast du den Quellcode dazu verรถffentlicht bzw. gibt es einen Issue-Tracker?
ljยทrk@Tibor Nutzt das die gleichen Heuristiken wie die anderen vergleichbaren Tools? Also werden die gleichen Leute gefunden? Es wรผrde ja Sinn ergeben eine Library fรผrs Matching zu schreiben und sich zu teilen um Verbesserungen dieser Art allen zukommen zu lassen. Sonst mรผssen User am Ende alle Tools ausprobieren um die maximale Abdeckung zu haben ^^'
Lucas Appelmann@Tibor Schaut sehr gut aus, aber bei genau 400/850 hรถrt es auf und dann kommt nur noch "Die Seite reagiert nicht mehr".
Nicolas Scharioth@Tibor Wow - sehr cooles Tool. Danke!
Leo Mehlig@Tibor Great job! I had some problem with signing in to Mastodon on Safari, but it worked like a charm in Brave.
Stuart Edelenbos@Tibor life saver. But still, only 10% has made the move
Paul Chambers๐ง@Tibor Awesome tool!
#mastodon: https://www.movetodon.org/
๐ All data stays in your browser
๐ No CSV import neccesary
๐ List can be sorted by sign-up date, so that you can find new accounts fast
Boskee โ๏ธโ๏ธโ๏ธโ๏ธ@Tibor Great stuff. One suggestion/request: can you add sorting to the Follow/Following column?
@boskee thanks for your suggestion! I have added a filter option instead, is that fine as well?
@Tibor That's great. Thank you.
@Tibor One more suggestion if I may - allow people to paste in their mastodon handle eg [email protected] or @boskee as well as url, and extract domain if it wasn't in the first place. That'll help some people who are not sure what servers and domains are ;)
@boskee you mean on the login page?
@Tibor Yar. Like here: https://followlists.online/login
You can paste in https: / / meowr.me (without spaces) , you can paste [email protected] or type in meowr.me and it will clean them to "meowr.me"
Jan Terpstra@boskee Habe im Nachhinein festgestellt, dass ich das bereits so mache (also Instanz aus der Eingabe auslesen, auch wenn es eine URL oder ein Handle ist)
ricardo 
@Tibor works a treat!
bitbonk@Tibor Sehr sehr geil, besser als alle anderen bisherigen Tools, gebookmarkt. Vielen Dank!
Kplay@Tibor thank you for this!!
Miguel de Icaza แฏ
๐@Tibor wonderful tool! Thanks for building and sharing!
Traveling Salesman 
@Tibor Thanks! This is so great!
codesmell
Steve Testa@Tibor such a wonderful tool, thank you!
BCDodgeme