Mastodon EngineeringThe first beta of #Mastodon 4.2.0 is now available for testing! There are too many improvements to count. See the extensive changelog and upgrade instructions here:
https://github.com/mastodon/mastodon/releases/tag/v4.2.0-beta1
Michael Downey 🧢Coming soon in #Mastodon v4.2.0:
👀 3rd-party JavaScript spyware loaded without users' consent.
Nordnick 🌐@[email protected] @[email protected]
Looks like this is a privacy issue and it may not even be legal... right?
Looks like this is a privacy issue and it may not even be legal... right?
Well the devs aren't known for pausing anything to deal with objections or concerns ... so, screw the privacy rights violations for users and legal problems for admins!
KuJoe 💞@downey so this is required now? I thought the PR said optional? Why did this change?
lalalala sombra@downey @MastodonEngineering I thought hCaptcha was the good one. Disappointing.
Adblockers will always be a necessity.
Robin Syl 🌸
mirabilos@lasombra @downey @MastodonEngineering no, they (Cloudflare/hCaptcha) are really really bad. I contacted them on behalf of several blind #lynx users and they refused to even understand the problem.
🍉 max frühschütz – нет войне@downey @MastodonEngineering weird that they went for a proprietary solution instead of something like mosparo
GMate8@downey @MastodonEngineering I said, they don't really care about us anymore.
@downey @MastodonEngineering but it's true we could argue about DeepL translation feature too, if we take this as we take it.
@gmate8 Somewhat. We use a self-hosted LibreTranslate but AFAIK content is only sent to the translation server when the user clicks the "Translate" link right? At least there is a bit of user autonomy there, as opposed to this new captcha that records PII automatically without warning or affirmative steps by users.
@downey LibreTranslate's cool, wish it was available in hu
But even lingva could be an option somewhat
But even lingva could be an option somewhat
Zii0
Рой Клꙮунов
@aka_dude Users can't set that, but thanks for misrepresenting my comment.
This account is inactive!@downey @MastodonEngineering oh Jesus, is that real?! That sucks, but sadly that's true 😔
Opalium@downey @MastodonEngineering
I wonder: would informing or otherwise notifying the user that the sign up process includes a third-party captcha - before even signing up - be a reasonable compromise here? This way, they can choose a different instance should they wish to avoid the captcha.
I wonder: would informing or otherwise notifying the user that the sign up process includes a third-party captcha - before even signing up - be a reasonable compromise here? This way, they can choose a different instance should they wish to avoid the captcha.
@opalium Yes, consent is what was raised in May and ignored by the devs since then.
@downey @MastodonEngineering to add insult to injury, hCaptcha/Cloudflare actively refuse to support a11y, e.g. for lynx users. They ought to be boycotted, even if GDPR etc. weren’t an issue already.
@downey @MastodonEngineering not that it matters much for your instance, since
floss.social already violates the GDPR by illegally loading content from shields.io and masto.host without obtaining prior user consent…
waldi@downey My instance delivers right now: "content-security-policy: script-src 'self' https://chaos.social 'wasm-unsafe-eval'". This was not changed, visibly, in this commit. How does it load that 3rd-party stuff?
