this post was submitted on 04 Nov 2023
115 points (100.0% liked)

chapotraphouse

13538 readers
775 users here now

Banned? DM Wmill to appeal.

No anti-nautilism posts. See: Eco-fascism Primer

Gossip posts go in c/gossip. Don't post low-hanging fruit here after it gets removed from c/gossip

founded 3 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] glans@hexbear.net 3 points 1 year ago (1 children)

What are u talking about. Alexandrite runs in a web browser. Idk these others but the premise is insane so not checking.

U should at least get a browser like w3 or elinks if u r gonna be weirdo like this.

Dont go around posting that ppl should prefer clients vs web bc most clients ppl have r 1000% worse for privacy and tracking than web version of same site. Someone will read this and think fb app is better than fb in browser which at least can be configed to send less tracking.

[–] PaX@hexbear.net 1 points 1 year ago* (last edited 1 year ago) (2 children)

What's wrong about the premise? We have been stuck with Windows and Unix for decades and instead of writing new systems capable of integrating fully into the internet instead "we" (mainly corpos) wrote an entirely new system (the system of web servers and web browsers) on top of current ones that is easily as large, complex, and featureful as any other operating system and forced everyone to use it. It takes enormous amounts of resources to maintain this infrastructure and stave off the flood of security vulnerabilities and bugs that are constantly discovered as a result of this system's complexity and the interaction between this system and contemporary operating systems like Linux or Windows.

Even with modern protections built into web browsers now it is still a security and privacy nightmare. You are right though that it's usually better than an app on Android or something but I don't think that's what they meant.

[–] glans@hexbear.net 2 points 1 year ago

The premise is wrong because

99.9999% of "clients" are way worse than any browser for same service


so just throwing such advice around is wildly irresponsible. Examples given were

alexandrite for desktop - does not exist and if it did it would be what, an electron app?

Gemini - impossible or unweildy to use web browser anyway. gemini is a revamped gopher. You can access gemini via a web proxy but i doubt that is substantially worse than using a client https://geminiprotocol.net/clients.html either a proxy or client could contain malicious or sloppy code

neon modem - a github project with 9 contributors https://github.com/mrusme/neonmodem. it is a TUI interface for an itty bitty nichy part of the web. Cool to find out there is a tui for lemmy i will try it because i am a total weirdo not a normal person. It took me years to learn enough to be able much less willing to try a tui for fun.

So we have zero examples. Better but still not great example would have been reddit with 3PA prior to the API changes. Or mail cient vs webmail. Or usenet vs forums. Or bittorrent streaming vs netflix. Ytdlp vs youtube. Rss vs most other options.

Web is universal and low barrier. If you want to move to clients for everything youd have to rework every kind of function done on the web. Personally i like using special FLOSS clients when i can (like the lemmy client i am using right now) but i dont want it for everything. And a lot of the coziness with volunteer small groups of devs would vanish with any degree of popularity. A lot of the vulnerabilities that persist are pervasive to the internet and need systemic solutions like net neutrality and enforcement of regulations. Same problems could easily reproduce themselves with the proposed solution. Security thru obscruity sux.

[–] glans@hexbear.net 1 points 1 year ago* (last edited 1 year ago)

@PaX & @EatPotatoes I tried neonmodem. Was eventually able to login to hexbear.

username and password stored plain text wtf

  • who needs spyware with such abysmal security?
  • you are much better off with a web browser
  • no mention of this in the installer, the --help, the readme, the application
  • I only found it because I was trying to troubleshoot another bug so I looked in the config file
  • PR open since June 2023; no work since July
  • another PR by different user attempting to solve the same problem but it was closed due to existing (still today unmerged) PR
  • The devs are aware since many months. Have not even bothered in any way to alert users.
  • Lack of notice demonstrates total lack of concern for users which I'm sure is manifested in lots of other ways

Lots of people share computers, they have unencrypted hdds, they have auto cloud backup etc. Hopefully no need to describe all reasons why plain text credential storage is Bad.

Like the advice to prefer clients over web, this project in its current state is plain irresponsible.

Clear from the github/website that this is intended primarily to adhere to devs' aesthetic tastes and nothing more.