Mlem in app browser is using an in app browser API that is secure by design. It doesn’t allow snooping or injecting anything. This article is talking about abusive apps like Facebook that roll their own in app browser.

Edit: although on iOS, the secure iOS in app browser api is always using safari engine, so the user choice argument is still valid.

It’s crazy that the in-app browser isn’t an OS-level overlay that the app can’t influence or look at what the user is doing in it.

Android and iOS both have apis for in app browsers that are secure by design. Voyager for Lemmy uses this. Mastodon uses this. Last I checked even Twitter used this. However Facebook does not.

these platforms also offer lower level APIs to build custom interface which are more powerful and flexible (but can be abused). This isn’t necessarily a problem. Custom browser apps need that functionality, and apps sometimes display their own content with web views.

The problem is that app stores allow slapping a skin on this more powerful API and treating it like an in app browser to connect to arbitrary sites. Dumb imo. If you offer an in app browser, it should be required to use the platforms secure in app browser API.

More powerful APIs should only be available to browser apps and displaying your own content in a web view.

Back in my day we couldn’t walk or bike to the grocery store because the streets were so dangerously designed

I’m a monthly donor :)

:( Best Buy has the best shuckable hdd deals

It’s supposed to be getting better, but moving very slowly.

spoofing is pretty common still afaik.

I made a purchase on a sketchy site (during Covid when things were hard to find). A day or so later, some unauthorized transactions were made on my card. “Bank” called from actual number of my bank, to verify if I actually made the transactions. provided some of my personal information, transaction amount etc then asked to verify ssn. It was very convincing.

Luckily I refused because I know anyone can call you claiming to be any number, and I didn’t give out any info, and said I would call back that number (my bank).

Bank had no knowledge of a call.

15 minutes later, get real fraud department call from my bank. They just wanted to know if it was fraud or not and didn’t ask for any other info.

Moral of the story: if someone calls you, never give out personal info. Tell them you will call back if needed.

Voyager has spoilers! It’s not in the markdown toolbar yet but if you know the syntax it works

That’s not quite true - images are only shared if you attach the image to federated content, such as a post or comment. Then yes other instances will cache the image.

If you never do that, and just upload an image accidentally like OP then it will not be federated AFAIK.

That sucks. As a 3rd party Lemmy app developer, I’ve only had positive interactions with the Lemmy devs. They’re even being proactive in communications.

Sunshine soup!

Yeah, this. Remark, the markdown library Voyager uses, is very powerful but also extremely complex (it has to be, to deal with Markdown edge cases).

I made a bit of progress last week on a custom plugin but it’s a lot of work. There’s like 4 layers of parsing required.

I wish Lemmy used GFM spoilers, which just uses normal details and summary html tags. But alas.

It’s really annoying there’s no standard markdown syntax in common mark.

I fully expect GMail to be enshittified in the future.

“GMail through gmail.com and GMail App: Always Free”

“GMail Pro (IMAP/POP/Forwarding): Only $3.99 / mo”

Any service can implement this today, with activitypub. Being an enhancement proposal is just an attempt to standardize extensions to ActivityPub, lots of the time that services have already implemented.

https://codeberg.org/fediverse/fep/src/branch/main/fep/ef61/fep-ef61.md

https://xkcd.com/927/

That’s true, but it’s not an inherent limitation of ActivityPub.

I don’t speculatively invest, so I won’t be participating. (And I’m pessimistic about Reddit’s future anyways.) Just wanted to share. I am boring with mutual funds. :)

There’s a rollout table here

Feb 22: Invite-only pre-registration launches

During this period, only redditors with invitations will be able to pre-register. Reddit will send invitations in batches on a rolling basis based on the following criteria*:

March 1: Open Pre-registration launches

All Redditors with accounts created on or before Jan 1, 2024 will be able to pre-register by visiting reddit.com/dsp (no invitation needed).

March 5: Pre-registration closes

The deadline for pre-registration is March 5, 2024. A waitlist will be opened if pre-registration reaches capacity prior to March 5, 2024. We will not be able to accept any pre-registrations after this date.

We had a thing a while back on Lemmy where a bunch of semi-popular instances (including lemmy.world, though they seem to have rolled that back) all defederated from instances that mentioned piracy. I don’t have a problem with piracy. I want to talk about piracy.

To me, that is a feature, too. The admin team made a decision, and the community engaged, the topic was discussed, and the decision was changed. To me that’s a very healthy process. The only thing I would’ve changed would be LW engaging the community before defederating, but they were understandably worried about legal implications.

Even if LW didn’t reverse this decision, you can change instances. Lemmy 0.19 makes this easier with import/export, but I would argue it should be even easier. Ultimately though this is a lemmy implementation detail, and not an activitypub problem.