Posts on NSFW communities on Burggit are inaccessible to visitors of the site who are not logged in, meaning these communities can only be browsed pseudonymously. There are two reasons why I think this restriction should be lifted:
- Security and privacy: Some people on the internet may wish not for their browsing habits to be connected to an account and may wish to minimise identifiers. Some browse the internet with cookies disabled. Some have to live paranoidly on the internet due to where they live and other life situation reasons, and these people won’t be able to enjoy the NSFW communities on Burggit.
- Discoverability: To check out NSFW communities, people have to register an account, so it’s not possible to make a decision after seeing if you like the instance. Previously, you could browse Burggit’s NSFW communities on lemmynsfw.com without an account but after they defederated, this isn’t an option either. There might be other instances you can use now, but it’s not a good idea to count on other instances for this purpose.
I’m curious about what you think about this.
You must log in or register to comment.
Reading the comments, you seem incredibly paranoid about this. Like, incredibly. I don’t mean this to be disparaging, but like, this kinda reads like “I live in a bunker because standard construction is not sufficiently resistant to hellfire missiles”.
I bring this up because at the level of security risk you’re concerned over, the only actual threats would be groups with significant resources specifically interested in you, personally, or at least your online presence. And given your reference to the NSA, I would presume you live in the US, where you realistically aren’t breaking any laws in browsing except maybe some trivial copyright law that isn’t worth the resources to enforce, meaning the biggest security threat, the government, isn’t a particularly realistic one.
Or, shudder a concern troll at work. If they’re genuine then the admins have provided enough input in the topic.
The front page sidebar indicates that NSFW content is hidden away from visitors without an account, and this is a Lemmy restriction, rather than a Burggit one.
I don’t follow Lemmy’s development so perhaps it might change in the future (either with an upstream change or forking the codebase and making further adjustments, which is what I think lemmynsfw did).
I missed that. Is this a new development? I have browsed NSFW-tagged posts from Burggit on the lemmynsfw.com front end before. I doubt other instances can un-NSFW posts from other communities.
They’ve forked Lemmy and are running their own version of it with modifications.
Clicking “Code” on the footer in in lemmynsfw.com leads to https://github.com/LemmyNet so if they are running a fork and they haven’t released their source code, that would be an AGPL violation. Either that, or they’ve stopped doing that, which seems more likely because I can’t view NSFW-tagged posts on that instance right now either.
Ya, probably a AGPL violation. They would have to modify the source code every new version from what I heard.
I hope that code gets adopted into main in some form eventually. The only thing I miss from lemmyNSFW are the auto-expand / no blur images options.
Also +1 for the ability to browse as an anon. That was one of my favorite features of the Infinity app I used to use. Also had an option to require a pin on unlock for mobile.
Check out my tampermonkey script over here: https://burggit.moe/post/84267
I unblur the icons and then make them twice as big
Ah yes. I’m currently using it! Thank you for that. Images are still small, but it’s a huge improvement!
Couldn’t they create an account here or in a federated instance and abandon it if they didn’t like the content? The site doesn’t require any personal information to sign up, not even email. This just doesn’t seem like much of a problem to me.
Probably not the best idea for people to break local laws to visit here. But, to that end, wouldn’t having the content publicly available lull some into a false sense of security? Maybe it’s better to need an account and realize caution is warranted.
I also wonder if public access to the NSFW content could be used to harm the site or users somehow, perhaps DDoS, scraping, doxing, brigading, harassment, etc.
As for the third point, you can reason yourself into limiting the usage of something a lot using that thinking. I think extending public access to NSFW posts is reasonable considering the potential harms. People who might, for example, want to target users who might be into a certain category of pornography can right now target the meme communities of such categories. They would then be able to target the NSFW communities as well. But again, that kind of thinking will make you take away access to a lot. This is a public community that is very easy to get into afterall.
Couldn’t they create an account here or in a federated instance and abandon it if they didn’t like the content?
They could, and it would create a waste. Further extending the problem, if someone wants to limit links to viewing habits and some identifier (an account), they would need to create a brand new account every single time they browse an instance. This also does not address the no-cookies problem.
But, to that end, wouldn’t having the content publicly available lull some into a false sense of security?
Sites with NSFW content usually display some warning about how you must be X years old and so on. I imagine once the toggle is implemented, such a warning can be displayed. This isn’t a good enough reason to require the creation of an account anyway IMO.
An account is a few bytes on a disk, it’s not much of a waste. Easy to clear browser cookies.
I’m talking about how wasteful it is for the instance. Names will be taken and orphaned forever. If, again, someone creates an account each time they browse the site, which is reasonable as things stand, it’s wasteful for the instance. Not to mention it’s a waste of time for the user (and for the admin if they decide to run and then run a cleanup script), which is a more important resource.
An email is not required, it doesn’t make sense someone would want to make a new account every single time, they’d just make 1 account without an email connected and browse through that. There’s no difference between a 1 minute old account and 1 year old account if they don’t publicly interact with anything. I’m just not understanding your logic here.
An account is a data point, an identifier, that builds a correlation between the account and the posts and communities viewed. People who wish to remain anonymous online therefore would have to create a new account every time they want to browse NSFW communities so as not to have one point (account) that gives away all their interactions. I don’t mean public interactions. Every HTTP request they make is an interaction in this context.
That logic does not make sense. Say if for example, we do make NSFW public, by browsing this site anonymously, you’re already caching images. My best advice is if you’re in a country where what we’re hosting is illegal for you, then do not use our site and if you do, know the risks and use a VPN or Tor.
Of course, by just visiting the site, the user is already taking the risk of leakage from many angles. The user can, as you have said, use TOR and take other precautions. You can always reply with “Well, if the user isn’t doing X, they’re already too exposed anyway” but I’m trying to point out that an account is yet another thing to worry about that complicates the things that a user trying to stay anonymous has to do.
If you’re not subscribing to communities, liking posts, commenting, upvoting, posting or doing any interacting the account isn’t much of a data point. There’s no correlation as to the content you viewed or clicked on tired to your account and it’s the exact same as a brand-new account in every single way. It holds no more data than if you were not logged in, if you don’t use it for any interacting.
While this feature isn’t something i’m against inherently, we don’t have the resources right now to make a fork of lemmy to do this unless they add it in to the main lemmy software.
There’s no correlation as to the content you viewed or clicked on tired to your account
Well, along with an HTTP request sent to burggit for certain things, you send your account authentication information. For example, when viewing an NSFW post, since you have to be logged in. So everything banks of your (referring specifically to you lol) operational security being perfect or you being entirely trustworthy if someone doesn’t want their posts viewed to be stored or processed and therefore correlated to their account. This is why someone would make a new account every time they open up burggit.
You can just end this conversation by saying “Well, that’s not gonna happen” or “It’s not that big of a deal” but that’s for the user to decide. (I’m not putting words in your mouth. I’m just preemptively responding to such thoughts that someone might have.) Ignoring that, there is a real concern here, the way I see it. Data and system breaches are very commonplace, and people do people things.
Couldn’t you tor in, or share one account?
It would be difficult to arrange a shared account between enough people to form a significant crowd so that every individual user, using TOR, blends in. I have just never heard of something like that happening, and I wouldn’t bet on it.
You can always do a database query to delete accounts that never posted and haven’t logged in for a year.
If someone is breaking the law to come here then I’m not too worried if they have to take extra steps or if their time is wasted. Or if they’re some kind of pig or outrage artist trying to dig up dirt then I don’t care about them either. Making some level of investment to Lemmy or the instance is a good thing. I even liked it when they required a write-up to join.
I’m sure a pig or an outrage artist would have more time and tolerance to fill out a signup form (either by hand or automatically) than a random user who just wants to browse a based lemmy instance.
It seems that a toggle needs to be implemented in the web UI, and that’s the only thing blocking this. https://github.com/LemmyNet/lemmy/issues/1320#issuecomment-1607702270
