- cross-posted to:
- BoycottUnitedStates@europe.pub
You must log in or register to comment.
Glad to be a citizen of the chadiverse.
So much for the claims I read that it would be a more open platform. I can’t see how this possibly benefits the users.
The product is
not open source and itis mainly controlled by a company through its servers and proprietary components. They own it. Even if they use some open protocols. They are about as open as OpenAI — they are not.This is technically incorrect (the best kind of incorrect?). Bluesky is open source, with the exception of the discover feed algorithm, which they claim must remain secret to prevent it being manipulated. There are open-source replacements for that feed available, so it’s open enough that it is theoretically possible to spin up a Bluesky replacement, albeit impossibly expensive.
Coming at it from another angle though, the product in any commercial social media product is you, so in that sense you’re right: the product is not open source. Either way, open source code is not some panacea that erases all risk of commodifying its users. Bluesky is a great example because while it is open source, that in absolutely no way prevents them from tracking their users.
Actually, you can host the App bit yourself, and piggyback off bluesky’s relay until another one pops up.
you’re right that this is likely to be used for tracking crap, but i wouldn’t write off the concept as only for that
for example, home assistant has https://my.home-assistant.io/ where you can set your home assistant URL and doc links (etc) link there, and then that site in turn automatically redirects to the correct place on your local home assistant
this could be used similarly by the fediverse: imagine my.join-lemmy.org where lemmy instances you’re not logged into redirected you to, which then in turn redirects to your home instance… that way, links across the web to lemmy would automatically redirect to your home instance
perhaps it’s not something that’s worth the trade off - centralising in some ways - but in federated platforms on the web it’s far from a write-off
They don’t need to redirect to click track. They could very easily do that on the front end and you wouldn’t even know it was being done.
Or we could start using ap:// links https://codeberg.org/fediverse/fep/src/branch/main/fep/ef61/fep-ef61.md
Didn’t take long for the expected to happen.
They already know your IP address, you’re using their website/app.
It’s either to track outbound clicks (And potentially block them if they’re harmful, YouTube and Steam do that), or a much more unlikely option is to hide the referrer from the target site (Since browsers have better ways to handle that now, but old ones don’t)
Wouldn’t it be easier to just scan the original post for harmful links?
Then you have to scan every single existing known post every time a new link is blocked, if you redirect it through a bouncer it’s a single endpoint to block any link, regardless of the source of the post (since bluesky is in theory decentralized)
Websites can change
So either they are solving problems the most common browsers are solving or they are tracking clicks to sell user data. Somehow the latter sounds more likely, especially since they have no reliable source of income yet.
True, but at the same time it’s their app. They already know what profiles you’re looking at, what posts you’re viewing, and the images you view, knowing what links you’re clicking on is just another event handler.
track outbound clicks (And potentially block them if they’re harmful, YouTube and Steam do that)
Google & Meta & Discord doing the same?
Anything under direct corporate control will enshittify. It has nothing to do with mission, values, direction, purpose, or any other bullshit in the charter of a service. If it is controlled by an entity with shareholders turning a profit, it will enshittify, because those shareholders will demand ever increasing profit for their investments. It is a one-way process.
The direct counter to enshittification is interoperability: the ability to pack up your content (likes, followers, messages, uploads) and import it into another service provider.
Since Signal is open source and mostly FOSS, you can theoretically create a Signal fork that can import Signal backups. I know because this program can read such backups and convert them into other formats. Ideally, the Atlantic reporter could have exported a Signal backup with the offending group chat messages before they expired.
so Signal too?
Yes indeed.
What?
While Signal and the structure of how signal is managed has flaws.
It is not a coorporation and therefore has no need to enshitify
The Signal Foundation is not a corporation.
But Signal Messenger, LLC is indeed a corporation, and it operates officially as a subsidiary of the Signal Foundation. The Signal protocol, as well as the official app, is developed by the LLC and not by the foundation.
In any event, there is plenty of room for a future enshittification of Signal. Is it less likely than many other entities? That’s probably a fair statement. Is it impossible? Not in the least.
It’s a non-profit.
OpenAI was a non-profit. Then they built something that could earn a profit, stopped being a non-profit, and immediately began to enshittify.
The Susan G. Komen foundation is a non-profit that enshittified with a “pinkwashing” scandal.
“Corporation” is not the predictive factor. “Centralized” is. Any centralized system is subject to the shitty whims of the operators.
it’s a “non profit organisation”, just like OpenAI once was
Never follow social media to a second location.
Oh, there is so much more you can do with this “functionality”. Welp, anyone who trusts bluesky even an inch better prepare to be deeply disappointed.
There is a legitimate reason for this: it’s the only way to provide content creators with evidence of how many people actually clicked on the link.
The downside is that there is so many ways that a feature like this can be abused by BlueSky in ways that can hurt users.
Yeah, it’s literally the second step of enshittification, where platforms stop allocating value to users and start allocating them to publishers. This is still Bluesky expanding out its surveillance apparatus, something it will have every incentive to abuse later on like other platforms before it.
The content creators themselves could use a link that goes through a counter if they really need it, no?
Why do content creators need to see how many clicks they get?
No, it’s not the only way. You could track the click with JavaScript.
The user can also block your tracking scripts. Besides, the user can share the link with friends, and you won’t be able to track them this way. I’m sure there are many other reasons why having a middleware is de-facto the industry standard.
The user can also block the URL target rewriting. Not sure what’s your point though, I said it’s not the only way, not that there are better ways.
Removed by mod
it’s the only way
lol. Citations needed. Pretty sure this is JavaScript 101.
Trust me bro, we are not tracking you. Please trust me bro!
If the purpose of this feature was tracking, they could just use a JavaScript onclick handler.
That’s incorrect.
BlueSky relies on JavaScript to run (try turning it off and loading their site, it won’t even render). Click-through traffic is almost exclusively measured by JavaScript (e.g. Google ad “events”). This is the same as measuring other stats, like whether you lingered on a post before scrolling past it, or whether you opened another tab, or whatever.
Proxy links are absolutely a method of measuring traffic, and they’re a method that works even when the site has JavaScript disabled - but since that’s not how Bsky works, it’s not relevant.
Yeah that’s what I was thinking. There’s a bunch of ways to track what users are doing without needing to use referral links.
Seems to me the referral links are there to prevent honey cookie shenanigans.
I use an app called URLcheck that I’ve installed via F-Droid. Although it doesn’t appear to give me the ability to skip the bluesky redirect action but at least I know it’s there I guess.
The best part is that if you inspect elements, it still shows as the original link. They only generate the go link after you clicked.
That is so… gross!!! Ugh. Yuck!
That’s how Google always worked, btw. But there is one obvious benefit to showing the original URL before you click it, you can hover it to see where the link actually leads before they hijack the click.
Not always, but for quite a while now
that’s also for accessibility, etc so i wouldn’t pin it all on being malicious
URL Checker is an awesome that many more should be using if they’re not. It can also remove trackers, redirects and other shenanigans from links before committing to the click
Right? I didn’t even know all of the times I’ve clicked links that had trackers on it before using this app, or to remove amp links and such too. I’m not 100% sure what the “scan” function does however.
the scan button is added by the url scanner module. it can do a virustotal check
Ah that’s right, forgot.
You can use pattern checker to automatically replace the URL with the original one.
"bsky": { "regex": "https?:\/\/go.bsky.app\/redirect\\?u=(https?.*?)", "replacement": "$1", "decode": "true", "enabled": "true", "automatic": "true" }(it’s possible they will add more parameters in future, in which case you may want to restrict the selection to not be essentially anything after
u=)samsung internet? why?
Depends on what I’m doing, most of the time it’s Firefox with noscript running, ad block, privacy badger, decentraleyes, etc. but if I need to log into, say like a bank website, I’ll use Samsung Internet. I know it’s underpinnings are chromium, but I dunno, feels better than using straight up chrome I guess.
why not just use firefox for the bank? is the website broken?
I mean I could, I’d have to disable noscript for that site, which isn’t hard to do, but since URLcheck just lets me pick which browser I want to use, I’m just being lazy about disabling my Firefox extensions lol
followup: here is its docs: https://noscript.net/usage/
Ah neat, thank you!
I think you can add per-site exceptions in noscript, so you don’t need to disable the whole addon
Even if it didn’t go to bluesky.app first before the actual link, clicks on it can still be made to be tracked. It’s trivial to do it much more discreetly.
It is definitely tracked, but I would guess that turning it into a bluesky link has other uses, not all nefarious, such as: link previews, caching, dealing with dead links.
Removed by mod
This is for publishers. They announced this openly.
How is this enshittification? As far as an end user is aware nothing has changed right?
Literally nothing. Sure, twitter used its similar t.co links to throttle sites, but bsky isn’t doing this, and if they did, someone could fork the app and people could start using that instead.
Eh. Doesn’t seem too bad, but then again, I haven’t made an account there because of it not really being decentralized enough for my taste.
Seems kinda dumb to go from one centralized service like X to another. Bluesky’s claims of being decentralized are highly exaggerated.Bluesky has been doing enshitification since it didn’t mind having that transphobic man on their platform, as far as I’m concerned.
which one?
Guessing we’re talking about Jesse Singal. The man who was banned and then allowed back in after negotiating directly with bsky staff.
That’s the one. It’s a while back I left now.
Jesse Singal. The other person that replied reminded me. When I left his being allowed to be on the platform was a bit of thing.
I’ve given up trying to save people from obvious traps. They refuse to listen and they refuse all data.
