Re: could we have some sort of Is-Autonomous header? from Soni L. on 2024-03-16 (ietf-http-wg@w3.org from January to March 2024)

From: Soni L. <fakedme+http@gmail.com>
Date: Sat, 16 Mar 2024 20:59:43 -0300
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <6234ef92-adba-441d-b79a-feef146721c1@gmail.com>

we just wanna add, if you wanna do User-Agent sniffing for this, a 
*partial*, *current* list you need to sniff for is:

Discord
X
Facebook
WhatsApp
Signal
Telegram
TheLounge
Discourse
Mastodon
Pleroma
Misskey
Matrix

and it's likely just gonna grow from here.

(and we can all agree that User-Agent should've been deprecated over a 
decade ago.)

On 2024-03-16 08:51, Soni L. wrote:
> hello!
>
> one of the issues with fediverse is how each instance caches other 
> instances' posts, but when you copy the link to a post it gives you a 
> link to your own instance. this link then either does a redirect 
> (which is dangerous and mastodon is deprecating it), shows an 
> interstitial (new versions of mastodon do this), or shows the cached 
> content (most other instances do this).
>
> doing a redirect is bad because it paves way for certain kinds of 
> phishing attacks. but it preserves the original opengraph metadata, 
> allowing for seamless link previews.
>
> an interstitial is great because it reduces the chances of those 
> phishing attacks. but it breaks the opengraph metadata, so you don't 
> get link previews.
>
> the third case we don't talk about because it's not really relevant to 
> this post. (except minimally it is, more on that in a bit.)
>
> so the Is-Autonomous header would ideally be set by link preview 
> systems and not by anyone else (explicitly not by browsers). when a 
> server sees Is-Autonomous, it could change its behaviour in any of the 
> following ways:
>
> - instead of showing an interstitial, it could do a redirect.
> - instead of rendering an entire regular page template, it could 
> render just the opengraph metadata.
> - it could reject the request altogether.
>
> the first 2 of these are great incentives to use the Is-Autonomous 
> header: the first one makes link previews work, and the second one 
> saves bandwidth both on the server and on the link preview system. we 
> believe these benefits outweigh the drawback of the third for anyone 
> interested in deploying this.
>
> but enough with what we believe, what does the http wg think?

Received on Saturday, 16 March 2024 23:59:53 UTC