this post was submitted on 03 Jan 2022

6 points (87.5% liked)

Asklemmy

43831 readers

967 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

Open-ended question
Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
Not ad nauseam inducing: please make sure it is a question that would be new to most members
An actual topic of discussion

Looking for support?

Looking for a community?

Lemmyverse: community search
sub.rehab: maps old subreddits to fediverse options, marks official as such
!lemmy411@lemmy.ca: a community for finding communities

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago

MODERATORS

Remove the need for Javascript. Tor-friendly (lemmygrad.ml)

submitted 2 years ago* (last edited 2 years ago) by embaixadordaursal@lemmygrad.ml to c/asklemmy@lemmy.ml

14 comments fedilink hide all child comments

Many sites like "Elude" work perfectly without javascript, allowing their use through tools to escape censorship such as Tor.

Why doesn't Lemmygrad implement this too?

all 16 comments

sorted by: hot top controversial new old

[–] CHEFKOCH@lemmy.ml 5 points 2 years ago* (last edited 2 years ago) (1 children)

Lemmy is no honeypot and no programming language is perfect + there are attacks that work without JavaScript, CSS exfiltration attacks for example.

Try harder.

[–] embaixadordaursal@lemmygrad.ml 1 points 2 years ago (1 children)

Wrong. Elude works in .onion

[–] CHEFKOCH@lemmy.ml 2 points 2 years ago (1 children)

There are 200 domains registered with elude, how shall we know what exactly you mean. 🤦

Makes it not better anyway, since onion domain name spoofing makes the honeypot argument even worse because no one can memorize long .onion domains.

Guessing you mean elude.in, there is no source code and a stitched together homepage which looks like amateurs made that in 2 min. Sure, trust such a page over Lemmy which is FOSS + can be self-hosted.

[–] embaixadordaursal@lemmygrad.ml 1 points 2 years ago* (last edited 2 years ago)

http://eludemailxhnqzfmxehy3bk5guyhlxbunfyhkcksv4gvx6d3wcf6smad.onion/signin

I'm talking about the usability of this type of site, which does not require JS. Despite being suspicious

[–] nutomic@lemmy.ml 2 points 2 years ago* (last edited 2 years ago)

Someone would have to write an alternative to lemmy-ui which doesnt use js. This doesnt require any changes to Lemmy itself, and can be written in any language. lemmy-lite is such a project, but development is inactive.

[+] 10_0@lemmy.ml 2 points 2 years ago* (last edited 1 month ago) (2 children)

[deleted]

[+] 10_0@lemmy.ml 3 points 2 years ago* (last edited 1 month ago) (1 children)

[deleted]

[–] embaixadordaursal@lemmygrad.ml 1 points 2 years ago (2 children)

I'm not claiming it is. But it's a possibility. And I've shared it on other sublemmys to draw attention to something essential.

Many tools, programs and websites are placed on the internet to attract specific users and collect data. And it's possible to create a version without javascript with basic functionality, sites like Elude prove it.

[–] Nyaa@lemmy.ml 2 points 2 years ago* (last edited 2 years ago) (1 children)

While it is a possibility, it's much less likely to be a honeypot than Reddit itself is. Also an admin replied saying that it's possible for someone to rewrite the UI to not use JavaScript, the JavaScript is just here for convenience in development. This wasn't really made to be the safe haven for people who know multiple state secrets and have assassins after them, it's just a federated link aggregator. The about page doesn't even mention the word privacy or anonymity a single time.

[–] BlackLotus@lemmy.ml 1 points 2 years ago (1 children)

This wasn’t really made to be the safe haven for people who know multiple state secrets and have assassins after them, it’s just a federated link aggregator.

Lmao, right? Well said. There are different tools for different jobs.

[–] embaixadordaursal@lemmygrad.ml 0 points 2 years ago (1 children)

Running on tor is a very basic function

[–] BlackLotus@lemmy.ml -1 points 2 years ago (1 children)

It does run on tor, you just have to enable javascript, losing some of the benefits of tor.

Either way, this isn't the place for putting state secrets that make you fear for your life. There are already better tools for that, and lemmy was never trying to be that.

If you want a lemmy instance that does, make your own.

You're clearly not a developer, so you don't understand that what you're asking is for the lemmy devs to start the frontend over from scratch. Additionally, for most normal users who don't have your specific needs, JavaScript powered webpages are likely preferable. In a perfect world, there would be both a JS-free and a JS version of the web page to cater to both categories.

We don't live in that perfect world, sorry. Feel free to dedicate thousands of hours to learning to program and then hundreds or thousands more to implement the feature you want. We'd all appreciate your contribution.

[–] stopit@lemmy.ml 0 points 2 years ago (1 children)

It's not about state secrets...it is about user rights which is paramount to the free software movement. If developers really feel JS is necessary (its not) they should at least limit themselves to libre-js (they don't).

[–] nutomic@lemmy.ml 1 points 2 years ago

If you want to tell us how to do our work, then you should pay us. Otherwise, the software is available as is.

[–] CHEFKOCH@lemmy.ml 2 points 2 years ago

Same like it possible that moon landing was hoax right, easy-peasy manipulating 400k people who worked on that project....

Come back to reality, friend.

[–] jorgesumle 1 points 2 years ago

You can have those features without JavaScript (see Postmill).