That was just an example of the general idea about how you can never trust someone running a service on the internet. I meant no offense toward you specifically even thought I used you as an example, so I apologize.

I understand. In my reply, I wasn’t trying to push my request. I was just responding to your points.

Of course, by just visiting the site, the user is already taking the risk of leakage from many angles. The user can, as you have said, use TOR and take other precautions. You can always reply with “Well, if the user isn’t doing X, they’re already too exposed anyway” but I’m trying to point out that an account is yet another thing to worry about that complicates the things that a user trying to stay anonymous has to do.

Well, the thing with systems is they get breached. This sounds cool, but there’s no assurance to anyone that a) there isn’t actually more logging, b) the NSA isn’t reading from your live 50 MB logs (lol), c) Burger won’t turn on us all one day. Apart from that, what a skilled person (with a lot of resources as their disposal) can do with very little data to find out where and who someone is using that minimal account correlation, even behind TOR, can be surprising. Some people are worried about that sort of stuff, and they’re not really in a position to come out and talk about it, either. “Will my speech patterns in my post be analyzed and traced back to me,” etc. A user can take whatever precautions they need (wear their internet condom, go through their internet condom ritual), and worry about everything else, but the part they can’t control is where they have to trust an instance to keep their account-to-HTTP-requests data completely safe forever.

I’m glad you find it useful! I simplified it and it seems like images expand consistently when navigating between tabs this time. How is it for you now?

// ==UserScript==
// @name    Expand Images
// @match   https://burggit.moe/*
// ==/UserScript==

// Permission to use, copy, modify, and/or distribute this software for
// any purpose with or without fee is hereby granted.

// Start the script
poll();

function poll() {
  expand();
  setTimeout(poll, 200);
}

function expand() {
  const posts = document.querySelectorAll("div.post-listing");
  for (const post of posts) {
    const imgThumbnail = post.querySelector("button.thumbnail");
    const isImage = imgThumbnail !== null;
    const isExpanded = post.childElementCount > 2;
    if (isImage && !isExpanded) {
      imgThumbnail.click();
    };
  }
}

I’m sure a pig or an outrage artist would have more time and tolerance to fill out a signup form (either by hand or automatically) than a random user who just wants to browse a based lemmy instance.

It would be difficult to arrange a shared account between enough people to form a significant crowd so that every individual user, using TOR, blends in. I have just never heard of something like that happening, and I wouldn’t bet on it.

There’s no correlation as to the content you viewed or clicked on tired to your account

Well, along with an HTTP request sent to burggit for certain things, you send your account authentication information. For example, when viewing an NSFW post, since you have to be logged in. So everything banks of your (referring specifically to you lol) operational security being perfect or you being entirely trustworthy if someone doesn’t want their posts viewed to be stored or processed and therefore correlated to their account. This is why someone would make a new account every time they open up burggit.

You can just end this conversation by saying “Well, that’s not gonna happen” or “It’s not that big of a deal” but that’s for the user to decide. (I’m not putting words in your mouth. I’m just preemptively responding to such thoughts that someone might have.) Ignoring that, there is a real concern here, the way I see it. Data and system breaches are very commonplace, and people do people things.

An account is a data point, an identifier, that builds a correlation between the account and the posts and communities viewed. People who wish to remain anonymous online therefore would have to create a new account every time they want to browse NSFW communities so as not to have one point (account) that gives away all their interactions. I don’t mean public interactions. Every HTTP request they make is an interaction in this context.

// ==UserScript==
// @name    Expand Images
// @match   https://burggit.moe/*
// ==/UserScript==

// Permission to use, copy, modify, and/or distribute this software for
// any purpose with or without fee is hereby granted.

const alreadyExpanded = new Set();

// Start the script
poll();

function poll() {
  expand();
  setTimeout(poll, 200);
}

function expand() {
  const thumbnails = document.querySelectorAll("button.thumbnail");
  for (const t of thumbnails) {
    const url = getImgUrl(t);
    if (alreadyExpanded.has(url)) {
      continue;
    }
    t.click();
    alreadyExpanded.add(url);
  }
}

function getImgUrl(thumbnail) {
  return thumbnail.firstChild.firstChild.attributes[0].value;
}

Here’s a little script that simulates clicking the thumbnail (so it loads a higher quality image). Is this any better?

I’m talking about how wasteful it is for the instance. Names will be taken and orphaned forever. If, again, someone creates an account each time they browse the site, which is reasonable as things stand, it’s wasteful for the instance. Not to mention it’s a waste of time for the user (and for the admin if they decide to run and then run a cleanup script), which is a more important resource.

Clicking “Code” on the footer in in lemmynsfw.com leads to https://github.com/LemmyNet so if they are running a fork and they haven’t released their source code, that would be an AGPL violation. Either that, or they’ve stopped doing that, which seems more likely because I can’t view NSFW-tagged posts on that instance right now either.

As for the third point, you can reason yourself into limiting the usage of something a lot using that thinking. I think extending public access to NSFW posts is reasonable considering the potential harms. People who might, for example, want to target users who might be into a certain category of pornography can right now target the meme communities of such categories. They would then be able to target the NSFW communities as well. But again, that kind of thinking will make you take away access to a lot. This is a public community that is very easy to get into afterall.

Couldn’t they create an account here or in a federated instance and abandon it if they didn’t like the content?

They could, and it would create a waste. Further extending the problem, if someone wants to limit links to viewing habits and some identifier (an account), they would need to create a brand new account every single time they browse an instance. This also does not address the no-cookies problem.

But, to that end, wouldn’t having the content publicly available lull some into a false sense of security?

Sites with NSFW content usually display some warning about how you must be X years old and so on. I imagine once the toggle is implemented, such a warning can be displayed. This isn’t a good enough reason to require the creation of an account anyway IMO.

It seems that a toggle needs to be implemented in the web UI, and that’s the only thing blocking this. https://github.com/LemmyNet/lemmy/issues/1320#issuecomment-1607702270

I missed that. Is this a new development? I have browsed NSFW-tagged posts from Burggit on the lemmynsfw.com front end before. I doubt other instances can un-NSFW posts from other communities.