Hi, It doesn't seem that the specification is clear that requesting a page shouldn't download other resources. This raises concerns and questions about inline data, currently in-line pictures are supported by Lagrange browser (not a default though). Some people noticed /favicon.txt errors in their logs, it turned out the Amphora client implemented an Emoji favicon support (disabled by default)[1] which already help tracking Amphora users. Someone made a ticket to ask removing this feature [2] but per the spec, it is not allowed or forbidden. I propose to add in the current specification in "1.1 Gemini transactions" something like "Every request should match an unique user action" or "Users actions must correspond to an unique request"? The point is that when an user load a new page or follow a link (document or gemini page) only ONE request must be made. This would mean inline pre-loading is forbidden per the specification or that metadata like favicons are forbidden too. In regards to privacy and security, it is important for users to feel confident that their client is not doing more than what they ask. ?I click on this link, my client request and display the content.? and nothing more behind the scenes. 1: gemini://mozz.us/files/rfc_gemini_favicon.gmi 2: https://github.com/makeworld-the-better-one/amfora/issues/199
---
Next in thread (2 of 7): 🗣️ Martin Keegan (martin (a) no.ucant.org)