💾 Archived View for rawtext.club › ~sloum › geminilist › 005323.gmi captured on 2023-11-14 at 10:10:47. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
Louis Brauer louis at brauer.family
Wed Feb 17 14:19:50 GMT 2021
- - - - - - - - - - - - - - - - - - -
Am Mi, 17. Feb 2021, um 14:58, schrieb Petite Abeille:
C: gemini://example.org
S: 30 gemini://example.org/trackerid
C: gemini://example.org/trackerid
S: 20 text/tracked
The above was to illustrate the use of redirects to uniquely tag URLs,
without any use consent.
Nothing to do with data: URI.
Even though a data URI could contains resources which could trigger
network activities.
Hm, I'm not a security or browser developer but do you have an example of a "data URI" that would trigger network activities in Gemini? I thought that Gemini spec was designed in a way to prevent that from happening.
Also: do you know any Gemini client that inlines images from non-local domains without explicit consent from the user? If so, we should open an issue because that is clearly against the spirit of Gemini.
Regarding the request/response workflow you describe above: tracking happens already at the first request (and thanks to IPv6 every client has one or more unique IP addresses, and thanks to TLS every client has a unique signature in the request payload).
- Louis