nervuri nervuri at disroot.org
Sun Feb 21 16:57:22 GMT 2021
- - - - - - - - - - - - - - - - - - -
On Sun, Feb 21, 2021, Michael Lazar wrote:
I might update my server software to automatically blackhole any IP
address which tries to request a favicon file.
This is disgraceful, shameless intimidation.
It's also bad on a technical level. It would only take one bad actor toget all Tor exits blocked. This also applies to other shared IPs likeVPN exits and other proxies.
It's a pity that Drew chose this off-putting type of approach. It tendsto have the reverse effect.
A good argument against automated favicon requests is that theycontribute to fingerprinting. Not by much, but little things like thiscan add up. The alternative approaches suggested by Drew don't havethis problem:
There are alternatives, such as generating a colored icon or image
based on the hash of the domain, or allowing users to set a custom
favicon themselves.
Here's what Solderpunk had to say on the topic:
https://lists.orbitalfox.eu/archives/gemini/2020/000612.htmlhttps://lists.orbitalfox.eu/archives/gemini/2020/001060.html