<-- back to the mailing list

[tech] [spec] On extending gemini

nervuri nervuri at disroot.org

Sun Feb 21 16:57:22 GMT 2021

- - - - - - - - - - - - - - - - - - - 

On Sun, Feb 21, 2021, Michael Lazar wrote:

I might update my server software to automatically blackhole any IP
address which tries to request a favicon file.
This is disgraceful, shameless intimidation.

It's also bad on a technical level. It would only take one bad actor toget all Tor exits blocked. This also applies to other shared IPs likeVPN exits and other proxies.

It's a pity that Drew chose this off-putting type of approach. It tendsto have the reverse effect.

A good argument against automated favicon requests is that theycontribute to fingerprinting. Not by much, but little things like thiscan add up. The alternative approaches suggested by Drew don't havethis problem:

There are alternatives, such as generating a colored icon or image
based on the hash of the domain, or allowing users to set a custom
favicon themselves.

Here's what Solderpunk had to say on the topic:

https://lists.orbitalfox.eu/archives/gemini/2020/000612.htmlhttps://lists.orbitalfox.eu/archives/gemini/2020/001060.html