Solene Rapenne solene at perso.pw
Sat Feb 20 22:42:25 GMT 2021
- - - - - - - - - - - - - - - - - - -
Hi,
It doesn't seem that the specification is clear that requestinga page shouldn't download other resources.
This raises concerns and questions about inline data, currentlyin-line pictures are supported by Lagrange browser (not a defaultthough).
Some people noticed /favicon.txt errors in their logs, it turned outthe Amphora client implemented an Emoji favicon support (disabled bydefault)[1] which already help tracking Amphora users. Someone madea ticket to ask removing this feature [2] but per the spec, it isnot allowed or forbidden.
I propose to add in the current specification in "1.1 Geminitransactions" something like "Every request should match an uniqueuser action" or "Users actions must correspond to an unique request"?The point is that when an user load a new page or follow a link(document or gemini page) only ONE request must be made. This wouldmean inline pre-loading is forbidden per the specification or thatmetadata like favicons are forbidden too.
In regards to privacy and security, it is important for users to feelconfident that their client is not doing more than what they ask.«I click on this link, my client request and display the content.»and nothing more behind the scenes.
1: gemini://mozz.us/files/rfc_gemini_favicon.gmi2: https://github.com/makeworld-the-better-one/amfora/issues/199