1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-11-23 21:02:09 +00:00

Compare commits

...

5 commits

Author SHA1 Message Date
Rohan Kumar
c94beffddd
New thresholds since I added more bias sources 2023-08-28 20:11:28 -07:00
Rohan Kumar
a2e2a2ed47
syndicate 2023-08-28 19:10:51 -07:00
Rohan Kumar
5637aca18c
New note: Targeting secure browser profiles 2023-08-28 19:10:31 -07:00
Rohan Kumar
5cdabcde40
syndicate 2023-08-28 17:31:03 -07:00
Rohan Kumar
a662f041cf
list-me directory approved 2023-08-28 14:42:53 -07:00
4 changed files with 19 additions and 6 deletions

View file

@ -59,12 +59,12 @@ The {{<mention-work itemtype="WebSite">}}{{<cited-work name="1MB Club" url="http
- [Ye Olde Blogroll](https://blogroll.org/)
- [Nerd Listings](http://nerdlistings.info/)
- [ooh.directory](https://ooh.directory/)
- [List-Me.com](https://list-me.com/)
<details>
<summary>Pending directories</summary>
- [LinkLane](https://www.linklane.net/) (pending)
- [List-Me.com](https://list-me.com/) (pending)
</details>

View file

@ -11,6 +11,8 @@ syndicatedCopies:
url: 'https://gist.github.com/dangovorenefekt/b187b30e59ed1b827515cdbc833bc1bf?permalink_comment_id=4621262#gistcomment-4621262'
- title: 'The Fediverse'
url: 'https://pleroma.envs.net/notice/AXQOGKrOajCIX9XgEC'
- title: 'IndieNews'
url: 'https://news.indieweb.org/en'
---
> I don't want my content on those sites in any form and I don't want my content to feed their algorithms. Using robot.txt assumes they will 'obey' it. But they may choose not to.

View file

@ -0,0 +1,11 @@
---
title: "Targeting secure browser profiles"
date: 2023-08-28T19:10:31-07:00
syndicatedCopies:
- title: 'The Fediverse'
url: 'https://pleroma.envs.net/notice/AZCzMm4B8YAIFBqXNw'
---
It's hard to target browsers' secure profiles. Safari's Lockdown Mode disables a dozen or so APIs and a handful of other features; the Tor Browser disables another handful of features; Microsoft Edge will likely land more changes to Enhanced Security mode in the coming years. Barely any of this is documented.
[I filed a bug in MDN's BCD tracker](https://github.com/mdn/browser-compat-data/issues/20619) to fill this gap, listing what I knew. We can't expect developers to navigate the dozens of WebKit blog posts and Tor Browser JSM files to figure out which features are disabled. Of course, progressive enhancement should be the norm, but it's helpful to have a real baseline.

View file

@ -41,20 +41,20 @@ This post is an attempt to document how they are made, their differences, their
## How Tier-0 and FediNuke work
[My tier-0 list](https://seirdy.one/pb/tier0.csv) (mirrored to `tier0.csv` in [the Oliphant repository](https://codeberg.org/oliphant/blocklists)) is a subset of the `pleroma.envs.net` blocklist. It contains entries that appeared on at least **13 out of 24** other hand-picked instance blocklists ("bias sources"), with exceptions detailed below. Not all Tier-0 entries have the same level of severity; a smaller list containing what I personally deem the "worse half" of Tier 0 is [FediNuke.txt](https://seirdy.one/pb/FediNuke.txt). **Consensus** builds Tier-0; **severity** builds FediNuke.
[My tier-0 list](https://seirdy.one/pb/tier0.csv) (mirrored to `tier0.csv` in [the Oliphant repository](https://codeberg.org/oliphant/blocklists)) is a subset of the `pleroma.envs.net` blocklist. It contains entries that appeared on at least **15 out of 28** other hand-picked instance blocklists ("bias sources"), with exceptions detailed below. Not all Tier-0 entries have the same level of severity; a smaller list containing what I personally deem the "worse half" of Tier 0 is [FediNuke.txt](https://seirdy.one/pb/FediNuke.txt). **Consensus** builds Tier-0; **severity** builds FediNuke.
When I add a bias source, I may also increase the minimum number of votes required if I find that its blocklist is too close to (or mainly just imports all of) tier-0 or the blocklist of a bias source's blocklist. That's the reason why the threshold is 13 instead of 12.
When I add a bias source, I may also increase the minimum number of votes required if I find that its blocklist is too close to (or mainly just imports all of) tier-0 or the blocklist of a bias source's blocklist. That's the reason why the threshold is 15 instead of 14.
All entries use the root domains when applicable, or are as close to the root domain as possible without triggering false-positives.
### Overrides
There were some block-overrides for instances with fewer than 13 votes. Here's how I went about overriding:
There were some block-overrides for instances with fewer than 15 votes. Here's how I went about overriding:
- If an instance has **11 votes,** I may elect to add it after additional review instead of waiting for it to hit 13 votes.
- If an instance has **13 votes,** I may elect to add it after additional review instead of waiting for it to hit 15 votes.
- If an instance is run by **the same staff as another Tier-0 instance** and has **at least 5 votes,** I may add it after asking other admins about it and getting multiple thumbs-up from admins who import tier-0.
- If an instance contains **blatant/unapologetic bigotry** (something really undeniable, like Nazi imagery or excessive use of slurs in violent/hateful/definitely-not-reclaimed contexts) with staff approval or involvement, I may add it to both tier-0 and `FediNuke.txt` after I get multiple thumbs-up.
- If an instance becomes **risky even to many tier-0 instances** (untagged gore, dox attempts, significant cybersecurity risk, <abbr title="child sexual exploitation material">CSEM</abbr>, etc. with staff approval or involvement): I may add it to both right away, skipping any process.
- If an instance becomes **risky even to many tier-0 instances** (untagged gore, dox attempts, significant cybersecurity risk, <abbr title="child sexual abuse material">CSAM</abbr>, etc. with staff approval or involvement): I may add it to both right away, skipping any process.
Under ten controversial entries were excluded despite having more than enough votes, after consulting with other admins. Typically, these were instances that didn't pose a major safety risk, but did fail many admins' "vibe check" or exhibit major governance issues.