Comment by pabs3
4 days ago
Here is a client you can use to avoid turning on JS:
https://github.com/jwilk/zygolophodon
I'm working on adding a WebExtension that would let you use it in the browser.
4 days ago
Here is a client you can use to avoid turning on JS:
https://github.com/jwilk/zygolophodon
I'm working on adding a WebExtension that would let you use it in the browser.
oh, neat, I knew about tut and toot (two other TUI apps), but not this one - I'll have to add it to the community section of our next engineering blog post.
Those look like they require an account to use. zygolophodon is different, it is a read-only client for use without an account. It uses the same APIs used by the JavaScript based client that instances serve to visitors.
> I'm working on adding a WebExtension that would let you use it in the browser.
Doesn't that just move the JS from the browser into the extension? What's the benefit?
There is just a small JS shim from the extension to the Python code, but yes.
The benefit is that you don't need to enable arbitrary code execution in your browser. A variety of benefits flow from that; static pages, almost no advertising, fewer working paywalls, smaller attack surface etc.
> static pages
I'm not sure I agree that it's a static page if there's a web extension running JS involved in the page render. I guess it's a grey area.
> almost no advertising, fewer working paywalls
We're talking about Mastodon, right? I thought it would not have those.
> smaller attack surface
This one I'll give you, but what kind of attacks would you expect from a Mastodon instance?
If all of this is a big enough issue to make you disable JS in the browser, wouldn't it be reasonable to whitelist Mastodon instances that you use?
3 replies →