this post was submitted on 11 Aug 2023
32 points (97.1% liked)
Sync for Lemmy
15137 readers
16 users here now
๐
Welcome to Sync for Lemmy!
Welcome to the official Sync for Lemmy community.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Community Rules
1- No advertising or spam.
All types of advertising and spam are restricted in this community.
Community Credits
Artwork and community banner by: @MargotRobbie@lemmy.world
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't think this would do very much for your privacy.
For spoofing a user agent: The server could easily get your ip address which likely says more about you than a user agent. The user agent says almost nothing about you: just the name of the client doing the request.
For proxying image requests, you could gain something similar by using a VPN. It all comes down to trust. If you trust the end instances at the start, you don't need to proxy requests, if you trust a vpn you can do that instead as a trust barrier. Sync being a proxy doesn't make sense to me and could cost a lot to do properly with low latency, etc.
That's just my thoughts, not that of the ljdawson.
For spoofing the user agent, I still think that some level of obscurity could help. The IP address is the most important part, but when sharing an internet connection with multiple people, knowing which type/version of device would help disambiguate between people with that IP (for example, a house with an Android user and an iPhone user). I wouldn't say not having the feature is a deal breaker, but I feel like any step towards making it harder to serve targeted ads is a good step.
Fair point on just using a regular VPN, but I'm hoping for something a bit more granular. It's not that all traffic would need to be proxied, though. If I use some specific Lemmy instance or click on an image/link, that was my choice to trust those websites. The concern here is that simply scrolling past an embedded image will make a request to some third-party website that I don't trust.
Ua spoofing will only make you more easily detectable. Every UA string should be a common one, or just empty.
The problem with a common UA string is that you would know the request came from someone browsing Lemmy with Sync. Ideally, media requests to any third party should be indistinguishable from a regular web browser. As for empty strings: in my experience, some websites block requests with an empty or missing User-Agent header.
I still think the best approach would be to let the user pick a UA. Having a list of common browser/device pairs that update the version numbers automatically would probably be a good idea, though.
By common, I meant the most used UA string that exists, not a shared Lemmy one