[tantek]I get that it seems to collapse into some sort of productivity tracking system, but I think that really misses the point, especially when it comes to (semi-)passive activities
[tantek]ironically, [schmarty]'s home page link-preview here in Slack demonstrates the relevance of such "passive" activities: "He also enjoys *listening to podcasts, reading*, and posting photos." [*emphasis* added]
[schmarty]yeah it's not on you so much as like there's a lot of new must/should stuff that simply breaks compatibility older stuff including aaronpk's "flagship" indieauth.com
gRegorYeah, and a lot of these need to keep things around so indie apps work, like I still advertise the auth and token endpoints in addition to metadata
[Jamie_Tanna]gRegor I'm happy to do some testing on dev.indiebookclub.biz if you fancy another!
tbbrown, petermolnar, pmlnr, tetov-irc, [tantek], nertzy, cjw6k, alecjonathon, alecj, geoffo and chenghiz_ joined the channel; alecjonathon left the channel
[schmarty]from that Haven post, pikapods definitely looks interesting as a slightly friendlier face on cloud hosting. gonna dig in and see if they have docs on how to host new apps there.
[schmarty]looks like they have one person who does the setup and support. easiest path seems to be to provide a docker config for standing up a working project that listens on a single https port. there are some restrictions on what other services it needs internally like they seem to support mysql and postgresql but maybe not redis, etc.
[tantek]regarding: "It’s also easy for an app to detect if the current browser is the Instagram/Facebook app by checking the user agent, however I couldn’t find a good way to pop out of the in-app browser automatically to open Safari instead."
[tantek]perhaps even detecting and warning a user that they are being tracked (and explicitly telling them how to open the page in Safari) would be a good use of a "detect if the current browser is the Instagram/Facebook app" approach
[tonz]Would it be possible to detect the IG/FB browser header and redirect to an error message for the visitor explaining the problem (and showing the article with those snippets) as well?
[tantek]you could also provide a more "locked down" version of your page, e.g. no form fields, nothing for users to "enter data" and thus be tracked (keylogged) by FB
barnabyI think it’d be entirely reasonable to redirect to a different page if you know there’s a chance of sensitive information being intercepted, yeah
[tonz]“We’ve got 3.6 million Facebook App User Agents in our database” “We’ve got 358,484 Instagram User Agents in our database.” The IG likely all contain instagram, the FB ones do all contain FB somewhere, but unsure if there are non-FB ones that do too.
gRegor[Jamie_Tanna], Thanks! added jvt.me to the allowlist. Mainly testing sign in with the metadata endpoint. Last night I added 'profile' support too, so if you return that it should use that name/photo in the header. Falls back to your representative h-card.
[Jamie_Tanna]You're welcome. Definitely takes a bit of getting used to. I can help a bit more tomorrow if you need anything but hopefully that's enough to start with ☺