Some of the level of detail they have on individuals and addresses seems pretty scary. Not in the US myself but would like to highlight this exists.

  • crime [she/her, any]
    ·
    3 years ago

    Gonna go out on a limb and say you should absolutely not be following that link from here - type it into your address bar separately and make sure you're on a VPN when you do

    Haven't poked much at the code, does hexbear do any referer masking?

    • TheCaconym [any]
      ·
      edit-2
      3 years ago

      Haven’t poked much at the code, does hexbear do any referer masking?

      Yes it does

      • crime [she/her, any]
        ·
        3 years ago

        Since there's referer masking it'd be fine — but sites that are less privacy-minded and don't always do that.

        Basically, when you make a request to a webpage, your browser sends some metadata along with it in fields called request headers. This includes information like your useragent (what browser, browser version, and operating system you're using, like "Chrome 79 on Windows 10" but with slightly more techno details). If youre following a link from one page to another, a header field is included called the referer (which is a misspelling of referrer that has been in place since the original http spec was published, and will remain in place forever because it will break too many things if it's ever changed). This field shows the url you're arriving from, and generally gets logged by the server you're sent from.

        So without some functionality on Hexbear's side to remove that information automatically, if you were on hexbear and clicked on a link to :reddit-logo: , then the reddit server would get a log saying that you're visiting from a specific page on hexbear alongside your IP address, useragent, and if you were logged into :reddit-logo: then your Reddit username as well.

        Hopefully the opsec implications are clear there.

        There are likely settings/add-ons for your browser to disable or modify this behavior.

        Wikipedia probably explains it better than I can: https://en.wikipedia.org/wiki/URL_redirection#Removing_referrer_information