Hello,

Could someone explain why the Mlem app seems to be at the top of the list based on my iOS privacy report collected over a couple of months? It’s a bit weird that no other apps or Mastodon clients reach such high numbers. The Ice Cubes app, for example, only collected 10 domains even though it’s also an ActivityPub based network. Additionally, Mlem app’s second most frequently contacted domain was a Google domain used to track app analytics, similar to Snapchat, Reddit, or Monzo. Can anyone provide some transparency on this? Thank you.

  • EricM
    link
    fedilink
    English
    arrow-up
    21
    ·
    3 months ago

    It looks like the biggest domain count driver by far is image fetching for link posts, since rendering a website preview involves fetching both the preview image from the linked website and the favicon from Google (favicons account for all those t1.gstatic calls). Disabling website previews and the associated image fetching code cut the domain list down to just Lemmy instances. Mastodon appears to proxy image requests through the instance, which prevents that high domain count. Lemmy has recently added that feature, but right now only instances running the very latest Lemmy code perform image proxying.

    We’re looking into adding enhanced privacy features to 2.0; we’ll include one to disable fetching favicons and image thumbnails, since favicons especially are a known tracking/fingerprinting vector.

      • EricM
        link
        fedilink
        English
        arrow-up
        5
        ·
        3 months ago

        It’s looking like we’ll have the public 2.0 TestFlight launched within the next couple of weeks, though the error bars on that timeline are pretty wide because development speed is dependent on our free time. You can also check our roadmap post for a feature-by-feature list of what’s left; we’re expecting to merge a couple of the outstanding items in the next few days.