There's this thing I feel like @Pinboard users should know about, that happens when you're looking at RSS feeds.
-
-
The
@Pinboard documentation says "If you share the secret token, anyone will be able to see your private bookmarks, so take care." but:1 reply 0 retweets 0 likes -
I suspect that not a lot of people realize that they're sharing that secret token whenever they click a link in their feeds page.
1 reply 0 retweets 0 likes -
This is part to how HTTP works - it's called the "HTTP referer" because somebody spelled "referrer" wrong in the prehistory of the web.
1 reply 0 retweets 0 likes -
Because of that, right now, my logs are full of links that say some variation on: http://feeds.pinboard.in/rss/secret:[removed]/u:[removed]/[some … tag]
1 reply 0 retweets 0 likes -
If I actually click those links, I can see... well. Probably far more than that user thinks I should be able to see. I can see a lot.
2 replies 0 retweets 0 likes -
Wow, that's really serious.
@Pinboard should make it a priority to fix this.1 reply 0 retweets 0 likes -
-
Not my area of expertise, but 10 seconds on google says "noreferrer" might work for most browsers. More here https://blog.fastmail.com/2016/06/20/everything-you-could-ever-want-to-know-and-more-about-controlling-the-referer-header/ …
1 reply 0 retweets 0 likes -
I'm not claiming any expertise on how do fix it, but I agree with
@mhoye that leaking customer secrets like this is bad.1 reply 0 retweets 0 likes
everyone thinks leaking customer secrets is bad. The question is, what’s the fix that doesn’t break feed reading
-
-
Assuming that all the solutions on that page would break feed reading, and that redirecting would also break it somehow, I dunno.
1 reply 0 retweets 0 likes -
Replying to @davidjayharris @mhoye
these have to be implemented in the feed reader, unless I put in redirects, which have their own privacy issues
1 reply 0 retweets 0 likes - Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.