New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Here's a simple logo I made in an hour as an appreciation for your push-ups. I am bad at drawing so it might looks ugly
Well, unfortunately they expect me to bump their RAM without any videos...
No need to be a prick. I just don't recall 3rd party websites being mentioned in the https://lowendbox.com/privacy-policy/ outside of the Google analytics and ads that I already block.
For a group of tech minded people a lot of you sure don't give a shit about privacy and will happily trade it for nothing.
When you block Google analytics and our ads you make it more difficult for us to support all of the investments going into LowEndBox and LowEndTalk. Especially considering our ads are all topical and fitting to our audience. Just consider the ramifications...
That said, @fat32 is an awesome part of our community and I'm thankful for his contributions. It seems like he will probably be the one doing the LowEndBox theme rewrite job I recently posted about, too. So a big thanks for his commitment and the ways he has helped our community.
i second this
@jbiloh There are privacy focused trackers you can review and self-host here: https://privacyfocusedanalytics.info
Can also serve all ads in house, you'll make more money when you don't have to use BuySellAds for the small one since they don't need to take a cut.
EDIT: Or since this topic is about a random 3rd party site being called to fetch CSS data, since that guy doesn't have server access, maybe take a minute to upload his stylesheet to the LET server since that is what this was originally about. Problem solved for the OP, and FAT32 get's his work embedded into the site the proper way.
Win win.
Its not a random third party site. Its @FAT32's site
Yeah, as I said. A random 3rd party site.
It's a two minute fix, not sure why the admins haven't taken just copied that over to the main LET server and be done with it since @FAT32 doesn't have direct access to do that himself. Nowhere in https://lowendbox.com/privacy-policy/ does it say that embedded scripts will be hosted by community members, moderators or admins personal websites.
Surely @dynamo and I aren't the only two people on this site who feel this way.
There is no legitimate reason for it to be hosted off site, especially since the issue has been addressed and the fix is so simple. If it breaks no functionality and the end-users who don't care that it's offsite won't notice when it's hosted onsite, why keep it offsite? What value is added to this service by keeping it offsite? An admin can take two minutes to copy it over, no one will notice any different.
Legitimate reason: None of the site admins seem to have access to the server.
You must be aware of the growing trend to de-google, maybe I'm naive but why do you need to use google analytics, or is it just your prefered solution?
I don't think that word means what you think it means.
Nor does it likely need to.
Yes. I miss seeing the chicken feet animation already.
Google Analytics is free and fast.
51.LA is also free, but the servers are in China only, so it may lose international visitor counts.
I have both on my website.
Cloudflare Analytics charges $5/month; otherwise you can only see total visitors, but not what page they are on. Even if you pay, there's limited information about users, e.g. no screen resolution.
Self-hosted analytics requires effort to deploy and more importantly backup, but webmasters would rather spend time writing original content than fiddling with analytics.
Thanks @FAT32 for the hard work over the years. For every hater of yours on the forum, there are thousands of us who appreciate you greatly, and your supporters should be your focus.
Over the next few days we are going to move the code to LET's server and get FAT32 proper access to the code for future instances.
Just to throw some voice of support to OP (albeit about a month too late), I agree that including assets from cross-origin domains is wreckless and really LET should be blocking this site-wide with CORS.
I also agree that @FAT32 having access to LET's server is a risk and opens several cans of worms, and is a questionable decision at best. Perhaps access to a CORS whitelisted S3 bucket or similar would be a sensible compromise?
Whilst we're on the topic of 'privacy', moderators on this forum are already privvy to more information than is truly required to do their job. Perhaps this is something we can look at tightening a bit in the interest of our forum's users? I appreciate Vanilla sucks balls, but if there are buttons we can press or dials we can turn to reduce the amount of information presented to moderators then we should 100% be looking at doing that.
I mean no disrespect to @FAT32 or any of his fine work. LET is leaps and bounds ahead of where it was this time last year.
My comment here is just to defend the victim of a community-wide witch hunt. Their post was made in good faith whilst looking out of the privacy of this forum's users. This is never something we should dismiss. It was a valid concern and the backlash-bandwagon was wholy unnecessary.
Tone of voice is hard at the best of times, not least when there exists a mix of cultures, backgrounds and native languages. Let's exercise some patience and appreciate the good service that this post's OP was intending to provide.
Sorry if this is rambling, it's 7AM and I haven't gone to bed yet!
I think it is not a proper way a moderator/admin talking about privacy or supporting @OP while LEB sent us marketing email using our LET email account.
CORS is for external sites to access resources on this site.
To prevent this site from loading resources from external sites, you need Content Security Policy (CSP).
https://securityheaders.com/?q=https://www.lowendtalk.com&followRedirects=on
Current CSP is blank.
Believe me, I’m as annoyed about this as you are! Most mods here have no influence over such matters and are just volunteers.
You’re absolutely right. Thank you for the correction! Also, because I haven’t yet had the chance to talk to you, thank you for your amazing push up website 😂
On the topic of loading external images, why is it that any poster can embed an image into a post and not even have it proxied or cached or anything?
I put an image hosted on my domain in a post before since I can't find a way to upload directly to LET and if I check my cdn logs (Which I did for a different reason, to check the new cdn provider was working) I can see the IP and user agent of all the connecting LET users.
I don't agree that loading something from an admins external domain is a giant flaw but surely this carries similar risk? If not more because it can be done by regular users, potentially without the knowledge of the connecting user, for example tracking pixels if one wanted to. All it would take is one on a throwaway post in a popular thread and you can farm a whole bunch of data from those viewing LET users.
As always you're welcome to prove me wrong, I live to learn.
Normal user can only embed images.
Admins can inject JavaScript and CSS. It's a greater risk because hackers could take over the domain and insert code to steal user's LET cookie or password, then act on behalf of any user.
Ah yes that certainly would make sense, thanks.