Yeah. There’s literally nothing you can put on a prompt that will truly work. It’s still a good idea to prompt cause it will reduce how many people approve the prompt, but there is a significant number of people who don’t read prompts at all and just insta-confirm.

At best, I think you could design it so there’s no way for an app to request certain permissions themselves. They’d have to be opted in from the system settings and apps could only tell you how to do it. But that’s a usability nightmare that is quite frustrating for legitimate usages. There’s already some super sensitive permissions that do this. I think the ability to install apps, ability to display over other apps, and password managers for android.

There’s a lot of common patterns, but you have to understand how URLs work. You have to recognize which URL parameters are tracking ones or even just might be tracking. And that means you have to know how they work and that takes a moment.

In brief, URL parameters start after a ? in the URL and are formatted like key1=values&key2=value2. You can’t usually remove all parameters because not all are tracking. To further complicate things, URLs can also have an anchor starting with a # character which will be after the URL parameters. You often don’t want to remove that (though theoretically the anchor could in fact contain tracking details).

It’s often trial and error to see which parameters you can remove. I do this a lot since I write a lot of technical documentation. Clean URLs make the documentation more compact and less likely to break. It’s not just tracking stuff, but sometimes you need to remove temporal data that makes a page display data from a specific time when you want it to just default to the current time (etc).

Come on mate, there’s no way you’d be aware of crypto in an online space like this without being well aware of why most people consider it a scam.

Yup. And to add, your browser will send things like:

1. Your IP address. Technically this is sent by the OS doing networking and is unavoidable. At best, a VPN can hide this, because the VPN sits in the middle.

2. Various basic request headers, which most notably contains user agent (identifies browser) and language headers, both which you can fake if you want to.

3. Cookies for that domain (if you have any). Those can track you across multiple requests and thus build up a profile of you.

Proxying external images means that instead of the image being downloaded from the original link, your Lemmy server would download it and serve it for you. The Lemmy server acts as a proxy.

But it means performing a lot of extra traffic. And realistically you’d want to cache the image because otherwise your server will likely get banned for the high volume of requests you send. But caching the images requires more storage and can have potential for legal issues.

And images are one thing, but literally any content is the problem. Images are just the most obvious because they often load without even having to click on the image and thus you’ll get far higher volume of user data. Literally anything you link to has this issue and you cannot proxy all of it.