<h2>What requested resources tell us about you</h2>
<p>
Normally, using requests for Community icons and QR codes,
we could track each time a user opened a Community details modal for the first time (in a given cache period)
and deanonymize users joining Communities.
However, we blind ourselves to this information by requesting all Community icons and QR codes when the page loads.
These resources are then cached in your browser and don't trigger additional requests when you view a Community's details.
Without any precautions, we'd be able to deanonymize your Session ID after you open a Community's details, join it, and post a message.
Why? Because right before your message, we would see your IP address requesting the Community's icons.
</p>
<p>
We refresh the cache periodically to ensure that this protection does not expire following the 1 hour cache period.
In order to prevent this deanonymization vector, the page requests all Community icons and QR codes upon load,
thus blinding us to which Community details you view.
These Community resources are then cached in your browser and don't trigger additional requests when you view a Community's details.
</p>
<p>
To ensure that this protection does not expire following the 1 hour cache period, we refresh the cache periodically.
Unfortunately, this also means we get a ping for each hour you leave the site open.
</p>
<p>
<strong>If you've disabled JavaScript</strong>, protections against opening modals are not needed;
however, we log requests to QR codes when they are opened in a new tab.
<strong>If you've disabled JavaScript in your browser</strong>, modals won't open — these protections are therefore not needed.
However, without JavaScript, <strong>QR codes are shown in a new tab</strong> when clicked. This results in a request and log entry with your IP address on our server.
gravel
7 months ago
