Browsers already treat the same SVG differently depending on how you embed it. <img> strips scripts and external resource loads. <object> and inline don't. People test with img tags, looks fine, then someone switches the embed method and everything opens up.
it'd be nice if there was a way to declare in the URL that a given SVG could only be treated as an image so that you could safely open SVG urls, etc without exposing yourself to the dangers of embed/inline.
If you control the domain then yes you could. But if I want to put a link on my website to some SVG hosted elsewhere and I want it to be safe for you to open that link in a new tab then there's not really a way for CSP to protect you the user from the host deploying a malicious SVG.
Like opening a PNG in a new tab is harmless but opening an SVG in a new tab is opening a pretty substantial can of worms.
If your threat model is “I don’t want the image I’m hotlinking to be replaced with something else when opened in a new tab”, then no image format is safe.
Twitter is already a bit of a special case because porn is so accessible (although, you must opt in through the browser and cannot opt in through the app).
Discord works the same way I think, so I'm not sure Twitter is special in that regard (there exist a myriad of porn servers on discord, and the company is constantly getting in hot water because of its popularity among kids/teenagers).
You'd think Apple would go after the top-charting apps that are leveraging the scam companies (like Monopoly Go and Disney Solitaire) for actively engaging with scams like this to pump their own numbers up...
(https://old.reddit.com/r/FreeCash/comments/1i4132r/monopoly_... - like this. What the everloving hell? Straight up enticing users to shove themselves into a game, expose themselves to ads galore, and then keep goading them into blowing even more money in the partner app under the guise of 'real cash'.)
It has a massive user base. And political connections. And lawsuit money. Apple (and Google) will absolutely treat these publishers differently than a random app developer.
Maybe—I don't think anyone is choosing between the two based on access to grok of all things. I think it's simply treated as an extension of twitter, which will almost certainly never be forced out while it remains the premier app for diplomacy and AI porn.
Yeah, Apple doesn't care about losing money or pissing off a large user-base. They assume they have enough money and they'll always have the larger user-base.
We're talking about a news provider that is one of the 3 original broadcast systems licensed in the US (NBC, CBS, & ABC). They've been provided public journalism since the dawn of radio & TV. They've been offering access to all their articles on their news websites without a paywall since at least the 1990s.
It's just shocking when you see media company after media company go completely behind a paywall out of the blue when last week I was reading it with advertisements.
With a TV there was no easy way to block ads. Sure you could change the channel or get up and do something else but people didn't bother.
Now with news websites most people are running ad blockers. What are the news sites meant to do? Their employees are working, and they expect to be paid for that work. just like I expect to be paid for my job. Where is the money going to come from?
reply