[SPEC] Users actions should only trigger an unique request

Solene Rapenne solene at perso.pw
Sat Feb 20 22:42:25 GMT 2021


Hi,

It doesn't seem that the specification is clear that requesting
a page shouldn't download other resources.

This raises concerns and questions about inline data, currently
in-line pictures are supported by Lagrange browser (not a default
though).

Some people noticed /favicon.txt errors in their logs, it turned out
the Amphora client implemented an Emoji favicon support (disabled by
default)[1] which already help tracking Amphora users. Someone made
a ticket to ask removing this feature [2] but per the spec, it is
not allowed or forbidden.

I propose to add in the current specification in "1.1 Gemini
transactions" something like "Every request should match an unique
user action" or "Users actions must correspond to an unique request"?
The point is that when an user load a new page or follow a link
(document or gemini page) only ONE request must be made. This would
mean inline pre-loading is forbidden per the specification or that
metadata like favicons are forbidden too.

In regards to privacy and security, it is important for users to feel
confident that their client is not doing more than what they ask.
«I click on this link, my client request and display the content.»
and nothing more behind the scenes.


1: gemini://mozz.us/files/rfc_gemini_favicon.gmi
2: https://github.com/makeworld-the-better-one/amfora/issues/199


More information about the Gemini mailing list