Conversation

Notices

1. Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 21-Feb-2024 07:21:43 JST Foone🏳️‍⚧️

   So Tumblr has been doing a thing where they have a Scarlett Letter to mark trans women. Well, any blogs containing "too much" mature content, but that seems to mainly mean trans women. So I looked into it, and it turns out it's weird and broken.

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 21-Feb-2024 07:24:11 JST Foone🏳️‍⚧️

     in reply to

     It turns out the actual image is not square, despite being rendered as a square. Strange. But then I looked at the html: this isn't an img, it's a canvas.

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 21-Feb-2024 07:26:18 JST Foone🏳️‍⚧️

     in reply to

     Which'd make sense if they were trying to dynamically blur every scarlet-lettered user's profile image, but everyone with The Mark had this exact image. It doesn't change.

     So I looked into the source and found where they're doing the canvas stuff, and yep, they're blurring the profile image. So why is the result always the same?

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 21-Feb-2024 07:28:04 JST Foone🏳️‍⚧️

     in reply to

     It turns out the backend team and front-end team are not talking to each other: when a user gets scarlet-lettered, the backend resets their profile image to the default "cone.png" image:

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 21-Feb-2024 07:31:14 JST Foone🏳️‍⚧️

     in reply to

     So everytime a scarlet-lettered user appears on your feed, it loads this same icon, dynamically blurs it down to 2x2 pixels, renders that out as a 350x150 image, then tells your browser to rescale that image to 65x65 for the profile picture.

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 21-Feb-2024 07:35:14 JST Foone🏳️‍⚧️

     in reply to

     So yeah. All this client-side scripting is unnecessary: they could have just made the backend switch to a properly sized version of the blurred image, but apparently no one communicated how the two halves were working, so it does these pointless steps every time someone flagged shows up in an activity tab or on your dashboard.
     It's almost impressive!

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 21-Feb-2024 07:47:07 JST Foone🏳️‍⚧️

     in reply to

     a funny side-wrinkle of this is that tumblr has banned posting links to or images of their default site image.

     Like, this url? https://assets.tumblr.com/images/default_avatar/cone_open_64.png

     if you try to paste that on tumblr, it'll try to expand it into a preview, then fail. If you go to that image and copy it, then try to paste that on tumblr, it'll fail.

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 21-Feb-2024 07:48:40 JST Foone🏳️‍⚧️

     in reply to

     download the PNG and try to upload it again, it'll fail.

     they've banned the hash of their own default avatar image.

     I don't know why they would do this.

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 21-Feb-2024 07:51:34 JST Foone🏳️‍⚧️

     in reply to

     • Michał "rysiek" Woźniak · 🇺🇦

     @rysiek yeah that works. anything that changes the hash will make it uploadable.

     it's just weird that they're doing this in the first place

   • Michał "rysiek" Woźniak · 🇺🇦 (rysiek@mstdn.social)'s status on Wednesday, 21-Feb-2024 07:51:35 JST Michał "rysiek" Woźniak · 🇺🇦

     in reply to

     @foone what if you… modify it a bit? crop by 1px, skew a tiny bit, something like this, imperceptible to a human eye?

   • Passenger (passenger@kolektiva.social)'s status on Wednesday, 21-Feb-2024 08:03:30 JST Passenger

     in reply to

     @foone

     Isn't that trivially easy to bypass though? Change one pixel's colouring very slightly and it'll be a new hash.

   • Foone🏳️‍⚧️ (foone@digipres.club)'s status on Wednesday, 21-Feb-2024 08:03:30 JST Foone🏳️‍⚧️

     in reply to

     • Passenger

     @passenger yep.
     still weird that they did it