Punch nazis, trebuchet TERFs.
I am building Voyager, a client for lemmy!
Nice! I can verify it working too.
It looks like it is working great through my test tool! thank you!
Should be… Although, I believe on Android + system 3 button nav + android specific voyager theme, it doesn’t have navigation swipes. the iOS theme should. There might be a way to get it working, I’d have to check
Awesome, thanks so much for checking!
Regarding cloudflare, I know the lemmy.zip admin (@Demigodrick@lemmy.zip was somehow able to get it working with caching, but I’m not sure how. I know the lemmy.world admins were having issues with it though and haven’t been able to work around it yet. LMK if you do figure it out!
Next release :)
ok
If you turn off “Show Hidden in Communities” it should work. It’s not a per community setting though
“sign up lemm.ee” doesn’t english too well 😛
Hey, thanks for the feedback!
So for the select an instance page, I tried to make it so you could login so you can’t get “stuck” here: if you press the ellipse button in the header, there is an option to login. Maybe I could add an ellipse button to each instance, I’m not sure. That might be too much noise.
For the landing page, maybe something like this? Please note, I want to keep the “join” prominent so that new users, without an existing lemmy account, can easily sign up.
(pretend “create an account” is in grey as a label. I made it red to show as a change)
No, that wouldn’t work for aforementioned reasons.
Edit: Also even if you did ignore the security concerns, this approach wouldn’t work at all with OAuth flow that is planned. https://github.com/LemmyNet/lemmy/issues/1368
You explicitly select the instance, so there is no question of what domain Voyager will contact. Also, on the next screen where you enter credentials, you see the domain and its icon, and you can click to open in the browser to further confirm that you are connecting to the correct instance (if you accidentally select the wrong one)
I validate lemmy servers by asking the server if it’s a lemmy server. If the protonmail.com is malicious and says, “sure I’m a lemmy server” then credentials would be sent to it, which is not good
that’s still making assumptions about where you want to login to. The fact is that you can login, today, to Lemmy.world with “username” of “me@lemmy.wtf” assuming Lemmy.wtf has an email server setup. And it’s not a safe assumption because users DO have email addresses saved in their passwords manager as a username for whatever random instance, and there should be a 0% chance of sending user credentials to the wrong domain.
I can’t just trust that domain to say they’re a Lemmy instance, and there is a user with that username on the domain. That’s trivial to exploit.
But what if it does exist? But your have an email server on the same domain? Or what if that domain is being malicious and masquerading as a Lemmy instance to steal your credentials?
Can you provide a quick mockup of how you’d update the layout?
I’m not sure how that would work. When you sign in you can use your username or email. So if you type example@domain.com there is no way to know if you’re trying to login to the instance at domain.com or login with your email ending in domain.com, to some other instance.
Edit: and it can’t just assume and try domain.com first, because then if it’s not what the user intended then you just sent your login credentials accidentally to a random domain 🙃
I’ve told them that “in the first screen there is a button that is very difficult to notice, allowing you to use a pre-existing Lemmy username. Find that semi-hidden button, click it, and you can login.”
This is the first I’ve heard of any problems with this screen, so please encourage them to reach out directly, or post in this community.
Thanks, I found the issue with the quote color, should be comparable to iOS shortly.