this post was submitted on 20 May 2026
-7 points (18.2% liked)

Fediverse

42162 readers
128 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, Mbin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration)

founded 3 years ago
MODERATORS
ruud@lemmy.world
Xylinna@lemmy.world
MrCenny@lemmy.world
TragicNotCute@lemmy.world
automodbeta@lemmy.world
woelkchen@lemmy.world
-7
Android Fediverse client that does not send user agent to servers (programming.dev)
submitted 1 day ago by hardful9856@programming.dev to c/fediverse@lemmy.world
8 comments fedilink hide all child comments
 

cross-posted from: https://programming.dev/post/50677034

Hi everyone,

I’m looking for recommendations for an Android Fediverse client that does not send user-agent information (device or client details) to servers. Ideally, it should support both Mastodon and Lemmy, or other Fediverse platforms as well.

top 8 comments
sorted by: hot top controversial new old
[–] Tealk@rollenspiel.forum 6 points 1 day ago (1 children)

Could you explain the use case? I don't quite understand the background. Now that AIs are flooding the instances, some admins are blocking these kinds of requests.

[–] hardful9856@programming.dev 1 points 23 hours ago (1 children)

Could you explain the use case?

user agent is not essential for the servers, server does not need to know which client or device I am using.

Now that AIs are flooding the instances, some admins are blocking these kinds of requests.

What AI request?

[–] Tealk@rollenspiel.forum 1 points 22 hours ago (1 children)

generally the bots that scrape sites for information. One of the easiest ways to exclude them is to read the user agent.

yeah, this info isn't necessary for technical operations, but some software uses it and shows the client under the post, for example; as an admin, that often helps me identify problems quickly.

[–] hardful9856@programming.dev 0 points 22 hours ago (1 children)

Bots can easily fake their user agents, so using them to detect bots is not enough and mostly just puts regular users’ privacy at risk.

[–] Tealk@rollenspiel.forum 1 points 15 hours ago

They can, yeah. But they haven't done it in ages and I don't see the risk for the user; the IP is way more problematic.

[–] hendrik@palaver.p3x.de 2 points 1 day ago* (last edited 1 day ago) (1 children)

How about a Privacy Web-Browser? For example IronFox is a privacy-oriented Firefox fork. By default it does send an user agent string. But you can make it install addons, for example an addon to change the user agent string to something generic (and fake).

To be honest, this is a very specific method, and I don't know which problem we're facing. So this might as well be some A-B problem. So what are you trying to achieve?

[–] hardful9856@programming.dev 2 points 23 hours ago (1 children)

Yes that would be an alternative. But I'm looking for a more user friendly client that could achieve the goal.

To be honest, this is a very specific method, and I don’t know which problem we’re facing. So this might as well be some A-B problem. So what are you trying to achieve?

user agent is not essential for the servers, server does not need to know which client or device I am using. So I don't want any server to fingerprint users.

[–] hendrik@palaver.p3x.de 1 points 14 hours ago* (last edited 12 hours ago)

I have a suggestion and an explanation...

We software developers tend to send that kind of information anyway. We tend to get bug reports "I didn't get a message" or "The button XY doesn't work properly" and now it's massively helpful information whether to look for the bug in Lemmy's codebase, or in Summit. Or any of the other 5 clients. It's also not what people usually complain about. I mean you're sending your entire username to the server, so you're 100% identifiable. And then the server operator knows when you're awake and scrolling, based on when you send requests to the server. What exactly you like to click on and read... So you pretty much have to trust your server admins anyway. A user agent string is more information. But sending it or not sending it both leaves you 100% identifiable once you log in.

And Tealk is right as well. We've now come to use it in the war against the AI scrapers. They've nearly brought several Fediverse servers to their knees. It's only due to patterns in the traffic like this (and JavaScript to burn CPU cycles on your device) that still allows us to distinguish you from the AI companies so we can fulfill your requests instead of letting the bots use up all the bandwidth. The current situation is real bad. And turned out the user agent string, while technically not being essential for the servers, they're a real good telltale sign for this. It's my first line of defense, since blocking IP ranges got meaningless.

As a suggestion: If it's not in any of the existing Apps: Request it. Find the one or two App(s) you like the most. Navigate to their bugtracker and feature requests. And ask politely whether they'd like to add that feature for you. Maybe other people are interested as well. Include a bit of info: what you'd like the app to do. why. and a few words about your specific use-case. Maybe you can get a conversation going.