Years ago when I was a student, and JavaScript could get a user’s clipboard without their consent, I made a website ‘getpasted’ that automatically pasted and posted your clipboard to a public database.

Needless to say, some people weren’t happy about it. But it was a nice project to create awareness that it was possible to read the clipboard at any time.

Wait until people find out that by default on Windows 11 all of your clipboard data gets sent to a Microsoft server via Clipboard History / Cloud Clipboard.

Clipboard history and sync across devices are both disabled by default, as far as I'm aware.

Hmmm. My work machine had them on, but I suppose that could have been set by policy. I will check my Aya Neo later (only personal Win11 device).

Is Apple’s version of this any better? Clipboard is synced between phone/computers logged into iCloud although it doesn’t log history (at least visibly)

It requires iCloud but the data itself is transferred directly over Bluetooth or local WiFi (like airdrop) so it shouldn’t hit any Apple servers.

https://support.apple.com/en-gb/guide/security/secf78dbe639/...

Since it is also end-to-end encrypted, an architecture involving Apple server wouldn't reveal the contents either.

Even when not signed in with a Microsoft account?

That’s now fixed!

I didn’t know about that. However, I explicitly wanted to avoid having users to create an OAuth project because it’s a hassle. Also these tokens can expire if they’re not refreshed after a while.

Looks really good!

How do you create funnels without cookies? In other words, how do you track sessions?

Thanks! Similar to how Plausible is doing. Each user gets a unique identifier which is based on `hash(domain+useragent+ip+salt)` (the salt is generated each day).

That does create clusters for users that work at the same company, with the same company-issued devices. Or iPhones in a New York City block.

A bit more factors tbh. User agents have browser, version etc.

iPhone in New York block still have different IP, versions etc

But I hear you, it’s better than cookies and that’s the entire point.

You can also provide a user id, more info here https://news.ycombinator.com/item?id=40434115

This is the same problem that I had with parsing logs. There's no way to know that mom+dad+kid all using the same model device were 3 different users.

If the salt changes daily, how is. It possible to know how many users returned after > 24 hrs?

Edit: @lindesvard- Got it, thanks for clarifying!

You'll never know any returning users after salt changes. This is the hole point with privacy first.

But you have options tho. Compared to other tools that is privacy first, you can actually pass your own user id. You can get this ID from where ever you want (db, cookie, localStorage. Its up to you whom implement it)

But I want to have a middle ground where privacy is important but you have the options to decide what path you take.

So maybe an obvious question but just to be clear, if you pass your own user ID you can track that particular user's flow across multiple sessions/days/etc?

Yes! So its a matter of priorities. Is privacy or retention most important? Than you can decide how to track users.

This is brilliant!

People like this are an instant hire for me at my company.

It’s quite sad that Microsoft apparently doesn’t think he’s worthy of the ‘senior’ title yet whilst his work is heaps better than most seniors I know. Kinda explains their poor software quality lately.

Hey, I’m the author of wg-easy, nice to see my project in here!

As for all the license discussions, I just don’t want a company to pack my work and sell it as a commercial device or service. I’m open for a better license which covers that.

Did you consider AGPL?

AGPL only forces the company to release the sources even if it’s used on a SaaS platform. There’s nothing in AGPL to prevent commercial use/sale or packaging this together with something else (as long as source is made available).

That is indeed true, but in practice, the features of AGPL might be enough to make most people avoid trying to commercialise an AGPL project.

Elastic maybe?

Why don’t they just introduce Reddit Premium, for say $5/mo, which is ad-free and allows 3rd party clients.

They do not want 3rd party clients to exist which is why they are not doing what would logically make sense: limiting it to Premium.

Reddit Premium exists for $5.99/month, but there's no mention of it for the API changes.

Then you can get an LLM company to easily scrape Reddit for $5 instead of $100000. The main reason for this change is to monetize the usage, not the access.

That would probably kill third party clients because their userbase would be too small.

There's nothing about third party client access there. That's the important part.

Super interesting read!

I’ve been playing with Firecracker on a Raspberry Pi 4, but never could get Docker inside a Firecracker uVM to work. Should this be supported at all?

Depends how your starting the VM. I’ve run Docker on Firecracker with a Raspberry PI 4 before but it needed some fixes.

One possibly is if your running directly from a Initramfs without a block device then docker needs DOCKER_RAMDISK set as a environment variable.

Otherwise it’s possible the minimal kernel your Firecracker config uses doesn’t support it out of the box. You can use a regular kernel but you need to make sure modules can be loaded from somewhere.

Thanks for your reply! Do you have a guide or more information somewhere? I found that while Firecracker seems popular, it's sparsely documented.

Build by Tony Fadell (iPod, Nest).