It's not just longer videos, but GIFs encoded as video, often less than 500kb (webm) may have issues playing back without range support, especially on Safari IME.
If you have time at some point in the future and can look into range request support, I would appreciate it!
Yeah, voyager does not have any ads or tracking or anything. It's truly privacy first. In fact the only "analytics" I get are from Apple App Store and Google Play Store download counts etc which I can't turn off. But if you use F-droid I have literally 0 usage information even crashes :)
Also Voyager has reproducible builds which means you don't have to trust me. You can verify that the APK was built from a specific release of the source code!
Should be... Although, I believe on Android + system 3 button nav + android specific voyager theme, it doesn't have navigation swipes. the iOS theme should. There might be a way to get it working, I'd have to check
Regarding cloudflare, I know the lemmy.zip admin (@Demigodrick@lemmy.zip was somehow able to get it working with caching, but I'm not sure how. I know the lemmy.world admins were having issues with it though and haven't been able to work around it yet. LMK if you do figure it out!
So for the select an instance page, I tried to make it so you could login so you can't get "stuck" here: if you press the ellipse button in the header, there is an option to login. Maybe I could add an ellipse button to each instance, I'm not sure. That might be too much noise.
For the landing page, maybe something like this? Please note, I want to keep the "join" prominent so that new users, without an existing lemmy account, can easily sign up.
(pretend "create an account" is in grey as a label. I made it red to show as a change)
You explicitly select the instance, so there is no question of what domain Voyager will contact. Also, on the next screen where you enter credentials, you see the domain and its icon, and you can click to open in the browser to further confirm that you are connecting to the correct instance (if you accidentally select the wrong one)
I validate lemmy servers by asking the server if it's a lemmy server. If the protonmail.com is malicious and says, "sure I'm a lemmy server" then credentials would be sent to it, which is not good
thatโs still making assumptions about where you want to login to. The fact is that you can login, today, to Lemmy.world with โusernameโ of โme@lemmy.wtfโ assuming Lemmy.wtf has an email server setup. And itโs not a safe assumption because users DO have email addresses saved in their passwords manager as a username for whatever random instance, and there should be a 0% chance of sending user credentials to the wrong domain.
I canโt just trust that domain to say theyโre a Lemmy instance, and there is a user with that username on the domain. Thatโs trivial to exploit.
But what if it does exist? But your have an email server on the same domain? Or what if that domain is being malicious and masquerading as a Lemmy instance to steal your credentials?
No, thatโs not valid syntax in Lemmy, you can check by opening the comment in lemmy-ui and see it doesnโt render there either.