- Normally, using requests for Community icons and QR codes, - we could track each time a user opened a Community details modal for the first time (in a given cache period) - and deanonymize users joining Communities. - However, we blind ourselves to this information by requesting all Community icons and QR codes when the page loads. - These resources are then cached in your browser and don't trigger additional requests when you view a Community's details. + Without any precautions, we'd be able to deanonymize your Session ID after you open a Community's details, join it, and post a message. + Why? Because right before your message, we would see your IP address requesting the Community's icons.
- We refresh the cache periodically to ensure that this protection does not expire following the 1 hour cache period. + In order to prevent this deanonymization vector, the page requests all Community icons and QR codes upon load, + thus blinding us to which Community details you view. + These Community resources are then cached in your browser and don't trigger additional requests when you view a Community's details. +
++ To ensure that this protection does not expire following the 1 hour cache period, we refresh the cache periodically. Unfortunately, this also means we get a ping for each hour you leave the site open.
- If you've disabled JavaScript, protections against opening modals are not needed; - however, we log requests to QR codes when they are opened in a new tab. + If you've disabled JavaScript in your browser, modals won't open — these protections are therefore not needed. + However, without JavaScript, QR codes are shown in a new tab when clicked. This results in a request and log entry with your IP address on our server.