About Fedifinder
Fedifinder helps you find the Fediverse accounts of your Twitter
contacts.
How does it work?
It is based on consent and does not give you handles of people who
do not want to be found. After authorizing it to access your Twitter
account, Fedifinder retreives up to 15.000 of your Followings
(accounts which you follow). It then scans the profiles and pinned
Tweets of those accounts for Fediverse handles and links. Because
handles can look exactly like mail addresses it cross-checks them
with a cached list of domains. For domains it doesn't know, it tries
to do a webfinger lookup and collect information through the
/.well-known/nodeinfo file. The results of the lookup are cached on
a domain level (domain x is part of the fediverse, domain y is
not).
It then shows you a list of the instances it found as well as the
individual accounts. You can export that list and import it in the
preferences of the web app of your instance.
Privacy and Security
This is a hobby project by
@Luca@social.luca.run.
While I try to follow best practice and am as open about the process
as possible, I can't guarantee the safety of your data. Because
Fedifinder mostly handles public data, the risk is low, but still
there.
You can run Fedifinder on your own server and look at the source
code and suggest improvements on
Github.
-
The X/Twitter keys are stored in the client in an encrypted
cookie that is transferred only over an secured connection.
-
The decryption key and X/Twitter app key is stored in an
environment variable on the server. Access to the X/Twitter
account is only possible with all three of them.
-
No information that identifies individuals is stored on the
server. No account data either. The only thing that is cached is
the information about domains. If they are part of the
fediverse, which software they run and some other information,
that's available through /.well-known/nodeinfo on each instance.
-
The amount of checked accounts is stored with a timestamp to
understand how much the app is used. This information is not
linked to users.
-
Some data is stored in the local storage of the client. For
example the fediverse auth code. That isn't encrypted at the
moment. The feature is still experimental and not available on
the main server.
-
Fedifinder is hosted on
Glitch which is
part of fastly. They
collect some usage data:
https://glitch.com/legal/privacy. If you are concerned about that, please run it on your own
machine.
If you have more questions, feel free to comment on this
issue.
Alternatives
Debirdify works
similar to Fedifinder, but has some additional options.
Debirdify got
shut down
by X/Twitter.
Mastodon Flock
works similar to Fedifinder.
Twitodon needs you and the
accounts to find to be signed up there.