Title: Pinafore: a light Mastodon web client | |
Author: Solène | |
Date: 18 November 2022 | |
Tags: mastodon selfhosting | |
Description: This articles presents the alternative mastodon front-end | |
Pinafore | |
# Intro | |
This blog post is for Mastodon users who may not like the official | |
Mastodon web interface. It has a lot of features, but it's using a lot | |
of CPU and requires a large screen. | |
Fortunately, there are alternatives front-ends to Mastodon, this is | |
possible through calls between the front-end to then instance API. I | |
would like to introduce you Pinafore. | |
Pinafore GitHub client | |
Pinafore.social website | |
# What's Pinafore? | |
Pinafore is a "web application" consisting of a static website, this | |
implies nothing is actually store on the server hosting Pinafore, think | |
about it like a page loaded in your browser that stores data in your | |
browser and make API calls from your browser. | |
This design is elegant because it delegates everything to the browser | |
and requires absolutely no processing on the Pinafore hosting server, | |
it's just a web server there serving static files once. | |
As I said previously, Pinafore is a Mastodon (but also extends to other | |
Fediverse instances whenever possible) front-end with a bunch of | |
features such as: | |
- accessibility (for content warning content, greyscale mode, contrast, | |
key bindings) | |
- only one column, it's really compact | |
- simple design, fast to load and doesn't eat much CPU (especially | |
compared to official Mastodon interface) | |
- read-only support if you visit your Pinafore host when not connected, | |
I find this very useful (remember that cache is stored in your browser) | |
- can handle multiple accounts at once | |
This being said, Pinafore doesn't target minimalism either, it needs | |
javascript and a modern web browser. | |
# How to use Pinafore? | |
There are two ways to use it, either by using the official hosted | |
service, or by hosting it yourself. | |
Whether you choose the official or self-hosted, the principle is the | |
following: you enter your account instance address in it the first | |
time, this will trigger an oauth authentication on your instance and | |
will ask if you want pinafore to use your account through the API (this | |
can be revoked later from your Mastodon account). Accept, and that's | |
it! | |
## Pinafore.social | |
The official service is run by the developers and kept up to date. You | |
can use it without installing anything, simply visit the address below | |
and go through the login process. | |
Pinafore.social website | |
This is a very convenient way to use pinafore, but it comes with a | |
tradeoff: it involves a third party between your social network account | |
and your client. While pinafore.social is trustable, this doesn't mean | |
it can't be compromised and act as a "Man In The Middle". As I | |
mentionned earlier, no data are stored by Pinafore because everything | |
is in your browser, but nothing prevent a malicious attacker to modify | |
the hosted Pinafore code to redirect data from your browser to a remote | |
server they control in order to steal information. | |
## Self Hosting | |
It's possible to create Pinafore static files from your system and host | |
it on any web server. While it's more secure than pinafore.social (if | |
your host is secure), it still involves extra code that could | |
"potentially" be compromised through a rogue commit, but it's not | |
realistic to encounter this case when using Pinafore releases versions. | |
For this step, I'll link to the according documentation in the project: | |
Exporting Pinafore | |
# Trivia | |
Pinafore is the recommended web front-end for the Mastodon server | |
implementation GoToSocial which only provide a backend. | |
GoToSocial GitHub project page |