Comment

Comment on Lemmy.world seems to have banned the largest piracy community on Lemmy.

skullgiver@popplesburger.hilciferous.nl ⁨8⁩ ⁨months⁩ ago

Lemmy makes local copies of everything when federation occurs. It’s 100% on their server. The only exceptions are images posted as part of the comments, those are loaded directly. Then again, that adds the ability to add tracking pixels, so that’s not exactly great for a piracy community either.

Image loading example

Image I turned off all the logging for this proof of concept but this could’ve been a transparent PNG pixel that tracks every bit of information your browser will give it.

source

Sort:hotnew top

rimu@piefed.social ⁨8⁩ ⁨months⁩ ago
Oof, yeah that's bad...

source
can@sh.itjust.works ⁨8⁩ ⁨months⁩ ago
Neat. Has anyone brought this up to the devs here or on github before?

source
- skullgiver@popplesburger.hilciferous.nl ⁨8⁩ ⁨months⁩ ago
  I’m not sure, but anything doing Markdown parsing and allowing images to be embedded is vulnerable to this. I kind of doubt that the devs don’t know about this.
  
  The alternative would be to download every image on the server and cache it until users start requesting the image files, rewriting the Markdown to link to the new image location. I can think of a few reasons why that’s not implemented.
  
  Proxying all comments was implemented in the backend at some point, I’m not sure why this feature was removed again. I can’t find much in the repo history, you could ask the devs why the feature got removed if you’re curious.
  
  source
- nutsack@lemmy.world ⁨8⁩ ⁨months⁩ ago
  you could safeguard against this on the client side by not loading images
  
  source
recklessengagement@lemmy.world ⁨8⁩ ⁨months⁩ ago
Ayo what the fuck how’d you do that

source
- skullgiver@popplesburger.hilciferous.nl ⁨8⁩ ⁨months⁩ ago
  Your client asks my server for the image, my server does a basic IP location lookup based on a free internet database I downloaded last year and turns it into an image on the fly.
  
  source
DAMunzy@lemmy.dbzer0.com ⁨8⁩ ⁨months⁩ ago
Got the state correct 👍

source
nutsack@lemmy.world ⁨8⁩ ⁨months⁩ ago
i really wish there were a way to disable images with some of these fancy lemmy clients for android

source
- skullgiver@popplesburger.hilciferous.nl ⁨8⁩ ⁨months⁩ ago
  If you use Sync, there’s this setting you can toggle to disable embedded images. I’m not sure if this protects against network requests, but I think it should? If you disable the, images are represented as links instead.
  
  source
  - nutsack@lemmy.world ⁨8⁩ ⁨months⁩ ago
    nice. yea it replaces your image with a link.
    
    source