- cross-posted to:
- slackernews@lemmy.world
- feedback@hexbear.net
- cross-posted to:
- slackernews@lemmy.world
- feedback@hexbear.net
Ignoring the users’ aggressiveness against Lemmy, is what they say true?if so, I hope this can be patched.
There is actually an ongoing discussion on GitHub about caching/proxy-ing image resources to improve performance and hide user IPs, etc.:
Thank you!
They’re exaggerating the problem. You can get a users IP and user-agent string, but only in a vacuum, not linked to your username or anything else. And even if you could, this wouldn’t be mutch of a problem, because this information gets passed to basically everyone and doesn’t reveal mutch(only strongly approximated location(next big city in the worst case) and what browser an operating system you’re using). Comparing this to email tracking pixels is a misleading comparison, because these can be connected to a single person(the recipient of the email), making the information more valuable(and add another layer of information, such as the time the email was first opened).
It doesn’t give up the IP alone, but it could be a component in that. You could deanonymize people by correlating vote data. That is, if only one user and IP has both viewed an inline image in and voted on any set of posts, then the IP and the user probably go together.
EDIT: That being said, I doubt that it’s that much worse than ordinary, non-inline images in that regard, unless users are voting on images without actually viewing them.
Comparing this to email tracking pixels is a misleading comparison, because these can be connected to a single person (the recipient of the email), making the information more valuable…
Lemmy private messages are directly comparable to the individual user scenario of emai, and they support tracking images like this.
Depending how the user made the post, this is/was equally true on Reddit. It is a function of the post linking to the image in it’s original location …but this is no worse than browsing images/data in any other way; you always give away some data (like your IP address) when you browse.
Sooo, that mean you can insert an tracking pixel on your post, right?
If yes that should be fixed. Transcluding images from 3rd party servers enables tracking. It might be ok to enable a few trusted lemmyverse servers as image hosts.
I’m not immersed enough in the specific code to load images and would like to know as well, but I can attest it’s definitely a problem in email architecture. @dessalines@lemmy.ml is probably the party you want if you want first hand info.
Also a stellar example of why I wish we could actually work together a little more. The ideological opt out of raddles software shows there are indeed legitimate concerns on platform privacy, but rather than work to harden it we’re behind walls hucking pejoratives. Hundreds of years of team red vs team black, and I am exhausted with it.
Why wouldn’t this work on reddit, twitter, …?
Reddit doesn’t support image embeds in their markdown, Twitter doesn’t support markdown at all
I thought Reddit had added embedded images some months ago
Ok but not external images (I think)
Old.reddit didn’t, and if you, like me, stayed on old.reddit, you won’t have run into inline images.