There is actually an ongoing discussion on GitHub about caching/proxy-ing image resources to improve performance and hide user IPs, etc.:
this post was submitted on 16 Jul 2023
36 points (73.7% liked)
Lemmy.world Support
3202 readers
2 users here now
Lemmy.world Support
Welcome to the official Lemmy.world Support community! Post your issues or questions about Lemmy.world here.
This community is for issues related to the Lemmy World instance only. For Lemmy software requests or bug reports, please go to the Lemmy github page.
This community is subject to the rules defined here for lemmy.world.
To open a support ticket
You can also DM https://lemmy.world/u/lwreport or email [email protected] (PGP Supported) if you need to reach our directly to the admin team.
Follow us for server news π
Outages π₯
https://status.lemmy.world
founded 1 year ago
MODERATORS
Thank you!
They're exaggerating the problem. You can get a users IP and user-agent string, but only in a vacuum, not linked to your username or anything else. And even if you could, this wouldn't be mutch of a problem, because this information gets passed to basically everyone and doesn't reveal mutch(only strongly approximated location(next big city in the worst case) and what browser an operating system you're using). Comparing this to email tracking pixels is a misleading comparison, because these can be connected to a single person(the recipient of the email), making the information more valuable(and add another layer of information, such as the time the email was first opened).
It doesn't give up the IP alone, but it could be a component in that. You could deanonymize people by correlating vote data. That is, if only one user and IP has both viewed an inline image in and voted on any set of posts, then the IP and the user probably go together.
EDIT: That being said, I doubt that it's that much worse than ordinary, non-inline images in that regard, unless users are voting on images without actually viewing them.
Comparing this to email tracking pixels is a misleading comparison, because these can be connected to a single person (the recipient of the email), making the information more valuable...
Lemmy private messages are directly comparable to the individual user scenario of emai, and they support tracking images like this.
Sooo, that mean you can insert an tracking pixel on your post, right?
If yes that should be fixed. Transcluding images from 3rd party servers enables tracking. It might be ok to enable a few trusted lemmyverse servers as image hosts.
Depending how the user made the post, this is/was equally true on Reddit. It is a function of the post linking to the image in it's original location ...but this is no worse than browsing images/data in any other way; you always give away some data (like your IP address) when you browse.
I'm not immersed enough in the specific code to load images and would like to know as well, but I can attest it's definitely a problem in email architecture. @[email protected] is probably the party you want if you want first hand info.
Also a stellar example of why I wish we could actually work together a little more. The ideological opt out of raddles software shows there are indeed legitimate concerns on platform privacy, but rather than work to harden it we're behind walls hucking pejoratives. Hundreds of years of team red vs team black, and I am exhausted with it.
Why wouldn't this work on reddit, twitter, ...?
Reddit doesnβt support image embeds in their markdown, Twitter doesnβt support markdown at all
I thought Reddit had added embedded images some months ago
Ok but not external images (I think)
Old.reddit didn't, and if you, like me, stayed on old.reddit, you won't have run into inline images.
view more: next βΊ