161
submitted 1 year ago* (last edited 1 year ago) by TriLinder@lemmy.ml to c/technology@lemmy.ml

Note: This post now archived and as such no longer works

An external image showing your user-agent and the total "hit count"

all 26 comments
sorted by: hot top controversial new old
[-] TriLinder@lemmy.ml 54 points 1 year ago

This is possible because Lemmy doesn't proxy external images but instead loads them directly. While not all that bad, this could be used for Spy pixels by nefarious posters and commenters.

Note, that the only thing that I willingly log is the "hit count" visible in the image, and I have no intention to misuse the data.

[-] UlrikHD@programming.dev 38 points 1 year ago* (last edited 1 year ago)

I guess it knows that it's unknown

[-] jayandp@sh.itjust.works 6 points 1 year ago

I guess mobile clients screw with their fingerprinting method. Also doesn't work on Slide.

[-] u202307011927@feddit.de 2 points 1 year ago

Wait what, slideforreddit works for lemmy now?

[-] danifold@sh.itjust.works 2 points 1 year ago

looks like sync in the screenshot, i think thats what they meant

[-] Feathercrown@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

It sees my phone fine (Chrome on Android)

[-] nonearther@lemmy.ml 3 points 1 year ago

It's the same for me

[-] cygnus@lemmy.ca 3 points 1 year ago

I guess Donald Rumsfeld was right.

[-] WhatAmLemmy@lemmy.world 32 points 1 year ago

This is true for most link aggregators that attempt to render external content. Proxying images and videos would dramatically increase costs.

If you care that much about anonymity, use a VPN/Tor and a browser with advanced fingerprinting resistance — tor browser, mullvad browser, or firefox with resist fingerprinting = true.

[-] veloxy@lemmy.world 2 points 1 year ago

At the very least setting referer policy headers and such would be a good addition.

[-] HughJanus@lemmy.ml -2 points 1 year ago

That's great except those browsers often don't work.

[-] YearOfTheCommieDesktop@hexbear.net 20 points 1 year ago* (last edited 1 year ago)

Hexbear.net stays winning, external embeds are domain whitelist-only until pictrs adds proxying support, and blurred by default.

Good PSA tho, I'd honestly encourage other instances to do the same but it requires dev effort that I know not everyone has, and upstream isn't quite as paranoid about this stuff.

For reference:

[-] TriLinder@lemmy.ml 3 points 1 year ago

Cool, didn't know some Lemmy instances did this

[-] roon@lemmy.ml 2 points 1 year ago

Is there a pull request for it though?

[-] YearOfTheCommieDesktop@hexbear.net 2 points 1 year ago* (last edited 1 year ago)

as far as I know upstream lemmy doesn't want it and is waiting on pictrs proxying support. If I'm wrong though our code is public, I'm sure a dev would be happy to put together a PR,

[-] VHS@hexbear.net 9 points 1 year ago

*removed externally hosted image*

[-] TriLinder@lemmy.ml 2 points 1 year ago

Looks like your home instance hexbear.net is filtering external images.

[-] d3Xt3r@lemmy.nz 8 points 1 year ago* (last edited 1 year ago)

This reminds me of those old forum signatures which looked like a signpost, and showed your IP address, browser, OS etc. They were pretty popular back then (when no one cared about their privacy), to the point that some folks even made parody versions of those signatures (like changing the IP to "127.0.0.1" or writing a funny message).

[-] procrastinator@lemmy.world 6 points 1 year ago

My favorite Linux distro: Windows.

[-] Thordros@hexbear.net 1 points 1 year ago

This ain't me! grillman

[-] DoctorLuv@lemmy.world 0 points 1 year ago

But I'm not on chrome mobile...

this post was submitted on 11 Aug 2023
161 points (90.9% liked)

Technology

34987 readers
312 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS