599

This post knows where you're viewing it from (Lemmy doesn't proxy external images) [ARCHIVED] (lemmy.ml)

submitted 11 months ago* (last edited 7 months ago) by TriLinder@lemmy.ml to c/privacy@lemmy.ml

142 comments fedilink hide all child comments

Note: This post now archived and as such no longer works

An external image showing your user-agent and the total "hit count"

you are viewing a single comment's thread
view the rest of the comments

[-] A_A@lemmy.world 17 points 11 months ago* (last edited 11 months ago)

Exactly. The text of this post is simply :

![An external image showing your user-agent and the total "hit count"](https://trilinder.pythonanywhere.com/image.jpg)
I get the same result when I browse directly to the link.

So, if OP links a malcious website we have a problem ... (?).

[-] goddard_guryon@sopuli.xyz 10 points 11 months ago

Oh dangit, it's simpler than I thought. So the only data being sent is...just whatever is sent in your average GET request.

[-] newIdentity@sh.itjust.works 13 points 11 months ago

Yes. It's also a pretty standard way of serving images. A lot of Email clients do that too.

That's also how these services that show you when a email is read work.

[-] newIdentity@sh.itjust.works 7 points 11 months ago* (last edited 11 months ago)

Not really that huge of a problem. When making requests you also usually send a header which includes the user agent.

The program just logs how many times the image has been requested and it reads the user agent data. No Javascript is actually executed.

Well it might be possible to have a XSS somehow but I haven't really done much research into this possibility.

In general it's a pretty standard way of handling embedded images. Email does this too. That's how you have these services that can check if someone read a mail

this post was submitted on 11 Aug 2023

599 points (96.6% liked)

Privacy

29870 readers

2126 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS