this post was submitted on 29 Jun 2024
28 points (75.9% liked)

Selfhosted

39980 readers
726 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Kinda proud of this, so forgive me while I brag. I found a likely "phone home" tracking image in DocuSeal. I searched around: there was an extant issue about the image. I asked the devs: would they accept a PR to remove the image? A maintainer responded quickly that they were not interested in a PR to remove it, so I forked it in minutes with my tiny hack, built a new Docker image and re-deployed to my server after making a one-line change in a Docker Compose file.

Here's the hack: https://github.com/meonkeys/docuseal/commit/e710678d

Happy to share my compose config as well if folks are interested.

I do want to put in a plug for DocuSeal: they made an excellent thing. It's a fast and beautiful app for adding signatures to PDFs, similar to DocuSign or HelloSign, but awesomely AGPL licensed and easy to self-host. I got it running in minutes and it worked very well. I support what they're doing and I want to see them succeed. OpenSign looks cool too but I haven't tried that one yet.

So yeah. Self-hosting and FOSS FTW!


cross-posted to: reddit r/selfhosted (there's no additional content in the post at that link. Sorry, I should have posted on Lemmy first! Anyway, above is the copy/pasted post so you can get it without having to use reddit)

you are viewing a single comment's thread
view the rest of the comments
[–] neko@sh.itjust.works 9 points 4 months ago* (last edited 4 months ago) (1 children)

Loading external images will reveal to the site where it’s loaded from at least these things:

  • User’s IP
  • Useragent string
  • Referrer

Also it can set third-party cookies which can be used to track specific user.

I don’t know if this project processes any of that data, but outside images can be used for tracking purposes.

At least it would be a good idea to limit some of this things for that img tag by setting some attributes that prevent referrer and cookies from being sent.

[–] just_another_person@lemmy.world -4 points 4 months ago* (last edited 4 months ago)

AGAIN.

This is not "phoning home" as claimed. It is not a SECURITY RISK as claimed. It is a privacy want/complaint/nag at the very VERY least. THIS IS ALSO NOT A PRIVACY FOCUSED PROJECT.

Refer to the original comment, and realize this was being run in a container. So, what...it's a risk to have libcurl ide tidied on your server? Your IP address is so damn private and important? Literally nobody cares.

Y'all need to get better hobbies, seriously. Probably just need to get off the Internet if this is the stuff causing consternation in your lives.