this post was submitted on 11 Aug 2023
162 points (90.9% liked)

Technology

34779 readers
49 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

Note: This post now archived and as such no longer works

An external image showing your user-agent and the total "hit count"

all 26 comments
sorted by: hot top controversial new old
[–] [email protected] 54 points 1 year ago

This is possible because Lemmy doesn't proxy external images but instead loads them directly. While not all that bad, this could be used for Spy pixels by nefarious posters and commenters.

Note, that the only thing that I willingly log is the "hit count" visible in the image, and I have no intention to misuse the data.

[–] [email protected] 38 points 1 year ago* (last edited 1 year ago) (3 children)

I guess it knows that it's unknown

[–] [email protected] 6 points 1 year ago (2 children)

I guess mobile clients screw with their fingerprinting method. Also doesn't work on Slide.

[–] [email protected] 2 points 1 year ago (1 children)

Wait what, slideforreddit works for lemmy now?

[–] [email protected] 2 points 1 year ago

looks like sync in the screenshot, i think thats what they meant

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

It sees my phone fine (Chrome on Android)

[–] [email protected] 3 points 1 year ago

I guess Donald Rumsfeld was right.

[–] [email protected] 3 points 1 year ago

It's the same for me

[–] [email protected] 32 points 1 year ago (3 children)

This is true for most link aggregators that attempt to render external content. Proxying images and videos would dramatically increase costs.

If you care that much about anonymity, use a VPN/Tor and a browser with advanced fingerprinting resistance — tor browser, mullvad browser, or firefox with resist fingerprinting = true.

[–] [email protected] 2 points 1 year ago

At the very least setting referer policy headers and such would be a good addition.

[–] [email protected] -1 points 1 year ago

That's great except those browsers often don't work.

[–] [email protected] 18 points 1 year ago* (last edited 1 year ago) (2 children)

Hexbear.net stays winning, external embeds are domain whitelist-only until pictrs adds proxying support, and blurred by default.

Good PSA tho, I'd honestly encourage other instances to do the same but it requires dev effort that I know not everyone has, and upstream isn't quite as paranoid about this stuff.

For reference:

[–] [email protected] 3 points 1 year ago

Cool, didn't know some Lemmy instances did this

[–] [email protected] 2 points 1 year ago (1 children)

Is there a pull request for it though?

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

as far as I know upstream lemmy doesn't want it and is waiting on pictrs proxying support. If I'm wrong though our code is public, I'm sure a dev would be happy to put together a PR,

[–] [email protected] 8 points 1 year ago (1 children)

*removed externally hosted image*

[–] [email protected] 2 points 1 year ago

Looks like your home instance hexbear.net is filtering external images.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago)

This reminds me of those old forum signatures which looked like a signpost, and showed your IP address, browser, OS etc. They were pretty popular back then (when no one cared about their privacy), to the point that some folks even made parody versions of those signatures (like changing the IP to "127.0.0.1" or writing a funny message).

[–] [email protected] 6 points 1 year ago

My favorite Linux distro: Windows.

[–] [email protected] 0 points 1 year ago

But I'm not on chrome mobile...

[–] [email protected] 0 points 1 year ago

This ain't me! grillman

[–] [email protected] -1 points 1 year ago