Unsurprisingly, some folks on raddle and reddit seem to have a big problem with lemmy. A lot of it is pure FUD.

However, this appears to be a valid security concern:

https://raddle.me/f/fediverse/166674/lemmy-is-so-much-like-email-it-even-brought-back-spy-tracker

Any thoughts on how fixable this is?

Of course the general consensus on reddit is “lemmy devs are clueless and dangerous”. I’m pretty sure a lot of it is one guy with multiple alt accounts, tho. He has a Joe McCarthy attitude about lemmy because of one of the primary devs.

  • 𝒍𝒆𝒎𝒂𝒏𝒏
    link
    fedilink
    English
    arrow-up
    20
    ·
    1 year ago

    Raddle user learns how the Internet works 🤯

    In all seriousness though, although this is a concern, in Email in particular the solution most choose is to just disable images, so it isn’t really a sincere comparison IMO.

    We could maybe mitigate this with…

    • Proxying & caching - Instance would cache a copy of the commented image and serve it from there, blocking the IP of the user from being exposed. This could introduce some additional latency and fill up server storage faster
    • CSP Header & Local caching - Client could block the name of the instance from being transferred, and also cache a copy of the image locally. This doesn’t protect the user’s IP address in any way, but would hinder the ability to count how many times a particular IP has viewed/accessed a post
    • Shared Lemmy image proxies - Image requests are proxied through a randomly selected Lemmy image proxy. This would ‘hide’ the origin IP to all but the volunteer proxy provider. I’d personally be willing to host a few of these if this ever became a thing