With lemmy it is possible to upload any image to the lemmy server (including archive websites), while writing a post without even posting.

This could be used to upload pornographic, right winged or other illegal content and use it or share it on other platforms, even if the content is on your lemmy instance.

In Germany advocates even use archive.org as an evidence that you had illegal content on your website, including the exact date.

This could be very expensive for everyone who is managing a lemmy instance.

Another problem with the upload is, that a lot of images can be uploaded, without even using them in a post, just filling up the server with garbage data. Attackers could use this to automatically fill up the web space and provoke a crash.

Who is the owner of uploaded and shared images and posts? If a lemmy post gets shared, a copy of the image will be created. If the image doesn’t have a share-alike licence, the owner of the instance could get in trouble.

I am not an advocate! Those are just things I thought about, which could cause trouble if I would have a lemmy instance.

  • maxmoonOP
    link
    fedilink
    11 year ago

    It might be better if the post, which will be published, will be checked for the images, which have been uploaded and just delete all other ones, which have been uploaded, but not have been used in the post. This mechanics must be integrated in the edit post functionality, too.

    Additionally all images could have a flag, which contain a “used_in_post” flag, because if someone only uploads images without sending the post and closing the browser/tab, the images will not be checked.

    If those images have a time stamp in the database, they could be deleted after x hours without getting a used_in_post flag.