Note: This post now archived and as such no longer works

An external image showing your user-agent and the total "hit count"

  • @TriLinder@lemmy.ml
    OPEnglish
    632 years ago

    This is possible because Lemmy doesn’t proxy external images but instead loads them directly. While not all that bad, this could be used for Spy pixels by nefarious posters and commenters.

    Note, that the only thing that I willingly log is the “hit count” visible in the image, and I have no intention to misuse the data.

    • ShadowEnglish
      602 years ago

      The best part is it also works on DMs, so it’s trivial to get any persons IP address. Want an admins IP address? Just DM them a message with an embedded spy pixel.

      I emailed the lemmy developers about this a few weeks ago since IMHO it’s a pretty big security issue, no reply.

  • @TheGreatFox@lemmy.worldEnglish
    92 years ago

    It got my OS right, but browser wrong. Tested both Librewolf and Vivaldi, which it sees as Firefox and Chrome.

  • @_e____b@lemmy.worldEnglish
    82 years ago

    It did not get my setup right. I guess that newsboat+PostmarketOS+Pinephone is exotic enough.

  • Draconic NEOEnglish
    62 years ago

    Very interesting, I think I’ll probably be using Tor for my Lemmy usage from now on, or at least a VPN since this does have the potential to be used maliciously in personal DDoS attacks.

      • Draconic NEOEnglish
        12 years ago

        Are you sure about that because I can open and view lemmy.world just fine in Tor, I think what they mean is federation between hidden services i.e. lemmyinstanceoniondomain.onion is blocked or just not implemented.

          • Draconic NEOEnglish
            12 years ago

            I haven’t gotten Cloudflare captchas on lemmy.world yet, Haven’t tried using an app with Tor, as a general rule it’s best to use Tor through the browser since it has features to reduce fingerprinting and MITMs