That’s why you use a VPN/proxy everytime everywhere, not to sound too paranoid.
It’s not a huge risk. These images used to be in signatures on forums frequently. Though, I thought it was possible that some users might be surprised that an instance admin doesn’t need to disclose their IP for someone else to have access to it.
This is fixed with Lemmy 0.19.4/5 on instances that have the new image proxy enabled.
I didn’t know one was added. I did check if it worked on lemmy.ml before commenting though.
Are you sure? Because it looks like lemmy.ml has the new image proxy enabled. Maybe you tested lemmy.world, which is still on Lemmy version 0.19.3?
Yes. I checked from other addresses too. Maybe it’s just for posts at the moment, because I do see the pull requests for proxied images.
Here on our instance with image proxy enabled it works as expected, your images are proxied and only show the IP of our server. This is true for both posts and comments.
I updated the title to try to correct it. I’ll just leave it to let others know if their instance supports it.
How would an image know what the person’s lemmy username is? I assume it can’t directly know that?
In another comment, I said
I’m not logging them. Though I guess it’s possible someone could create a mostly private post and @ a user to have it show up in their inbox. The point being that some communities do not have many users, so the list of users will not be very long. There definitely are groups who have been granted much larger dragnets than the sizes of many communities here.
Though, I agree, I think they’ll just have a list of IPs unless they’re using a browser that still supports third party cookies (and have other previous tracking information)
I noticed there doesn’t seem to be whitelisted image hosts, so it looks like any commenter can grab your IP. This might be obvious to people who have used forums in the past, but I think reddit used a whitelist. I thought some people might appreciate being reminded.
so whats my ip then?
I’m not logging them. Though I guess it’s possible someone could create a mostly private post and @ a user to have it show up in their inbox. The point being that some communities do not have many users, so the list of users will not be very long. There definitely are groups who have been granted much larger dragnets than the sizes of many communities here.
still dont get it. so its from the image? in your comment here i only see two of those “broken jpg” symbols, is that good?
This is an archived version from archive.org. I registered the domain right before posting, so maybe just DNS issues? Either that or some issue with the host. It does work though.
I block off-site images. It gives a kind of interesting view into how my instance is handling things: Many comment/post images show up as blank placeholders, but some do render, letting me know that my local admins are either caching or proxying them. It’s mostly recent ones that show up, so I assume it’s a cache.
Ugh… Why would you do that?
Can someone tell me fhat was this post about?