BoozillaJul 17, 2023

The Spy Pixel problem

https://lemmy.one/post/1142974

The Spy Pixel problem - Lemmy.one

Unsurprisingly, some folks on raddle and reddit seem to have a big problem with lemmy. A lot of it is pure FUD. However, this appears to be a valid security concern: https://raddle.me/f/fediverse/166674/lemmy-is-so-much-like-email-it-even-brought-back-spy-tracker [https://raddle.me/f/fediverse/166674/lemmy-is-so-much-like-email-it-even-brought-back-spy-tracker] Any thoughts on how fixable this is? Of course the general consensus on reddit is “lemmy devs are clueless and dangerous”. I’m pretty sure a lot of it is one guy with multiple alt accounts, tho. He has a Joe McCarthy attitude about lemmy because of one of the primary devs.

Show threadCanOpenerJul 18, 2023

Any thoughts on how fixable this is?

This shouldn’t be hard to fix. Lemmy needs to proxy images, there’s an open issue for this. Right now, I don’t use Lemmy outside of Tor Browser specifically because of issues like this, and the recent XSS vulnerability is making me even more concerned. Lemmy is a great project, but it needs work and probably a security audit.

Federating/Proxying links and media · Issue #2947 · LemmyNet/lemmy

Is your proposal related to a problem? Somewhat, since I wouldn't classify it as a bug, but it is an issue I ran into. When a user shares a link to a post, comment, community, or shares media (such...

GitHub
Show threadBoozilla
Appreciate the links. Thanks!
Jul 18, 2023 at 8:13amWeb