Unsurprisingly, some folks on raddle and reddit seem to have a big problem with lemmy. A lot of it is pure FUD.
However, this appears to be a valid security concern:
https://raddle.me/f/fediverse/166674/lemmy-is-so-much-like-email-it-even-brought-back-spy-tracker
Any thoughts on how fixable this is?
Of course the general consensus on reddit is “lemmy devs are clueless and dangerous”. I’m pretty sure a lot of it is one guy with multiple alt accounts, tho. He has a Joe McCarthy attitude about lemmy because of one of the primary devs.
In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.
This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.
You can subscribe to this community from any Kbin or Lemmy instance:
Check out our website at privacyguides.org before asking your questions here. We’ve tried answering the common questions and recommendations there!
Want to get involved? The website is open-source on GitHub, and your help would be appreciated!
This community is the “official” Privacy Guides community on Lemmy, which can be verified here. Other “Privacy Guides” communities on other Lemmy servers are not moderated by this team or associated with the website.
Moderation Rules:
Additional Resources:
I’m confused. How is this any different getting simply hosting a picture yourself and tracking all the IP addresses via http fetch logs? Why is Lemmy itself being singled out here? Why do you need some CGI script?
I am not a cybersecurity expert. And these are good questions. The problem is certainly not unique to Lemmy.
However, my (limited) understanding of it the opposing opinion is. 1. This is bad for privacy (marketers and other bad actors use these to track down your IP and other metadata) and 2. It should have been thought of before now and already had some protections put into place.
It is being discussed - here is a thread from yesterday:
https://kbin.social/m/support@lemmy.world/t/204434/Tracking-Lemmy-users-by-spy-tracker-pixels
And here is an ongoing discussion about a possible remedy:
https://github.com/LemmyNet/lemmy/pull/3550
But worth noting, unlike email the ‘view’ isn’t linked to an individual and an email address, and also broadcasting your IP address (yes and some meta data) as you browse isn’t unusual. Every page you visit could be doing this not just Lemmy.
Yes ideally this should be fixed, but in my view it is also a bit of a storm in a teacup.
Thank you, this is exactly the kind of info I was looking for. I figured someone was on top of this and the reddit dipstick was just being overly dramatic as usual.
There just isn’t any way to prevent a web server from logging IPs if the admin chooses to do so.
Right, but I think the difference here is lemmy allows users to embed these in their markdown text.