Note: This post now archived and as such no longer works
This is possible because Lemmy doesn’t proxy external images but instead loads them directly. While not all that bad, this could be used for Spy pixels by nefarious posters and commenters.
Note, that the only thing that I willingly log is the “hit count” visible in the image, and I have no intention to misuse the data.
I guess it knows that it’s unknown
I guess mobile clients screw with their fingerprinting method. Also doesn’t work on Slide.
This is true for most link aggregators that attempt to render external content. Proxying images and videos would dramatically increase costs.
If you care that much about anonymity, use a VPN/Tor and a browser with advanced fingerprinting resistance — tor browser, mullvad browser, or firefox with resist fingerprinting = true.
That makes sense. But I guess there’s these questions: at what resolution? For how long? Maybe the status quo is such because it’s simpler code. The project is still relatively young. I wonder where/how we can discuss these things?
Hexbear.net stays winning, external embeds are domain whitelist-only until pictrs adds proxying support, and blurred by default.
Good PSA tho, I’d honestly encourage other instances to do the same but it requires dev effort that I know not everyone has, and upstream isn’t quite as paranoid about this stuff.
For reference:
*removed externally hosted image*
Looks like your home instance hexbear.net is filtering external images.