Note: This post now archived and as such no longer works
This is possible because Lemmy doesn’t proxy external images but instead loads them directly. While not all that bad, this could be used for Spy pixels by nefarious posters and commenters.
Note, that the only thing that I willingly log is the “hit count” visible in the image, and I have no intention to misuse the data.
The best part is it also works on DMs, so it’s trivial to get any persons IP address. Want an admins IP address? Just DM them a message with an embedded spy pixel.
I emailed the lemmy developers about this a few weeks ago since IMHO it’s a pretty big security issue, no reply.
I think you’re overestimating the value of someone’s IP address. Not much one can do with it unless someone really tries to expose themselves.
Joke’s on you, I’m in front of 9 proxies. 🤡
Not really.
Same, I’m using an app.
You are viewing this from Apple Mail on MacOSX…. Ummm, okay. If you say so…
uBlock Origin? NoScript? Internet Explorer?
What is the functioning process of this?
A simple GET request.
Right client, wrong operating system. It knows I’m using Leomard, but it thinks I’m on iOS. I suspect it doesn’t handle architecture detection well on Apple Silicon machines.
“You are viewing this from bile Safari”
Removed by mod
Probably the image is cached.
