bmygsbvur

joined 1 year ago
sorted by: new top controversial old
PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 8 points 1 year ago (2 children)

You don't need to selfhost to reproduce this. Anyone can do this and that's the problem.

PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 18 points 1 year ago (1 children)

They are stored in the pctrs folder. They don't have file extensions but are viewable with many image programs.

PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 6 points 1 year ago (7 children)

Feel free to open the issue on my behalf. I am not a software developer. You seem to know more about this. I'm just reminding people something that I and many others have observed months ago.

PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 13 points 1 year ago

The issue is that you can share the image link to other people. People CAN get the content back out and admins or moderators WILL NOT KNOW about it.

So if someone uploads an illegal image in the comments, copies the link and does not post the comment, then they have a link of an illegal image hosted on someone's Lemmy instance. They can share this image to other people or report it to the FBI. Admins won't know about this UNLESS they look at their pictrs database. Nobody else can see it so nobody can report it.

PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 33 points 1 year ago (16 children)

I'm not on GitHub. Nor is a lot here. I'm wording it this way so the issue gets the attention it deserves. Anyway, everybody already knows about this but nobody understood the consequences. Same reason why there's no option to disable image caching. These issues should have been addressed the moment image uploading was made available in Lemmy. It was just overlooked because of how tiny the platform was then.

It's funny because last month Mastodon CSAM was a hot topic in the Fediverse and people were being defensive about it. Look where we are now. Has Mastodon addressed the CSAM issue? Did they follow the recommendations made by that paper? I don't think so. There wouldn't be an open GitHub issue about it. Will Lemmy be like Mastodon or will it addressed the concerns of its users?

PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 3 points 1 year ago

Sadly not the case

PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 4 points 1 year ago

That's another issue. Also a necessary feature.

PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 24 points 1 year ago (1 children)

This is a nice tool but orphaned images still need to be purged. Mentioned on the other thread that bad actors can upload spam to fill up object storage space.

PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 3 points 1 year ago

They probably have the tools to deal with it. Lemmy certainly doesn't.

PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 8 points 1 year ago

Very much needed.

PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 4 points 1 year ago (8 children)

Remove it from docker compose.

PSA: You can upload images to a Lemmy instance without anyone knowing in c/lemmy@lemmy.ml
[–] bmygsbvur@lemmy.ca 10 points 1 year ago (4 children)

Explain.

view more: ‹ prev next ›