A good thing about proxying is that it prevents auto-loading of resources from potentially malicious domains. For instance, I could make an image comment containing an image link to a server I control. When you reply to my comment, since you clearly have seen my comment, I can now look at my server logs and see the IP addresses of everyone who viewed my image. I now know that your IP address is in that list.
I’ve heard this security concern before, but I’m a bit confused about the real attack vector here. I mean let’s say you do this - you post an image to some random Lemmy instance and behind the scenes, you gather all the IPs which fetch the image. What malicious thing could you do with that? Genuinely curious.
A good thing about proxying is that it prevents auto-loading of resources from potentially malicious domains. For instance, I could make an image comment containing an image link to a server I control. When you reply to my comment, since you clearly have seen my comment, I can now look at my server logs and see the IP addresses of everyone who viewed my image. I now know that your IP address is in that list.
I’ve heard this security concern before, but I’m a bit confused about the real attack vector here. I mean let’s say you do this - you post an image to some random Lemmy instance and behind the scenes, you gather all the IPs which fetch the image. What malicious thing could you do with that? Genuinely curious.
Hack their Gibson of course.
Exactly this.