This is possible because Lemmy doesn't proxy external images but instead loads them directly. While not all that bad, this could be used for Spy pixels by nefarious posters and commenters.

Note, that the only thing that I willingly log is the "hit count" visible in the image, and I have no intention to misuse the data.

[This comment has been deleted by an automated system]

I'm fine with this. Instances shouldn't proxy or cache images because it opens instance owners to a lot more liability than text. A client side setting to not load images in comments by default is better.

Oh neat, Jerboa doesn't identify itself. Cool.

• Mlem - knows exactly that it’s Mlem.
• Memmy - sees Mobile Safari webkit.
• Voyager - same as Memmy.
• Thunder - just sees Mobile Client.

What is it supposed to say?

Salient demonstration, but if image proxying were to come to Lemmy I'd hope it was made optional, as it could overburden smaller instances, especially one-person instances (like mine). We also need a simple integrated way of configuring object storage.

Easiest way to stop this from happening is to use ublock origin to block all third party request on your instance.

One way to do this is via dynamic filtering. This is for advanced users so be sure to read the info page: https://github.com/gorhill/uBlock/wiki/Dynamic-filtering

(Consider backing up your ublock settings before doing this)

If you are using lemmy.ml your rule would be this:

lemmy.ml * 3p block

if you're using another instance then change the domain or use both rules cause you might end up visiting the others as well. Note that adding this rule wont work unless enable advanced features in ublock origin.

EDIT: THIS MIGHT BREAK THINGS ON YOUR INSTANCE, its recommended to learn how to use dynamic filtering to unbreak it: https://github.com/gorhill/uBlock/wiki/Dynamic-filtering:-quick-guide If it breaks stuff just remove that rule.

You could also block it using static filters but I can't remember how to do that exactly, if you know please reply below.

I'll be damned. I tried this from three different platforms and you've nailed it.

VPN using Librewolf user checking in. This post got nothing on me.

I would've hoped that lemmy users on a c called privacy would understand the technology better, but I guess not.

for a little extra creepiness, modify the image-generating script to add geoip location data and http referer to the image.

What does it say? on jerboa is states that i use unknown mobile client, with infinity, android client. All i have is adaway on my phone

unknown device?

I feel like there isn't a real way to fix this, since lemmy isn't a single service, like I can choose any image host I want. The only way I could think of would be to have your instance download the images but that's currently not even support on the mastodon alike platforms even. The only thing you can do on Mastodon that I'm aware of is cache the images on your own server which could get costly

Image proxies are a must have, let's hope we get those soon!