tfm

joined 5 days ago
MODERATOR OF
[–] tfm@europe.pub 1 points 4 hours ago

Just by loading the image in the DM.

But to be clear. All they get at most is your IP address. That's not worth much alone.

There is a setting that prevents sending the IP address by caching the image. lemmy.world should definitely enable that. They don't do that right now, unfortunately.

 

cross-posted from: https://sopuli.xyz/post/24105021

Archive: https://archive.is/2025.03.19-115656/https://www.ft.com/content/eb9e0ddc-8606-46f5-8758-a1b8beae14f1

The planned fund for capitals to spend on weapons would only be open to EU defence companies and those from third countries that have signed defence agreements with the bloc, officials said on Wednesday.

It would also exclude any advanced weapons systems upon which a third country had “design authority” — restrictions on its construction or use of particular components — or control over its eventual use, the officials added. 

That would exclude the US Patriot air and missile defence platform, which is manufactured by defence contractor RTX, and other US weapons systems where Washington has restrictions on where they can be used.

The policy is a victory for France and other countries that have demanded a “Buy European” approach to the continent’s defence investment push, amid fears over the long-term dependability of the US as a defence partner and supplier sparked by President Donald Trump.

At least 65 per cent of the cost of the products would need to be spent in the EU, Norway and Ukraine.

EU member states would not be able to spend the money on products “where there can be a control on the use or the destination of that weapon . . . It would be a real problem if equipment acquired by countries cannot be used because a third country would object,” one of the officials said.

[–] tfm@europe.pub 2 points 7 hours ago

At least they have their jurisdiction in Europe and not the US. If their investors have the access keys to our data is another question. But they'd need to explicitly mention this in their privacy policy.

[–] tfm@europe.pub 3 points 7 hours ago

We need European providers for popular open source LLMs like Deepseek. Something like openrouter.ai but in Europe.

[–] tfm@europe.pub 5 points 7 hours ago (1 children)

Still the right thing

[–] tfm@europe.pub 3 points 7 hours ago

Interessant. Also quasi ein Voting System das auch die mentale Gesundheit beachtet?

[–] tfm@europe.pub 2 points 8 hours ago

It depends on the instance configuration. If images are proxied, no traffic should show up.

[–] tfm@europe.pub 1 points 8 hours ago

They use different images.

[–] tfm@europe.pub 2 points 9 hours ago

Kann ich nur so unterschreiben!

[–] tfm@europe.pub 1 points 10 hours ago

Not that I like it. It's just how it is.

[–] tfm@europe.pub 1 points 11 hours ago (2 children)

That may be true technologically. But if the economics don't add up it's a bubble.

[–] tfm@europe.pub 1 points 11 hours ago

Why do you assume the developer has to implement what could be paid for?

If 80% of your income comes from a single company that pays you to develop the features they want, can you afford to decline specific requests without risking that client? Probably not. Without income diversification, you can quickly end up in a situation where your client dictates your work.

Why is the assumption that devs will give up agency?

Because financial dependence limits choice. When a developer relies on just a few clients, those clients gain leverage over them, making it difficult to turn down requests, even if they’d prefer to.

And why the assumption that all paid requests will be by corporations?

Because private individuals rarely spend hundreds or thousands of dollars to get a feature implemented. A more realistic approach for individual users would be crowdfunding or pooling resources to fund specific features.

 
 

cross-posted from: https://feddit.org/post/9410064

 

cross-posted from: https://feddit.org/post/9411140

 

cross-posted from: https://europe.pub/post/15513

Sponsored ad

 

Sponsored ad

 

cross-posted from: https://lemmy.world/post/24846782

Summary

Proton Mail, known for its privacy-first email services, faced backlash after CEO Andy Yen praised the Republican Party and its antitrust stance.

The company initially posted and deleted a statement supporting Yen’s comments, later claiming an “internal miscommunication” and reiterating its political neutrality.

Critics question Proton’s impartiality, particularly as it cooperates with Swiss authorities on legal data requests.

Privacy advocates warn that political alignments could undermine trust, especially for Proton’s users—journalists and activists wary of government surveillance under administrations like Trump’s.

 

cross-posted from: https://lemmy.today/post/25826615

For those not familiar, there are numerous messages containing images being repeatedly spammed to many Threadiverse users talking about a Polish girl named "Nicole". This has been ongoing for some time now.

Lemmy permits external inline image references to be embedded in messages. This means that if a unique image URL or set of image URLs are sent to each user, it's possible to log the IP addresses that fetch these images; by analyzing the log, one can determine the IP address that a user has.

In some earlier discussion, someone had claimed that local lemmy instances cache these on their local pict-rs instance and rewrite messages to reference the local image.

It does appear that there is a closed issue on the lemmy issue tracker referencing such a deanonymization attack:

https://github.com/LemmyNet/lemmy/issues/1036

I had not looked into these earlier, but it looks like such rewriting and caching intending to avoid this attack is not occurring, at least on my home instance. I hadn't looked until the most-recent message, but the image embedded here is indeed remote:

https://lemmy.doesnotexist.club/pictrs/image/323899d9-79dd-4670-8cf9-f6d008c37e79.png

I haven't stored and looked through a list of these, but as I recall, the user sending them is bouncing around different instances. They certainly are not using the same hostname for their lemmy instance as the pict-rs instance; this message was sent from nicole92 on lemmy.latinlok.com, though the image is hosted on lemmy.doesnotexist.club. I don't know whether they are moving around where the pict-rs instance is located from message to message. If not, it might be possible to block the pict-rs instance in your browser. That will only be a temporary fix, since I see no reason that they couldn't also be moving the hostname on the pict-rs instance.

Another mitigation would be to route one's client software or browser through a VPN.

I don't know if there are admins working on addressing the issue; I'd assume so, but I wanted to at least mention that there might be privacy implications to other users.

In any event, regardless of whether the "Nicole" spammer is aiming to deanonymize users, as things stand, it does appear that someone could do so.

My own take is that the best fix here on the lemmy-and-other-Threadiverse-software-side would be to disable inline images in messages. Someone who wants to reference an image can always link to an external image in a messages, and permit a user to click through. But if remote inline image references can be used, there's no great way to prevent a user's IP address from being exposed.

If anyone has other suggestions to mitigate this (maybe a Greasemonkey snippet to require a click to load inline images as a patch for the lemmy Web UI?), I'm all ears.

 
 

Originally posted on Reddit

 

cross-posted from: https://europe.pub/post/14898

view more: next ›