tfm

joined 5 days ago
MODERATOR OF
BuyFromEU
europePub
Austria
Memes
privacy
BoycottUnitedStates
Anticonsumption
sorted by: new top controversial old
I believe that the "Nicole" images being sent to Threadiverse users may be intending to deanonymize accounts in c/fediverse@lemmy.world
[–] tfm@europe.pub 8 points 1 hour ago

When the image of "Nicole" is loaded, your computer/phone connects to another server and transfers your IP address. But it currently looks like it's not that big of a problem. Still a fix will be implemented soon to prevent this.

I believe that the "Nicole" images being sent to Threadiverse users may be intending to deanonymize accounts in c/fediverse@lemmy.world
[–] tfm@europe.pub 2 points 1 hour ago

This would break a lot of sites

I believe that the "Nicole" images being sent to Threadiverse users may be intending to deanonymize accounts in c/fediverse@lemmy.world
[–] tfm@europe.pub 1 points 2 hours ago

Thanks! Completely overlooked that

36
VARTA - Batteries Made In Germany (europe.pub)
 
What are you looking forward to in 2025? in c/asklemmy@lemmy.ml
[–] tfm@europe.pub 2 points 2 hours ago

And democracy probably

What are you looking forward to in 2025? in c/asklemmy@lemmy.ml
[–] tfm@europe.pub 1 points 2 hours ago

Have you talked with a therapist?

What are you looking forward to in 2025? in c/asklemmy@lemmy.ml
[–] tfm@europe.pub 2 points 2 hours ago (1 children)

That's pretty optimistic

12
Common imports from the US. Be aware and check the origin! (i.postimg.cc)
 

cross-posted from: https://feddit.org/post/9410064

When You’re Desperate to Convince People that Reusable Containers are Uncool to BUY PRODUCT. in c/anticonsumption@slrpnk.net
[–] tfm@europe.pub 2 points 2 hours ago

I think it's some powder you mix with water and heat up.

German spy agency 'believed Covid likely started in lab' in c/worldnews@lemmy.ml
[–] tfm@europe.pub 2 points 2 hours ago

Does it really matter? Many laboratories around the world experiment with highly dangerous viruses and that one leaked. Not that I like it but it's still a fact.

I believe that the "Nicole" images being sent to Threadiverse users may be intending to deanonymize accounts in c/fediverse@lemmy.world
[–] tfm@europe.pub 1 points 2 hours ago (2 children)

Hmm do you have a link to docs for that? 🤔

11
Dutch parliament calls for end to dependence on US software companies (www.reuters.com)
 

cross-posted from: https://feddit.org/post/9411140

I believe that the "Nicole" images being sent to Threadiverse users may be intending to deanonymize accounts in c/fediverse@lemmy.world
[–] tfm@europe.pub 1 points 3 hours ago (4 children)

But shouldn't this depend on the receiving end? I have enabled it and it still used the direct link

22
When You’re Desperate to Convince People that Reusable Containers are Uncool to BUY PRODUCT. (europe.pub)
 

cross-posted from: https://europe.pub/post/15513

Sponsored ad

1
When You’re Desperate to Convince People that Reusable Containers are Uncool to BUY PRODUCT. (europe.pub)
 

Sponsored ad

Proton Mail says it’s “politically neutral” while praising Republican Party in c/BuyFromEU@europe.pub
[–] tfm@europe.pub 7 points 3 hours ago

Pretty much an "enlightened centrist"

Could "pay or it's low priority" be a way to fund opensource projects? in c/opensource@programming.dev
[–] tfm@europe.pub 1 points 3 hours ago

Only if it's for Client specific Extensions not the core project. Basically freelance work. Paid bug fixes and feature requests to core are a big no-go.

24
Proton Mail says it’s “politically neutral” while praising Republican Party (theintercept.com)
 

cross-posted from: https://lemmy.world/post/24846782

Summary

Proton Mail, known for its privacy-first email services, faced backlash after CEO Andy Yen praised the Republican Party and its antitrust stance.

The company initially posted and deleted a statement supporting Yen’s comments, later claiming an “internal miscommunication” and reiterating its political neutrality.

Critics question Proton’s impartiality, particularly as it cooperates with Swiss authorities on legal data requests.

Privacy advocates warn that political alignments could undermine trust, especially for Proton’s users—journalists and activists wary of government surveillance under administrations like Trump’s.

142
I believe that the "Nicole" images being sent to Threadiverse users may be intending to deanonymize accounts (europe.pub)
 

cross-posted from: https://lemmy.today/post/25826615

For those not familiar, there are numerous messages containing images being repeatedly spammed to many Threadiverse users talking about a Polish girl named "Nicole". This has been ongoing for some time now.

Lemmy permits external inline image references to be embedded in messages. This means that if a unique image URL or set of image URLs are sent to each user, it's possible to log the IP addresses that fetch these images; by analyzing the log, one can determine the IP address that a user has.

In some earlier discussion, someone had claimed that local lemmy instances cache these on their local pict-rs instance and rewrite messages to reference the local image.

It does appear that there is a closed issue on the lemmy issue tracker referencing such a deanonymization attack:

https://github.com/LemmyNet/lemmy/issues/1036

I had not looked into these earlier, but it looks like such rewriting and caching intending to avoid this attack is not occurring, at least on my home instance. I hadn't looked until the most-recent message, but the image embedded here is indeed remote:

https://lemmy.doesnotexist.club/pictrs/image/323899d9-79dd-4670-8cf9-f6d008c37e79.png

I haven't stored and looked through a list of these, but as I recall, the user sending them is bouncing around different instances. They certainly are not using the same hostname for their lemmy instance as the pict-rs instance; this message was sent from nicole92 on lemmy.latinlok.com, though the image is hosted on lemmy.doesnotexist.club. I don't know whether they are moving around where the pict-rs instance is located from message to message. If not, it might be possible to block the pict-rs instance in your browser. That will only be a temporary fix, since I see no reason that they couldn't also be moving the hostname on the pict-rs instance.

Another mitigation would be to route one's client software or browser through a VPN.

I don't know if there are admins working on addressing the issue; I'd assume so, but I wanted to at least mention that there might be privacy implications to other users.

In any event, regardless of whether the "Nicole" spammer is aiming to deanonymize users, as things stand, it does appear that someone could do so.

My own take is that the best fix here on the lemmy-and-other-Threadiverse-software-side would be to disable inline images in messages. Someone who wants to reference an image can always link to an external image in a messages, and permit a user to click through. But if remote inline image references can be used, there's no great way to prevent a user's IP address from being exposed.

If anyone has other suggestions to mitigate this (maybe a Greasemonkey snippet to require a click to load inline images as a patch for the lemmy Web UI?), I'm all ears.

22
Every step forwards is a step forwards (i.postimg.cc)
 

cross-posted from: https://europe.pub/post/14870

Credits: https://old.reddit.com/r/BuyFromEU/comments/1je0xx2/every_step_forwards_is_a_step_forwards/

90
When seeing all those alternatives to branded products... (europe.pub)
 
1
After only 2.5 months we have devalued Tesla's share to where it was before 6 months. Congrats! (europe.pub)
 

Originally posted on Reddit

6
Lieferando kündigt alle Rider und stellt gesamte Logistik auf freie Dienstverträge um (www.derstandard.at)
 

cross-posted from: https://europe.pub/post/14898

90
Bluesky does federation-washing (thelibre.news)
 

cross-posted from: https://programming.dev/post/27143191

Why I recommend against Bluesky.

Have you ever heard of the term federation-washing?

view more: next ›