So I’m sure some of you have also gotten the spam DMs supposedly from “Nicole, the fediverse chick”. She is notorious enough across Lemmy to even have her own community now. I think I’ve gotten like 6 Nicole DMs. While those may seem amusing on their own, there is the worrying suggestion that they might actually be a deanonymization attack. In light of that possibility, are there any measures the admins here could consider to prevent this kind of attack from happening? Other instances’ solutions include for example rehosting external embedded images, filtering out external images from DMs entirely or trying to implement filters for preventing spam DMs from being sent. Especially one of the former two solutions would in my opinion be quite good options to protect the privacy of pawb.social users.
That may well be true. This method certainly could be used for deanonymization though, so I think preventing it would be a good idea. If this kind of attack hasn’t happened yet, even better, as we can stop it before there was any harm done.
Agreed 100%. Lemmy probably shouldn’t auto-load images in DMs, especially if image proxying isn’t enabled (still buggy last time I tried it).