If you visit a popular community like /c/memes@lemmy.ml with your web browser, the images shown are hotlinked from the Lemmy instance that the person posting the image utilized. This means that your browser makes a https request to that remote server, not your local instance, giving that server your IP address and web browser version string.

Assume that it is not difficult for someone to compile this data and build a profile of your browsing habits and patterns of image fetching - and is able to identify with high probability which comments and user account is being used on the remote instance (based on timestamp comparison).

For example, if you are a user on lemmy.ml browsing the local community memes, you see postings like these first two I see right now:

You can see that the 2nd one has a origin of pawb.social - and that thumbnail was loaded from a sever on that remote site:

https://pawb.social/pictrs/image/fc4389aa-bd4f-4406-bfd6-d97d41a3324e.webp?format=webp&thumbnail=256

Just browsing a list of memes you are giving out your IP address and browser string to dozens of Lemmy servers hosted by anonymous owner/operators.

  • Dick Justice@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Is rhere anything end users can do about it, or is it a choice between using the fediverse or not using the fediverse?

    • RoundSparrow@lemmy.mlOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      2
      ·
      1 year ago

      At this point, raise awareness that it isn’t like a major identifiable social media site who has a reputation to worry about. Right now, anyone can create a Lemmy instance and join the federation, there is no approval or application process.

      • Dick Justice@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        I agree 100%, people need to know what they aare using and doing, especially less savvy or less curious users who wont seek out this kind of information on their own.

        Im asking though, is their anything that can be done by the user themselves to obscure their IP when loading images, or is it just something that has to be accepted as part of using the fediverse if you want to use it, and thats just that.

        • RoundSparrow@lemmy.mlOP
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          edit-2
          1 year ago

          Some people use VPN… and every day they are getting a different IP address when they connect to their VPN…

          It’s normal, what’s ‘new’ to people is that the images are loaded from peer. Especially coming from Reddit (where it uses thumbs.redditmedia.com), that is different from what most people expect. They assume you have to click a link to go off-site. “hotlinking” the images as Lemmy is typically doing right now involves more parties.

      • static@kbin.social
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        It’s a lemmy thing, kbin appears not to hotlink. and mastodon allso doesn’t hotlink.