• Members of the previous forum can retrieve their temporary password here, (login and check your PM).

Hotlinking Images

Migrated topic.
Creo

Creo

Rising Star
I was browsing the 'Post Pictures of anything nice' thread and it occurred to me that hotlinking images (or videos) is a potential security hole. A malicious third party could hotlink to an image on their own server and collect the IP addresses of dmt-nexus members.
 
I'm not 100% and someone who knows more will probably correct me if I'm wrong here, but I believe all links are directed through some type of anonymizer so that the server you are going to cannot see that you came from the dmt nexus(you'll notice when you click a link here it always goes through this anoniem.org site).
 
Sorry dreamer042, I had forgotten that I had started this thread.

anoniem.org probably works by stripping HTTP headers when you click on a link, so it doesn't really address this issue.

The (worst case) scenario I'm concerned about goes something like this:

1. A DEA agent opens an account on the nexus.
2. He makes a post containing an img tag referencing a 1x1 pixel transparent image stored on DEA servers.
3. The DEA can then collect the IP addresses of everyone who reads that post.
 
Creo said:
3. The DEA can then collect the IP addresses of everyone who reads that post.
Click to expand...
Although that you are correct that by this way IP's of visitors can be retrieved, reading a thread on the DMT-Nexus is not illegal.

Also that IP cannot be directly linked to a member. Even though the name is shown of members looking at a certain thread, any non-member guest that looks at that same thread is not shown. So this means it can be the member but also just as well an anonymous guest that is looking at that image.

One of the things I thought of in the past was to store a local copy of images on the DMT-Nexus but that has two problems:
1) Disk size, many picture lots of space.
2) Copyright issues

Because of these two issues I abandoned this idea.


Kind regards,

The Traveler
 
A question in this regard: how safe is Dropbox? I sometimes use the links generated by dropbox to post pics.
Would it be safer to attach them directly to the post?
 
Creo said:
Sorry dreamer042, I had forgotten that I had started this thread.

anoniem.org probably works by stripping HTTP headers when you click on a link, so it doesn't really address this issue.

The (worst case) scenario I'm concerned about goes something like this:

1. A DEA agent opens an account on the nexus.
2. He makes a post containing an img tag referencing a 1x1 pixel transparent image stored on DEA servers.
3. The DEA can then collect the IP addresses of everyone who reads that post.

Nexus is leagle...and no worry if member doesnt use his real name!...
Thats one thing you can keep from T H E M!!😁
Click to expand...
 
Back
Top Bottom