Members of the previous forum can retrieve their temporary password here, (login and check your PM).

Reply to thread

Message

4. Disable embedding of external content, such as youtube and image hosters.

Every time I visit a page on dmt-nexus that embeds one of the above, automatically a request bearing my ip is sent to the 3rd party website. Even more worrisome, if I am correct, is that also a "Referer" http request header indicating "dmt-nexus.me" is sent to the external site hosting the content embedded on the dmt-nexus page. This is potentially compromising information leakage.

Apart from altogether banning embedding, I see two ways of dealing with this:
- an "anoniem" type construct could be created for iframes.
- theoretically, a low res version or thumbnail could be cached on the dmt-nexus site and the actual iframe is only activated after clicking on it or the browser is simply pointed to another page, via the anoniem service. However, in practice, the creation of a locally cached version of the content would mean users triggering scripts to process off-site untrusted data, this is obviously a very bad idea.

Personally, I would vote for no more embedding. Writers will still be able to use hyperlinks to link to their off site content and readers will be free to choose if they want to visit the 3rd party site. As a bonus, threads with 50 youtube iframes will no longer freeze older computers for minutes.

5. links to wiki.dmt-nexus.me do not need to be gated through anoniem.org.

<blockquote data-quote="pitubo" data-source="post: 3795540" data-attributes="member: 26935">4. Disable embedding of external content, such as youtube and image hosters. Every time I visit a page on dmt-nexus that embeds one of the above, automatically a request bearing my ip is sent to the 3rd party website.&nbsp; Even more worrisome, if I am correct, is that also a &quot;Referer&quot; http request header indicating &quot;dmt-nexus.me&quot; is sent to the external site hosting the content embedded on the dmt-nexus page.&nbsp; This is potentially compromising information leakage.Apart from altogether banning embedding, I see two ways of dealing with this: - an &quot;anoniem&quot; type construct could be created for iframes.- theoretically, a low res version or thumbnail could be cached on the dmt-nexus site and the actual iframe is only activated after clicking on it or the browser is simply pointed to another page, via the anoniem service.&nbsp; However, in practice, the creation of a locally cached version of the content would mean users triggering scripts to process off-site untrusted data, this is obviously a very bad idea. Personally, I would vote for no more embedding.&nbsp; Writers will still be able to use hyperlinks to link to their off site content and readers will be free to choose if they want to visit the 3rd party site.&nbsp; As a bonus, threads with 50 youtube iframes will no longer freeze older computers for minutes.5. links to wiki.dmt-nexus.me do not need to be gated through anoniem.org.</blockquote>

[QUOTE="pitubo, post: 3795540, member: 26935"] 4. Disable embedding of external content, such as youtube and image hosters. Every time I visit a page on dmt-nexus that embeds one of the above, automatically a request bearing my ip is sent to the 3rd party website. Even more worrisome, if I am correct, is that also a "Referer" http request header indicating "dmt-nexus.me" is sent to the external site hosting the content embedded on the dmt-nexus page. This is potentially compromising information leakage. Apart from altogether banning embedding, I see two ways of dealing with this: - an "anoniem" type construct could be created for iframes. - theoretically, a low res version or thumbnail could be cached on the dmt-nexus site and the actual iframe is only activated after clicking on it or the browser is simply pointed to another page, via the anoniem service. However, in practice, the creation of a locally cached version of the content would mean users triggering scripts to process off-site untrusted data, this is obviously a very bad idea. Personally, I would vote for no more embedding. Writers will still be able to use hyperlinks to link to their off site content and readers will be free to choose if they want to visit the 3rd party site. As a bonus, threads with 50 youtube iframes will no longer freeze older computers for minutes. 5. links to wiki.dmt-nexus.me do not need to be gated through anoniem.org. [/QUOTE]