Loomio
Mon 13 Jan 2014

Proxy images through pod

R
Ryuno-Ki Public Seen by 92

Hello,
this is my first post on Loomio :)

On Geraspora, I've asked a question concerning proxying the images:
https://pod.geraspora.de/posts/1829784

For now, it's this way, that a user is probably sending a bunch of personal information (User Agent, resolution and so on) to every host of a hotlinked image.

In order to protect the users, I've thought, it might be clever to route the request through the pods server instead. This way, the third-party-server would only "see" the pod (IxQuick/StartPage shall work the same way).

Look, the point is, that advertisement industry is moving a way from a cookie-based approach to a browser-information-based. The headers provide enough details to almost identify an user.

I've searched the Loomio forums and found only one discussion before:
https://www.loomio.org/d/WthBGoV5/implement-support-for-camo-ssl-image-proxy

EG

Erwan Guyader Mon 13 Jan 2014

I totally agree with this idea!
I talked about it with some people a while ago (@Flaburgan for example) and the answer I got was it would be too strenuous for the pods.

I think our privacy should be a priority here.

KAK

Karthikeyan A K Tue 14 Jan 2014

Agree!

R

Ryuno-Ki Tue 14 Jan 2014

@erwanguyader Well, Jason suggested to make it optional for a podmin.

At least, one could cache the images (?) for example with Varnish. Downside is, that this needs another port than :80, so Heroku-user would be excluded. But it's imaginable, that a podmin runs it on a "better" server with the permissions for running services on multiple ports.

For those, this feature would be welcome IMHO.

QD

Quentin Dufour Tue 14 Jan 2014

I'm not against, but it should be an option. My old server had a very slow bandwidth (ADSL connection) so it was unthinkable to proxy pictures. But as an option and with a clever cache, why not....

JR

Jason Robinson Tue 14 Jan 2014

+1 for well done solution that by default is off but podmin can enable in pod settings to improve privacy of users.

G

goob Tue 14 Jan 2014

What Jason said.

DM

David Morley Wed 15 Jan 2014

This is good and bad maybe, right now all the "porn" content is on jd.com, my host is not ok with porn, but its not on my server. I wonder if I am the proxy of porn or other content from pods that is illegal or not allowed by my ISP/Host then they will view it as me hosting it if a proxy was used? On a good side it would releave the broken SSL icon issue we have had for so long without links to http images.

DU

[deactivated account] Fri 17 Jan 2014

A simpler solution for privacy-aware users would be to disable rendering of image links in posts. That's something we did on Libertree because I'm not comfortable with taking over responsibility for whatever image some user on the network links to by hosting a copy on my own server.

Those who disable images will simply be shown links to the image URL.

You are welcome to use our forked markdown renderer library: https://github.com/rekado/rpeg-markdown

(peg-markdown is based on a grammar so we were able to extend markdown with a few more features such as video and audio file hotlinking.)

JR

Jason Robinson Fri 17 Jan 2014

I actually like the solution by @rekado better - and much better for the service infrastructure - great idea.

R

Ryuno-Ki Sun 19 Jan 2014

@rekado Well, if I understand you correctly, this would need the users to actually use the alt-attribute. But things like "img" aren't that descriptive …

How do you solve this?

DU

[deactivated account] Mon 20 Jan 2014

If no alt text is provided the URL could be displayed. If a non-descriptive alt-text is given there's nothing that you can do about it.