Lemmy does not remove exif data (unless the code has changed), you need to remove it yourself (also a good practice in general)
Lemmy does not remove exif data (unless the code has changed), you need to remove it yourself (also a good practice in general)
That’s a different conversation. I’m talking about an adversary who just creates a Lemmy instance and has malicious code embedded in the images, videos and text
What does that have to do with any corporation? Facebook specifically is already in a lawsuit this last month about installing malicious Root Certificates and performing man in the middle attacks against Amazon and Google, so I’m not sure what you’re asking
Yeah, but the average internet users doesn’t understand these concepts. And with the use of “random-lemmy.random” it seems like it might be an easy attack to fall for
I think the chances are high since the domains are supposed to be novel, compared to Facebook which is a worldwide known domain and chances of impersonating it are slim or would require a client side hack
The quick defederarion option is a nice defense. Could be some damage in the meantime though
Either or. Would be more nefarious to have users sign up for a malicious instance unknowingly and then federate with non malicious instances
How much time do you estimate (or know) you spend on these other apps?
HEY FELLOW HUMAN, MAYBE YOU NEED TO JUST EMBRACE THE ODDITIES OF THE INTERNET AND JOIN THE PACK. RARELY DO PACK MEMBERS TALK ABOUT COMPUTERS OR BRAINS!
SERIOUSLY, IT’S BEST PLACE ON THE INTERNET
(ANY SIBLINGS OUT THERE THAT CAN LINK THIS FEDIVERSE STYLE?)
[Quip that adds to your comment, but also shows some personality on my end]
Maybe T-shirt and local conversations at 3rd places might help?
deleted by creator
True, I was thinking man made
The prompt didn’t specify it had to be something in my lifetime
A single moment without radiowaves
i’ll have to read their audit. thanks for the pointer
interesting. thanks for the info
so what’s the benefit here? just to not broadcast to your credit card/crypto chain that you purchased it? i assume they still have logs with the ip address you’re connecting from
yeah totally, definitely not trying to say it’s a hopeless situation. there are many helpful tools to help with having some. i just have been following and involved with data collection and it’s a bit of a mess - the idea that anything can happen without at least the 13 eyes knowing seems almost impossible
So from a security mindset, this is a nightmare. This person must be a paid plant for Big Cross-Site-Tracking