CHATPRIVACYDONATELOGINREGISTER
DMT-Nexus
FAQWIKIHEALTH & SAFETYARTATTITUDEACTIVE TOPICS
Hotlinking Images Options
 
Creo
#1 Posted : 9/26/2013 1:30:06 PM

DMT-Nexus member


Posts: 205
Joined: 12-Jun-2013
Last visit: 08-May-2019
I was browsing the 'Post Pictures of anything nice' thread and it occurred to me that hotlinking images (or videos) is a potential security hole. A malicious third party could hotlink to an image on their own server and collect the IP addresses of dmt-nexus members.
 

STS is a community for people interested in growing, preserving and researching botanical species, particularly those with remarkable therapeutic and/or psychoactive properties.
 
dreamer042
#2 Posted : 9/26/2013 4:43:23 PM

Dreamoar

Moderator | Skills: Mostly harmless

Posts: 4711
Joined: 10-Sep-2009
Last visit: 21-Nov-2024
Location: Rocky mountain high
I'm not 100% and someone who knows more will probably correct me if I'm wrong here, but I believe all links are directed through some type of anonymizer so that the server you are going to cannot see that you came from the dmt nexus(you'll notice when you click a link here it always goes through this anoniem.org site).
Row, row, row your boat, Gently down the stream. Merrily, merrily, merrily, merrily...

Visual diagram for the administration of dimethyltryptamine

Visual diagram for the administration of ayahuasca
 
Creo
#3 Posted : 10/14/2013 4:13:39 PM

DMT-Nexus member


Posts: 205
Joined: 12-Jun-2013
Last visit: 08-May-2019
Sorry dreamer042, I had forgotten that I had started this thread.

anoniem.org probably works by stripping HTTP headers when you click on a link, so it doesn't really address this issue.

The (worst case) scenario I'm concerned about goes something like this:

1. A DEA agent opens an account on the nexus.
2. He makes a post containing an img tag referencing a 1x1 pixel transparent image stored on DEA servers.
3. The DEA can then collect the IP addresses of everyone who reads that post.
 
The Traveler
#4 Posted : 10/14/2013 4:59:00 PM

"No, seriously"

Administrator | Skills: DMT, LSD, Programming

Posts: 7324
Joined: 18-Jan-2007
Last visit: 02-Nov-2024
Location: Orion Spur
Creo wrote:
3. The DEA can then collect the IP addresses of everyone who reads that post.

Although that you are correct that by this way IP's of visitors can be retrieved, reading a thread on the DMT-Nexus is not illegal.

Also that IP cannot be directly linked to a member. Even though the name is shown of members looking at a certain thread, any non-member guest that looks at that same thread is not shown. So this means it can be the member but also just as well an anonymous guest that is looking at that image.

One of the things I thought of in the past was to store a local copy of images on the DMT-Nexus but that has two problems:
1) Disk size, many picture lots of space.
2) Copyright issues

Because of these two issues I abandoned this idea.


Kind regards,

The Traveler

 
Elpo
#5 Posted : 10/14/2013 5:23:32 PM

DMT-Nexus member


Posts: 628
Joined: 12-Jan-2010
Last visit: 28-Feb-2019
A question in this regard: how safe is Dropbox? I sometimes use the links generated by dropbox to post pics.
Would it be safer to attach them directly to the post?

"It permits you to see, more clearly than our perishing mortal eye can see, vistas beyond the horizons of this life, to travel backwards and forwards in time, to enter other planes of existence, even (as the Indians say) to know God." R. Gordon Wasson
 
starway6
#6 Posted : 10/14/2013 5:35:04 PM

DMT-Nexus member


Posts: 1669
Joined: 10-Jul-2012
Last visit: 07-Sep-2019
Location: planet earth
[quote=Creo]Sorry dreamer042, I had forgotten that I had started this thread.

anoniem.org probably works by stripping HTTP headers when you click on a link, so it doesn't really address this issue.

The (worst case) scenario I'm concerned about goes something like this:

1. A DEA agent opens an account on the nexus.
2. He makes a post containing an img tag referencing a 1x1 pixel transparent image stored on DEA servers.
3. The DEA can then collect the IP addresses of everyone who reads that post.

Nexus is leagle...and no worry if member doesnt use his real name!...
Thats one thing you can keep from T H E M!!Big grin
 
 
Users browsing this forum
Guest

DMT-Nexus theme created by The Traveler
This page was generated in 0.029 seconds.