Comment on Who owns the servers for Lemmy?

<- View Parent
TWeaK@lemm.ee ⁨8⁩ ⁨months⁩ ago

I’m of the impression that only the origin and destination servers see any given private message, but I haven’t verified this.

It’s a bit more than that, when a client connects to lemmy they connect to all instances with displayed media. This includes thumbnails. Even inside a post, you’ll connect to every user’s instance to get their profile thumbnail. This could be quite exploitable, as the federated instance is always the user’s instance, not the instance of the community they post in - it would be possible for someone to fish for IP’s by setting up their own instance and posting on a popular community.

/u/sunauras@lemm.ee is making a new UI that apparently handles all these calls a different way, without connecting everywhere. It’s still a work in progress (you can’t comment there yet) but it looks promising.

source
Sort:hotnewtop