229
submitted 6 days ago* (last edited 2 days ago) by bobbiguy2122 to c/lemmynsfw

Update 1: This is an issue with cloudflare, we are having issues with the account that hosts the site, we are contacting cloudflare support about the issue.

Update 2: we have switched s3 providers and images should be working again, older images may be missing, we will have to do a merge with the old s3 storage backup into the new provider, we plan to do this soon, but all new images will work as expected, sorry for the issues and thanks for your patience and kindness while we were working on the fix

you are viewing a single comment's thread
view the rest of the comments
[-] MisterSinn 43 points 4 days ago

I'm just going to include a section from the patch notes for Lemmy version 0.19.4.

There is a new config option called image_mode which provides a way to proxy external image links through the local instance. This prevents deanonymization attacks where an attacker uploads an image to his own server, embeds it in a Lemmy post and watches the IPs which load the image. Instead if image_mode is set to ProxyAllImages, image urls are rewritten to be proxied through /api/v3/image_proxy. This can also improve performance and avoid overloading other websites...

For the issue at hand, it appears to be related to Cloudflare based on the 403 error message when tying to view an image.

[-] leftzero 12 points 4 days ago* (last edited 4 days ago)

Sure, the visible symptom of the issue is cloudflare blocking the image proxy, probably with good reason, since the explanation is absurd (except for the deanonymization part, which is just schizophrenically paranoid; no one cares enough about who's looking at some random image to waste their time setting that up), but the unnecessary and nonconsensual meddling with the urls is the root cause.

We're talking Lemmy here. As great as federation is, small self hosted instance servers will always provide less performance and get overloaded faster than whatever CDN the site the user is linking to is using, so that argument is evidently fallacious.

(Plus, the option to host the image on the instance server has always been there: just download the fucking image from wherever you found it and upload it to the fucking instance. If anything, what this does is take away that choice from the user, leaving us with the “choice” to upload the image... or have it silently uploaded for us anyway.)

Let's be serious, the only reasonable motive behind this (especially when you take into account the devs' notorious ideology) is to be able to better control what the users post.

The deanonymization bit falls by its own weight, since, sure, the original hoster can't see who's loading the image (not that they ever cared to to start with), but now the instance admins (and / or the devs) can. Nothing is ever anonymous in the cloud, for fucks sake. Again, this is just taking away the choice of who to trust, and making lemmy look like the most untrustworthy option in the process.

The most important part, though, is that by highjacking the image hosting without the user's knowledge (and against the user's will, since, again, we could always choose to host the image on the instance, and this applies specifically to the case where the user did not intend to host it here), the instance (and / or the devs) gets control over what image gets actually served.

Enshittification happens. Every single image in the cloud will, sooner or later, be replaced with an ad. That's as certain as the third law of thermodynamics. When you link to a cloud hosted image, you're (mis)placing your trust on the hoster to keep serving that version of the image for the foreseeable future. Maybe I trust the lemmy instance more than the original site, in which case I'll upload the image. Maybe I trust the site more, in which case I'll link it. Maybe I trust neither, and I'll self-host the image, and link it (which is almost certainly the best option for people posting images of themselves, as is the main intended case for lemmynsfw).

But those two later options are now gone. Stolen from us, the users. And, obviously, I (and hopefully most other users) no longer trust the instance, or lemmy. Now the instance (and / or the devs) always has the option to change the image, instead of only when we misplaced our trust on them.

Plus, as the current kerfuffle so evidently shows, it adds a completely unnecessary extra point of failure.

The images would work perfectly if they weren't being shoveled through a hostile proxy no one asked for which is being blocked by cloudflare, probably with good reason.

The lemmynsfw admins could trivially solve the issue for newly linked images by disabling this stupid malicious option (already uploaded ones would probably require fixing the mangled urls at the database level, which is the least that they deserve for having enabled it in the first place), but they're not, they're trying to get cloudflare to fix it, a well known sisyphean task, i.e., an evident waste of everyone's time.

But they're not, so they clearly want to keep the proxy, the very root of the problem.

The whole thing is therefore not only malicious, but profoundly stupid, and depressing.

Just like good old reddit. 🤢

[-] himitsu 10 points 3 days ago

You’re an idiot. Proxies protect privacy. That’s literally why you’re here and not on Reddit, right?

[-] leftzero 9 points 3 days ago

Calling it a proxy doesn't mean it is one.

We have no way of knowing what's behind https://lemmynsfw.com/api/v3/image_proxy. All we have is the admins' word that it is one (wait, no, not even that, since they've never told us about it to start with).

All we know is that our urls are being hijacked (and that this is causing them not to work, and that the reason the devs — which are known to be untrustworthy — tried to justify this option with doesn't hold water) without anyone asking us first or warning us..

If I care about privacy I'll take care of that. I'll upload my images somewhere I trust or, better yet, control. If I want a proxy or CDN it'll be on my terms.

Even supposing it is a proxy, does it have a cache? Or a CDN? The whole cloudflare kerfuffle seems to suggest it does. How often do they update? If I decide to remove my image from wherever I hosted it, how long will it take for the cache to reflect that?

I don't know; lemmynsfw never told me, just like they didn't tell me they were using this alleged proxy and hijacking my urls.

Even if we apply Hanlon's razor and assume the lemmynsfw admins didn't know they had this option turned on and the devs just snuck it in by default in an update, the fact that they've kept it turned on for days when turning it off would fix the issue for external images makes the ignorance excuse moot.

They know it's on, they want it on, and they've got no intention of telling anyone or asking if we're fine with it.

This destroys any trust we could have had on them, and makes moot any assurance on their part (if they ever made one, which they have not) that this alleged proxy is benign.

[-] himitsu 3 points 2 days ago

That’s literally what a proxy is. We do know it is because the url is going to the lemmynsfw server. That’s all the proxy has to do to provide privacy. From then on it can literally do whatever, as long as you’re not hitting the third party server directly.

The proxy isn’t to protect images you upload. It’s to protect other people from you. You have so little understanding here it’s laughable. Fuck off.

[-] leftzero 2 points 2 days ago

The proxy isn’t to protect images you upload. It’s to protect other people from you.

Well, it's certainly doing a fantastic job then, isn't it?

No images, no risk!

You have so little understanding here it’s laughable.

What I understand is that I look at posts with external images from before this hijacking was implemented, the images fucking load, I look at later posts going through this proxy, they don't.

What I understand is that disabling this nonsense would immediately fix the issue, but the admins clearly have no interest in doing that.

What I understand is that after a week of the admins doing nothing to fix this, the realisation that they're hijacking our urls, and the mutual lack of trust this has caused, this instance is dead.

There's no point in fixing it at this point. Any reasonable user will have already migrated elsewhere.

Fuck off.

Yeah, that's clearly the message. They should pin it on the frontpage.

load more comments (2 replies)
load more comments (22 replies)
load more comments (23 replies)
this post was submitted on 16 Jul 2025
229 points (100.0% liked)

Lemmy NSFW

12987 readers
18 users here now

Updates about lemmynsfw.com

founded 2 years ago
MODERATORS