Unsurprisingly, some folks on raddle and reddit seem to have a big problem with lemmy. A lot of it is pure FUD.

However, this appears to be a valid security concern:

https://raddle.me/f/fediverse/166674/lemmy-is-so-much-like-email-it-even-brought-back-spy-tracker

Any thoughts on how fixable this is?

Of course the general consensus on reddit is “lemmy devs are clueless and dangerous”. I’m pretty sure a lot of it is one guy with multiple alt accounts, tho. He has a Joe McCarthy attitude about lemmy because of one of the primary devs.

  • CanOpener@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Any thoughts on how fixable this is?

    This shouldn’t be hard to fix. Lemmy needs to proxy images, there’s an open issue for this. Right now, I don’t use Lemmy outside of Tor Browser specifically because of issues like this, and the recent XSS vulnerability is making me even more concerned. Lemmy is a great project, but it needs work and probably a security audit.

  • trent@kbin.social
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Why are people pretending this isn’t an issue??? Of course it is lol.
    Luckily the fix is also easy: an image proxy server. Mail clients do this already.
    It exposes the bigger problem with Lemmy: lack of auditing.