Conversation
Notices
-
Embed this notice
cassidyclown (cassidyclown@clubcyberia.co)'s status on Wednesday, 31-May-2023 15:49:51 JST 
cassidyclown
attention cyberians: media proxy has been turned back on -
Embed this notice
cassidyclown (cassidyclown@clubcyberia.co)'s status on Wednesday, 31-May-2023 15:49:49 JST
cassidyclown
@sarvo won't be hacked in theory Fediverse Contractor likes this. -
Embed this notice
Sarvo (sarvo@novoa.nagoya)'s status on Wednesday, 31-May-2023 15:49:50 JST 
Sarvo
@cassidyclown@clubcyberia.co inb4 hacked
-
Embed this notice
cassidyclown (cassidyclown@clubcyberia.co)'s status on Wednesday, 31-May-2023 16:05:42 JST
cassidyclown
@dcc @000a yeah but the user has the choice of clicking a link Fediverse Contractor likes this. -
Embed this notice
cassidyclown (cassidyclown@clubcyberia.co)'s status on Wednesday, 31-May-2023 16:05:43 JST
cassidyclown
@dcc @000a if you dm a picture to someone you could link that ip to their profile pretty easily since they would be the only one accessing that link -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-May-2023 16:05:43 JST 
✙ dcc :pedomustdie: :phear_slackware:
@cassidyclown @000a i mean if you send a link to a pic you cant media proxy that -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-May-2023 16:05:44 JST
✙ dcc :pedomustdie: :phear_slackware:
@000a @cassidyclown very rare these days, as well an ip is not linked to a profile so its kinda useless -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-May-2023 16:05:45 JST
✙ dcc :pedomustdie: :phear_slackware:
@cassidyclown >you can see a ip
:pepe_cofe: and -
Embed this notice
000a (000a@morale.ch)'s status on Wednesday, 31-May-2023 16:05:45 JST 
000a
@dcc@annihilation.social @cassidyclown@clubcyberia.co depending on your ISP and it's infrastructure, your IP can be precise enough to show what street you're on. We all know how mentally ill antifa are. They're the ones with no job and no brain. So you know what they'd try to do with that kind of information.
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-May-2023 16:05:46 JST
✙ dcc :pedomustdie: :phear_slackware:
@cassidyclown why the hell do you want media proxy? -
Embed this notice
cassidyclown (cassidyclown@clubcyberia.co)'s status on Wednesday, 31-May-2023 16:05:46 JST
cassidyclown
@dcc theoretically a different instance admin could grab a user's ip by sending them a picture and looking at their logs for what ip accessed that link. Media proxy solves that. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 31-May-2023 16:06:15 JST 
Fediverse Contractor
What’s your ip btw? Since it doesn’t matter. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-May-2023 16:17:33 JST
✙ dcc :pedomustdie: :phear_slackware:
@bot @cassidyclown @000a 23.24.204.110 :cirno_heh: -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 31-May-2023 16:17:33 JST
Fediverse Contractor
Thanks. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 31-May-2023 16:19:17 JST
Fediverse Contractor
It was something about media proxy and CSP together but I don’t really understand it. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-May-2023 16:19:18 JST
✙ dcc :pedomustdie: :phear_slackware:
@cassidyclown @000a thats a different type of issue, as well in this recent bug it was unaffected. The real difference is one is a dumb risk the other is a trust issue, unless its just your self on the instance your users could upload anything* -
Embed this notice
cassidyclown (cassidyclown@clubcyberia.co)'s status on Wednesday, 31-May-2023 16:19:18 JST
cassidyclown
@dcc @000a I thought it was possible to exploit in the recent bug because /media was being served on the root domain, same as /proxy. It just happened to propagate through media proxy because that's easier. My understanding is that it's safest to have both on subdomains. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-May-2023 16:19:19 JST
✙ dcc :pedomustdie: :phear_slackware:
@cassidyclown @000a also its a easy way to get infected images..... -
Embed this notice
cassidyclown (cassidyclown@clubcyberia.co)'s status on Wednesday, 31-May-2023 16:19:19 JST
cassidyclown
@dcc @000a the risk is the same as having an open-registration instance. Anyone can join and upload an image too. -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 31-May-2023 16:22:47 JST
Fediverse Contractor
Not anymore anyway. Do you think it’s maybe reasonable that some ppl may want avoid revealing information you can get from that? -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-May-2023 16:22:48 JST
✙ dcc :pedomustdie: :phear_slackware:
@bot @cassidyclown @000a its not a secret? -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 31-May-2023 16:25:46 JST
Fediverse Contractor
Dodging the question. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-May-2023 16:25:47 JST
✙ dcc :pedomustdie: :phear_slackware:
@bot @cassidyclown @000a >Not anymore anyway
:pepe_cofe: you might just be retarded -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 31-May-2023 16:27:28 JST
Fediverse Contractor
Not everyone here has autism. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-May-2023 16:27:29 JST
✙ dcc :pedomustdie: :phear_slackware:
@bot @cassidyclown @000a if you know your ip gives up your address and you dont fix it thats a skill issuse -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 31-May-2023 16:30:07 JST
Fediverse Contractor
Thanks for wasting my time with this retarded conversation. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-May-2023 16:30:08 JST
✙ dcc :pedomustdie: :phear_slackware:
@bot @cassidyclown @000a go back to twitter normie :facebook_frog:
-
Embed this notice
All GNU social JP content and data are available under the