|
archivist
5-HT


Registered: 06/06/07
Posts: 1,010
|
Off site images
#7387890 - 09/09/07 11:43 AM (16 years, 4 months ago) |
|
|
Just curious, because I've seen this mentioned in several posts by mods: What's the risk with clicking on off-site images?
--------------------
Proud supporter of the canning jar industry.
|
johnm214



Registered: 05/31/07
Posts: 17,582
Loc: Americas
|
Re: Off site images [Re: archivist]
#7392689 - 09/10/07 04:48 PM (16 years, 4 months ago) |
|
|
don't know much bout puter security but... if the image is a link, the link could be to somewhere else other than the image= potential trouble.
Also, just the loading of the image would give the host your ip address (without clicking on it).
|
OJK
Stranger


Registered: 06/08/03
Posts: 10,629
|
Re: Off site images [Re: johnm214]
#7393555 - 09/10/07 08:07 PM (16 years, 4 months ago) |
|
|
> Also, just the loading of the image would give the host your ip address (without clicking on it).
This is the crucial point.
Any shroomery member can embed an image in a message. The image can be hosted on any server.
For example, I could embed an image from odiumjunkies-server.com/image.jpg
That image would load up automatically if you looked at the thread.
Because I run the server the image is hosted on, I can see a list of the IP addresses that have viewed that image.
An IP address (usually) individually identifies an ISP account.
So theoretically, if I embedded an image in a post, and you viewed the post, I could find out your IP address.
Armed with this information, someone with sufficient leverage could find out the name of the owner of the ISP account with which that IP address is associated.
This wouldn't be easy. It could probably only be done by a police investigation that could attain a warrant to supoena the info from an ISP, but it's still a potential privacy risk.
|
johnm214



Registered: 05/31/07
Posts: 17,582
Loc: Americas
|
Re: Off site images [Re: OJK]
#7394971 - 09/11/07 03:06 AM (16 years, 4 months ago) |
|
|
yeah the thing is that if you've got subpoena power, you can just get the logs from the server company or whoever owns the website.
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
|
Re: Off site images [Re: johnm214]
#7395158 - 09/11/07 05:22 AM (16 years, 4 months ago) |
|
|
> So theoretically, if I embedded an image in a post, and you viewed the post, I could find out your IP address.
You are correct for most sites. However, we have gone to great efforts to protect our members as much as possible. Give this a try on the Shroomery and see for yourself. Here is an example:
First, I pick an offsite image such as "http://www.erowid.org/general/splash/images/blocks/coffea_arabica1_blk.jpg" and put it into image tags resulting in:
-------------------- Just another spore in the wind.
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
|
Re: Off site images [Re: johnm214]
#7395160 - 09/11/07 05:25 AM (16 years, 4 months ago) |
|
|
Next, I view source and look for my link to erowid.org, the offsite server. What do I find?
Code:
<img style="max-width:800px;" src="https://proxy.mind-media.com/proxy.php?url=http%3A%2F%2Fwww.erowid.org.nyud.%3Cwbr%3Enet%3A8080%2Fgeneral%2Fsplash%2Fimages%2Fbl%3Cwbr%3Eocks%2Fcoffea_arabica1_blk.jpg">
Oops... we go through a caching image proxy... 
The other big problem are referrer tags. These tags tell a web server what previous web server the user used to get to the current one. For example, if I post a link to www.cia.gov and you click on it, then the cia's web server will record the hit with a referrer tag of shroomery.org along with your IP address. However, if you mouse over the above link you will see that again, we have gone the extra distance to try and protect our members. We use another site as the middle man to protect your privacy when following offsite links.
|
Seuss
Error: divide byzero



Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
|
Re: Off site images [Re: johnm214]
#7395168 - 09/11/07 05:32 AM (16 years, 4 months ago) |
|
|
.
-------------------- Just another spore in the wind.
Edited by Seuss (09/11/07 11:38 AM)
|
|