• Saik0@lemmy.saik0.com
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    1 month ago

    Yeah that was 19.4. It’s doesn’t proxy everything unless explicitly set to. Just thumbnails I believe. But I could be wrong. And many instance owners would be allergic to that as it leaves them on the hook for storing content. For example… someone posts CSAM… a copy of that is now on your server. You get police raided and you’re fucked.

    https://github.com/LemmyNet/lemmy/blob/705e86eb4c0079d0775f0c1490968f1183095fcc/config/defaults.hjson#L51

    Actually going over it briefly looks like it has a few available options for what it will cache…

    I refuse to enable it myself for the above reason. I would venture 99% of instances out there would also refuse for liability and bandwidth costs.

    • Dave@lemmy.nz
      link
      fedilink
      arrow-up
      1
      ·
      1 month ago

      Certain (but not all) thumbnails have been sort of proxied for a while, but it’s complicated. But for example if someone posts a link to some questionable content on imgur, your instance will have a copy of that cached (and never delete it, because… Lemmy reasons). The recent changes just mean you can now enable other images to be proxied, though this is disabled by default. This proxy has an age (a day or a week or whatever you set) and content is deleted if it hasn’t been accessed in that timeframe - this is in contract to the normal Lemmy image stuff that I believe still stays forever unless that was fixed recenty.

      And many instance owners would be allergic to that as it leaves them on the hook for storing content

      This is already a risk whether via the existing thumbnail storage or via user uploads. It’s a pretty common recommendation that you should never host a website like Lemmy on a home server, always use a VPS for this reason. Then make sure you understand your local laws as well.

      • Saik0@lemmy.saik0.com
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        1 month ago

        This is already a risk whether via the existing thumbnail storage

        Not anymore. You can opt out of it for the most part.

        # Leave images unchanged, don’t generate any local thumbnails for post urls. Instead the the
        # Opengraph image is directly returned as thumbnail
        “None”

        • Dave@lemmy.nz
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 month ago

          Oh I didn’t realise this! I’ll have to investigate more. Even if you want proxying, it makes way more sense to use the proxy image functionality that actually deletes the images after a period of time.

          Thanks for bringing this to my attention, I’m quite excited about it 😆

          Edit: seems like it’s been an option since 0.19.0!