When you rotate an image in your phone or on your computer (by right-clicking or going into the image options and selecting “Rotate Right” or w/e), the device is not editing the image to rotate it 90 degrees. It’s just adding a little metadata tag that tells devices loading the image “display this, but rotate it 90 degrees”.
Lemmy scrapes off metadata as a privacy concern, since this also holds personal and location data. There have been a few medium-profile events of internet stalkers getting location data off of women’s selfies and going straight to their homes.
I’m not sure if there’s a simpler solution, but opening the image in an image editor and saving it again should remove the metadata tag and save it as an actual, upright image. However, this is a problem that the devs should fix - platforms like Discord also shave off metadata, but know enough to leave the orientation data intact.
When you rotate an image in your phone or on your computer (by right-clicking or going into the image options and selecting “Rotate Right” or w/e), the device is not editing the image to rotate it 90 degrees. It’s just adding a little metadata tag that tells devices loading the image “display this, but rotate it 90 degrees”.
That depends on the software you’re using. Some edit metadata, some rotate the image itself.
I can’t believe we are actually talking about this. There is a difference between owning and renting. I’m financing my car, I’m paying to own it. After the payments are done, it’s 100% my car. Movies say “purchase” and literally outright don’t let you download and own a copy of the movie that you just paid full price for. I remember trying to purchase a TV show on YouTube and it stated that it’ll “expire” after two years of time of purchase. Bitch, you’re asking me to pay $100 for this shit. They have option to “rent” and to “purchase” and the expiration is on both, except one expires in 24 hours and the other in 2 years. Fuck that
Seems I hit a nerve. I don’t disagree with what you’ve put. The biggest issue here is the fact they say purchase rather than rent. I’d much rather I purchase a movie and own it but that’s not the business model they offer. In reality, if the continue with their current model they should rename it.
Right, but they won’t change the name, because they know your average Joe would just walk away from it, so they just keep it sketchy and keep fucking people over.
It is quite interesting how games came out in the past that never got updates. Now you install a game and the first thing it does is downloads updates for a day before you can play.
Oh I get that. Just noticed that developers I work with today rather than the ones I worked with 20+ years ago have a very different understanding of development.
I’m also concerned about the potential for embrace/extend/extinguish, but searching for other fediverse users and posts is enough of a hurdle that threads might end up naturally staying a fairly separate instance.
I appreciate the illustration (and even warning) here. I predict things like this will just lead to more people having throwaway accounts. Now instead of just having throwaway accounts for posting shameful stories, you’ll also find people with their “commenting” accounts separate from their “voting” accounts.
The more I see kbin users calling people out for downvoting them, the faster I expect the votes to just become gamed instead of natural. Anything that’s used to draw attention to the way people vote will make this worse.
We’re in the early stages, but as soon as we start seeing communities that ban users based on their voting records, people will just find other ways to obscure things, which will make it even harder for instance admins to address massive misuse of the voting system.
I definitely expect a drawn out game of whack a mole as lemmy devs, instance admins and key contributors start seeing stuff like this pop up, and they develop tools or tech to mitigate abuse, until another exploit is found by bad actors, rinse and repeat.
Some say it’s an inherent flaw with federation/activitypub but I expect/hope it progresses the way other vulnerable tech has.
For example, in the early days of wifi it was pretty trivial to packet sniff (a practice that lets you peer into other folks network activity). Now most sites encrypt their transmitted data and while the packets could be sniffed over an unsecured network, the data within stays safe because it’s encrypted (assuming most sites that deal with sensitive data now encrypt, which in my experience, they do)
Furthermore WIFI as a technology has gone through many iterations, each one bringing with it better and stronger security, to the point where average Joe can setup a secure home network by following the quick start guide included with their router, which these days is essentially plug in, power on, choose a password, and authenticate with your devices.
I expect activitypub and fedi tech to develop in the same way: releasing patches and updates and ammending the standard to combat/mitigate abuse of an open federated platform., it’s gonna take time though.
I think the biggest concern is getting all participating instances to agree on how to handle the issue.
We’ll start to see more fragmentation of the Fediverse as different instance owners have different views on what should be done. But many of the measures to fight this will only work if all participating instances do the same, whether actively, or by using a new version of the federation standard. Some instances may think the way is to be more transparent, while others may think the way is to obscure the votes more. Now you’ll have the “transparent” fediverse and the “obscure” fediverse with fundamental disagreements with each other on the way things work.
It’s interesting times ahead. Personally, I don’t think federation is the simple answer to all our social media woes like some folks around seem to think. There’s a lot that needs to be addressed, which will be uncovered as more companies like Meta try to get in on it.
biggest concern is getting all participating instances to agree
I see what you mean, that is true if the responsibility ultimately ends up falling on instance owners.
Which is why I’m hoping that the developments instead occur on the Lemmy project itself and other fediverse project code bases. Lemmy devs and contributors will hopefully work on privacy and security as the Lemmy project matures. If instance admins are keeping their instances mostly up to date, there is virtually no (dis)agreement to be had: the mitigation patches will be loaded on the next update.
Of course, anyone can fork lemmy or manually remove these changes from their instance, or some admins may simply refuse to update, but that would reflect badly and privacy minded users may choose move to another instance that has updated to the latest/most secure version of Lemmy and other instance owners can also choose to defederate from instances that leave themselves vulnerable to issues that have been patched out.
That’s gotta be it. You can tell images to be displayed rotated instead of actually rotating them through metadata (EXIF flags). That’s for example also how Windows does (or at least did) rotate images when you clicked on the 90° rotation button.
I remember having issues with this before when later loading those images through some code.
Nope, it’s an absolute nightmare. The post basically outlines how you could feasibly exploit data across a majority of the Lemmy network without much effort at all.
With a bit more effort you could also link the Lemmy accounts to the users email, as becoming an admin is as simple as hosting your own instance and getting users to join.
Boom you have a business case of profiling people on Lemmy and selling those profiles to advertisers, stalkers and perverts alike.
Indeed! I felt it was important to illustrate this, to Jumpstart discussion and hopefully motivate some talented/passionate devs to start thinking about this. Not that they haven’t, but there’s been a lot of handwaving on lemmy this week when someone brings up the vulnerabilities of the fediverse. I wanted to further illustrate the possibilities.
I’m encouraged by seeing folks like yourself taking the implications seriously (not to say you ever didn’t take it seriously)
lemmy.world
Hot