FQQD

joined 2 years ago
MODERATOR OF
pbsod
dontdeadopeninside
internetfuneral
onejob
redneckengineering
nicole
sorted by: new top controversial old
ich🚋iel in c/[email protected]
[–] [email protected] 1 points 9 hours ago (1 children)

Bei Fahrschulen scheint ja der allwissende Markt nicht allzu viel zu wirken. Man sollte meinen, dass bei so viel Konkurrenz einen günstigen Preis hätte. Trotzdem ist der Führerschein teurer denn je.

📷 A new photography community: Vintage Lenses in c/[email protected]
[–] [email protected] 2 points 9 hours ago (2 children)

Nice! I'm excited for the posts there, hope this community gets some attention.

I wouldn't rule out that this works in c/[email protected]
internet rule in c/[email protected]
[–] [email protected] 50 points 18 hours ago (10 children)

I still think webp is good xd

MIND MAP: THE CURRENT KNOWLEDGE in c/[email protected]
[–] [email protected] 2 points 2 days ago* (last edited 2 days ago)

The crypto adresses are back? As far as I'm aware, they were being sent out a week ago, but then stopped again. God damn it. But yeah, I have to add the new usernames

Spilled My Coffee, Now I’m a Ghost Eating Pizza in Another Dimension in c/[email protected]
[–] [email protected] 7 points 4 days ago

Bro is cooked

Why women live longer then men in c/[email protected]
[–] [email protected] 39 points 5 days ago (1 children)

Love myself a good gambling ad on my Lemmy memes

Remmy for Lemmy: Upcoming iOS client app with futuristic design and advanced features in c/[email protected]
[–] [email protected] 3 points 6 days ago (1 children)

Still an ad for AI crap that no one asked for.

i'm honored in c/[email protected]
[–] [email protected] 1 points 6 days ago

It's probably both. :(

This temporary problem will last my whole life in c/[email protected]
[–] [email protected] 4 points 1 week ago

You're so old you're with one foot in the grave you're a fossil relic

The leaked address for her work, match up with images on her friendica in c/[email protected]
Outfit_irl (Art by GlassShine) in c/[email protected]
[–] [email protected] 8 points 1 week ago (2 children)

NSFW tag please. It's all naked.

13
Here we go again (lemmy.ohaa.xyz)
 

I wonder why it stopped for a while. Seems like the new batch doesn't include the crypto adresses. I guess that's a good thing maybe?

78
I believe that the "Nicole" images being sent to Threadiverse users may be intending to deanonymize accounts (lemmy.ohaa.xyz)
 

cross-posted from: https://lemmy.today/post/25826615

For those not familiar, there are numerous messages containing images being repeatedly spammed to many Threadiverse users talking about a Polish girl named "Nicole". This has been ongoing for some time now.

Lemmy permits external inline image references to be embedded in messages. This means that if a unique image URL or set of image URLs are sent to each user, it's possible to log the IP addresses that fetch these images; by analyzing the log, one can determine the IP address that a user has.

In some earlier discussion, someone had claimed that local lemmy instances cache these on their local pict-rs instance and rewrite messages to reference the local image.

It does appear that there is a closed issue on the lemmy issue tracker referencing such a deanonymization attack:

https://github.com/LemmyNet/lemmy/issues/1036

I had not looked into these earlier, but it looks like such rewriting and caching intending to avoid this attack is not occurring, at least on my home instance. I hadn't looked until the most-recent message, but the image embedded here is indeed remote:

https://lemmy.doesnotexist.club/pictrs/image/323899d9-79dd-4670-8cf9-f6d008c37e79.png

I haven't stored and looked through a list of these, but as I recall, the user sending them is bouncing around different instances. They certainly are not using the same hostname for their lemmy instance as the pict-rs instance; this message was sent from nicole92 on lemmy.latinlok.com, though the image is hosted on lemmy.doesnotexist.club. I don't know whether they are moving around where the pict-rs instance is located from message to message. If not, it might be possible to block the pict-rs instance in your browser. That will only be a temporary fix, since I see no reason that they couldn't also be moving the hostname on the pict-rs instance.

Another mitigation would be to route one's client software or browser through a VPN.

I don't know if there are admins working on addressing the issue; I'd assume so, but I wanted to at least mention that there might be privacy implications to other users.

In any event, regardless of whether the "Nicole" spammer is aiming to deanonymize users, as things stand, it does appear that someone could do so.

My own take is that the best fix here on the lemmy-and-other-Threadiverse-software-side would be to disable inline images in messages. Someone who wants to reference an image can always link to an external image in a messages, and permit a user to click through. But if remote inline image references can be used, there's no great way to prevent a user's IP address from being exposed.

If anyone has other suggestions to mitigate this (maybe a Greasemonkey snippet to require a click to load inline images as a patch for the lemmy Web UI?), I'm all ears.

74
MIND MAP: THE CURRENT KNOWLEDGE (files.catbox.moe)
submitted 2 weeks ago* (last edited 2 weeks ago) by [email protected] to c/[email protected]
37 comments fedilink
 

I spent some time creating this mind map to sum up everything you'd want to know about the scam messages, as well as the common theories. I will try to keep it updated. If you have anything to add to this or critique, please let me know.

Might take a while to load, it's a very high res image. Here's a link alternative: https://files.catbox.moe/csls12.jpg

This should be obvious, but due to the recent developments I want to have this here as a warning:

Don't send the scammer any money, even as a joke.

134
Drink rule (lemmy.ohaa.xyz)
 
88
question (lemmy.ohaa.xyz)
 
36
[email protected] is a community for a very specific kind of pictures. (lemmy.ohaa.xyz)
 

It's not unpopular, but seemingly forgotten by some. [email protected] is a community for artistic, obscure and surreal pictures with text, with a hint of criticism on life. It's hard to describe, so just have a look for yourself.

Feel free to post similar one's you made or found somewhere on the interwebs.

470
The system cannot. (lemmy.ohaa.xyz)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
18 comments fedilink
 

cross-posted from: https://doomscroller.social/notes/a4llcbrv8ewa160o

37
Rock on Fedi (lemmy.today)
 

cross-posted from: https://lemmy.today/post/23906776

For those about to Lemmy ... we salute you!

57
Turn left in 300 m (slrpnk.net)
 

cross-posted from: https://slrpnk.net/post/18388082

41
Someone should research why older people struggle to identity whose phone is ringing if it's their own. Even if no one else in their social circle is using the same ringtone. (lemmy.ohaa.xyz)
submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]
20 comments fedilink
74
Uncanny sandwich 2 (lemmy.ohaa.xyz)
 
150
No way a horse drew this... (lemmy.dbzer0.com)
 

cross-posted from: https://lemmy.dbzer0.com/post/35513565

view more: next ›