Copy and pasting image URLs is super nice, but if your client automatically displays them, you might be at risk of leaking your IP and user agent π
Login to reply
Replies (5)
My findings so far
Damus: leaks IP, (cant swipe to see what user agent says π)
Amethyst: protects IP, leaks user agent (Amethyst/version_number)
Primal: protects IP and user agent (images appear to be proxied)
Gossip: leaks IP, no user agent
The link to the image leads to my server which reads the IP and user-agent from the request headers. It then renders it into the image. Every user sees something different depending on which client they use.
Oh.
Gossip has an option to avoid loading media remotely, for this exact reason.
I was so confused at first. I was like wait that IP seems familiar. This is quite the use case though!