Lemmy does not remove exif data (unless the code has changed), you need to remove it yourself (also a good practice in general)
Lemmy does not remove exif data (unless the code has changed), you need to remove it yourself (also a good practice in general)
That’s a different conversation. I’m talking about an adversary who just creates a Lemmy instance and has malicious code embedded in the images, videos and text
What does that have to do with any corporation? Facebook specifically is already in a lawsuit this last month about installing malicious Root Certificates and performing man in the middle attacks against Amazon and Google, so I’m not sure what you’re asking
Yeah, but the average internet users doesn’t understand these concepts. And with the use of “random-lemmy.random” it seems like it might be an easy attack to fall for
I think the chances are high since the domains are supposed to be novel, compared to Facebook which is a worldwide known domain and chances of impersonating it are slim or would require a client side hack
The quick defederarion option is a nice defense. Could be some damage in the meantime though
Either or. Would be more nefarious to have users sign up for a malicious instance unknowingly and then federate with non malicious instances
Hopefully the author explains how to use SSL/TLS since their site doesn’t :/