I run a pretty locked down Firefox browser and I noticed when browsing lemmy.world that the browser wants to pull stuff from a long list of other instances, which fails because they aren’t trusted. Is this normal? I thought an instance would collect the things you are subscribed to and store them locally so that you didn’t have to go talk to 20 different servers. Not true?

  • TheOneCurly
    link
    fedilink
    English
    61
    edit-2
    1 year ago

    Images are hosted on their home servers, only the links and text content are federated.

    That includes user and community icons/avatars.

      • TheOneCurly
        link
        fedilink
        English
        81 year ago

        On the bright side your setup should still work for mostly everything if the long list of errors don’t bug you too much.

        • @CarbonatedPastaSauceOP
          link
          English
          21 year ago

          Yep I can still read the threads, I just have a lot of empty spaces where images would be. I do wonder about the security implications of this. Is it just downloading images, or would the ‘foreign’ instances be able to run javascript in my browser? I’ll obviously need to brush up on **exactly ** how Lemmy works before trusting any of those other instances. I just threw out the question because I didn’t want to assume, but it now makes sense that I’ve seen it more and more as I subscribe to more communities that aren’t hosted on lemmy.world.

    • trouser_mouse
      link
      English
      51 year ago

      GDPR is going to be incredibly complex!

      • TheOneCurly
        link
        fedilink
        English
        51 year ago

        Yeah… even me just running a little single user instance is capturing a ton of user generated content from all over the world. Luckily it looks like deletes are federating for the most part, so if someone’s home instance does a delete it should propagate eventually.

        • @[email protected]
          link
          fedilink
          English
          1
          edit-2
          1 year ago

          Sure but there is nothing stopping an instance owner from configuring the local database to not delete, or to have a copy of the database mirrored to some other database.

          So while most instances will delete, it’s fair to say that if someone wants to keep a copy of all messages somewhere, it’s simple to accomplish that.

          What I would do is simply to listen to the activitypub port, and send all raw incoming messages somewhere and store them forever.

          • TheOneCurly
            link
            fedilink
            English
            31 year ago

            Sure, it’s not hard to not comply with GDPR. I was speaking from the perspective of a small instance admin who would like to generally comply without having to think about.

            • @[email protected]
              link
              fedilink
              English
              11 year ago

              Will gdpr even apply to individuals running instances? I think it’s just for corporations.

        • trouser_mouse
          link
          English
          11 year ago

          Fingers crossed - incredibly curious how all this will pan out!

    • @[email protected]
      link
      fedilink
      English
      4
      edit-2
      1 year ago

      It’s definitely not only static content tho, I block third party scripts with uBO and it shows other instances domains in the blocked list.

      Edit: I was mistaken, it’s just images

      • TheOneCurly
        link
        fedilink
        English
        41 year ago

        Interesting, I dug through my networks requests with ublock off and I don’t see any remote scripts. Only requests to media.kbin and lemmy/pictrs locations on various instances. Any idea which pages you’re seeing that on?

        • @[email protected]
          link
          fedilink
          English
          31 year ago

          Well I was wrong, I checked my network panel and it’s definitely just thumbnails that it’s fetching, I’m dumb I thought that only domains that served scripts ended up in the uBO matrix panel, I did a test and it does that with any third party content instead, static or not :p