252
nicole bypassing the filters by putting the text in the image
(lemmy.blahaj.zone)
little do they know nobody is going to type out those urls by hand...
It seems like the theory of deanonymizing users using images makes more sense with this
Not really. The messages always had pictures. That hasn't changed. This is to bypass text filters.
If this entity just wanted to deanonymize users, a transparent GIF pixel would work even better. Then you wouldn't even be aware there was an image. And then you could vary the text sent to each person to avoid filters and avoid suspicion.
The message itself could just be a single word like "a". Something you can't reasonably filter. There wouldn't need to be a meaningful message at all if you're just trying to determine the IP of users.
Nah... The point of these messages has always been to get people to go to these URLs. This is probably classic catfishing.
Besides, are the image URLs even unique? Or include the name of the user they're sent to? If not, then it's useless as a deanonymization mechanism.
Fair, I'll take your point as it does sounds reasonable to me as well. But I don't believe the point is to get people to visit the links, the vast majority aren't and those who did report there is nothing on the other end. So, go figure.
As for obtaining IP- I've no idea on how that works, so I can't present you with a counterargument. There are posts discussing that already, has anyone brought that up there?
If the image in the message is hosted on a server operated by the one sending the message, then the sender's server will have a log showing the IP address of the person viewing the image. Just by opening the message, the sender will know the IP of the person reading it.
However, hundreds of people received the message. So in order to tell which IP comes from which user, the URL of the image sent to each person needs to be unique. It can be as simple as putting their mame in the querystring, like
http://image.server/girl.jpg?u=CrayonRosary%40lemmy.worldThe web log will show that specific URL being requested by my IP address. Every user will receive an image with a URL unique to them.
It could also be more subtle like using a random looking ID and saving username/ID pairs in a table. Like
http://image.server/girl.jpg?27639927. And then some table has that number associated to my username. The attacker builds the table as they send each message.I got one of these messages. I should check if the URL is something like this.
Luckily the attacker can't get my personal IP address because I use NordVPN, the sponsor of this comment. Whether I’m browsing on public Wi-Fi, or trying to avoid deanonymization attacks like this one, NordVPN ensures my personal data stays private and secure. So if you want to stay safe online, go to NordVPN.com/MyTotallyRealPromoCode and get an exclusive deal today!
/s But I do use a VPN. 😄
(I must have deleted the message. I can't find it.)
Lemmy images are just links, so when the image is being displayed it will send a request, which always give your ip address.
Lemmy supports proxying images though. I read the release notes for the feature and its supposed to work on all image urls:
what's this?