I have bad opsec so i’m relying on you. I expect to get arrested for old Facebook posts so it’ll be really embarrassing if it’s hexbear that gets me, just saying
I have bad opsec so i’m relying on you. I expect to get arrested for old Facebook posts so it’ll be really embarrassing if it’s hexbear that gets me, just saying
Someone did try doing some version of this on lemmy.ml (iirc) and hexbear’s image filtering at the time caught it (only whitelisted image domains would work in markdown, so you’d at least have to trick people into going off-site to get their IP)
Nowadays the image backend has proxying, so untrusted image lookups go via the backend server and don’t expose the user’s IP.
There are probably still other holes (like the embeds you mention) but its not as trivial as embedded image links thankfully