!Friendica Support
So I realise that there are instances out there that allow stuff I don't want to see (ever).
I'm good at ignoring stuff, so whatever, BUT...
I just saw a post in the global feed that had such an image, but being served *from* my server.
Now I'm assuming it's cached it for some reason, but why is that cache exposed to users who aren't local (ie. Logged in)?
How can I find out how an image ended up on my server?
If it was because of one of my users, they are getting booted.
If not, how can I find out what instance the image is from in general (eg. If I can't find the post but have the image URL)?
I'd like to identify the source and remove any other images from it, it's gross, and probably illegal.
So I realise that there are instances out there that allow stuff I don't want to see (ever).
I'm good at ignoring stuff, so whatever, BUT...
I just saw a post in the global feed that had such an image, but being served *from* my server.
Now I'm assuming it's cached it for some reason, but why is that cache exposed to users who aren't local (ie. Logged in)?
How can I find out how an image ended up on my server?
If it was because of one of my users, they are getting booted.
If not, how can I find out what instance the image is from in general (eg. If I can't find the post but have the image URL)?
I'd like to identify the source and remove any other images from it, it's gross, and probably illegal.
Michael Vogel
in reply to Ian Molton • • •Ian Molton
in reply to Michael Vogel • • •How can a remote user cause friendica to cache an image?
If the latter is possible, that's a real problem, a bit like an open relay, but for images, and I don't want people filling my servers cache with... That. Eww.
Ian Molton
in reply to Ian Molton • • •Michael Vogel
in reply to Ian Molton • • •Ian Molton
in reply to Michael Vogel • • •Secondly, why transform the URL? What's the benefit?
Surely it's better for my users machines to fetch the images wherever they are, rather than to centralise that traffic at my server?
Lastly, is it possible for me to take an image URL and undo the transformation, so I can find out where it points to?
Lastly, just an observation, but if the images really aren't cached, it seems likely to cause alarm (as it has in this instance) when you see kiddie porn with your instances domain in it. Surely the displayed URL should reflect the true origin of the image?
Michael Vogel
in reply to Ian Molton • • •The origin url of attached media can be seen in the database. But this doesn't matter. It will be some server where the poster had access to. You can block that user server wide. And you can check the server where the post came from to tell the administrator about it.
Roland Häder
in reply to Michael Vogel • • •||youtube.com^$third-party
so they won't load on your instance as this might reveal your referral URL + UA string + IP address to these external sites.Ian Molton
in reply to Ian Molton • • •Hm. I think something is being lost here; Im probably not explaining well.
Here's a (NSFW, no idea what the japanese text reads) example URL:
https://friendica.mnementh.co.uk/photo/media/40044
I can access this *without being logged in*, so presumably anyone on the internet can see this image.
This URL was being shared in a post that looked like this:
If I hover over the image in the post itself, the URL shown is:
https://img.pawoo.net/media_attachments/files/004/365/347/original/09a0b05d478957fd.jpg
From my perspective, it looks like someone is using my instance to store, or hide a link to, NSFW/potentially illegal images, by tricking it into *publicly* caching the images, and then sharing the URL in their posts.
I find this behaviour disturbing in the extreme - I don't want my instance to contain (or appear to be the source of) such content, and I *especially* don't want it to get blocked because someone else is sharing links to its cached content!
Michael Vogel
in reply to Ian Molton • • •pawoo.net
. The link.../photo/media/...
on your own post is just the link to your local content redirector. There is no misuse of your server.Ian Molton
in reply to Michael Vogel • • •@Michael Vogel
I wouldn't mind if that was only available to local users - but non-logged-in users can access this, and they have (afaict) no way to know this isnt coming direct from my server.
And someone has clearly (see screenshots) made a post somewhere that links *directly* to my server.
It doesn't matter if the content is on my server or not - I don't want it *publicly* even reflecting these URLs. Why would it need to? My users should have access to such redirections (on legitimate, legal posts), but the rest of the world, I would rather keep out!
especially seeing as they can apparently guess the URLs that the reflector / cache / whatever uses.
IOW - I dont really care if its legal or illegal to have links to such content on my server - I *dont* want them. Ever. In the UK, being accused of having this sort of thing is enough to get you lynched. I *do not* want it.
This is what people see if they follow the link:
They will neither know, nor care wether I actually have a copy of the image, and I would really rather not have to move country because of a badly configured cache/reflector/redirect thats open to abuse, as it clearly is.
Roland Häder
in reply to Ian Molton • • •/photos/
is there to prevent leaking referral URLs the user-agent string and your IP address to these external sites, likepawoo.net
is. If you don't want any #NSFW pictures on your instance, simply block all those domains, you can check through mine if you want a quick start. Please note that not all blocked domains are NSFW-related.Ian Molton
in reply to Roland Häder • • •Right - so the cache is there for the benefit (exclusively) of my users, right?
If so, why is it *ever* accessible to a non-logged in user?
I've blocked both pawoo.net and baraag.net as they are loli and shota (two new words for me) tolerant instances, and I am not.
But that's just going to be playing whack-a-mole - others will pop up, and whilst I've now set up a few saved searches for stuff I dont want to have anything to do with...
...it doesn't prevent the problem mentioned earlier, in that *literally* ANYONE on the internet can see such content, apparently originating from my server (as best as *they* can tell.
At *best*, its a waste of bandwidth.
At worst, whilst I might not go to prison over it, I'd potentially end up in court, and have my reputation ruined.
Is there really *any* reason why the cache has to be accessible to the outside world, ever?
Ian Molton
in reply to Ian Molton • • •Oh, and lastly, I'd still like to know if its possible to find out WHY my instance cached that URL - *I* certainly never interacted with that profile, and I would *hope* none of my handful of users have, so why did it get cached in the first place?
(or, if one of my users is a pervert, I'd really like to get them *off* my instance, like now. AFAIK, I don't have "common carrier" status in the UK, like the big corporates.)
Michael Vogel
in reply to Ian Molton • • •Ian Molton
in reply to Michael Vogel • • •I don't think I've been understood.
However the image URLs ended up on my system is immaterial.
the fact is that my instance was serving up porn if people followed those URLs.
Someone was also making posts elsewhere, with links *pointing to those URLs on my instance*.
I presume they were doing this to hide the origin of the illegal material they had managed to trick my instance into caching.
IOW, my friendica instance became an "open relay" for kiddy porn.
Wether its "earier" for someone to distribute their kiddy porn some other way or not is not the point here.
The fact is that they were doing it, and my server was participating in it.
This is BAD no matter what.
Now, either one of my users is a pervert, in which case, I'd like to know how I can find that out (is there a quick db query I can do? presumably there is, but I'm not familiar enough with the db to know) Can you tell me how I can find that out?
OR
My users arent perverts, and someone else has found a way to get my server to cache things no-one asked for.
This is also BAD.
I don't understand why this isn't a cause for concern. My friendica node is not special, and pretty much a default configuration. If this happened to me, it could happen to anyone.
I'm starting to be very worried about security of the Friendica server.
Roland Häder
in reply to Ian Molton • • •Ian Molton
in reply to Roland Häder • • •I don't want to be / sound rude, but I've said this several times now...
These Are Not (really REALLY not) My Pictures.
REPEAT:
THESE ARE NOT MY PICTURES.
I have NO IDEA why Friendica cached those URLs, and I'm *extremely* alarmed that I cannot seem to find that out, or no-one seems to know / care.
I dont want to go to PRISON. Especially not for *that* sort of thing, and *REALLY* especially not in the UK.
If Friendica REALLY cannot be set up NOT to act as a **kiddie-porn reflector**, then I am going to have to abandon it, which would be a great shame, as I otherwise like it quite a lot.
Roland Häder
in reply to Ian Molton • • •Ian Molton
in reply to Roland Häder • • •My concern is simple.
Living in a country where you can be lynched (murdered by a mob) for hosting that kind of content, the ABSOLUTE LAST thing I want is for my friendica server to be seen to be serving up kiddie porn to anyone who asks it nicely.
Now, if it's one of my users, I want to know who.
How can I find out?
If it's not, then I want to know *why* it's caching and serving up URLs to kiddie porn.
Because it could literally get me killed.
If you don't live in the UK, you won't understand.
But I'm serious.
Besides, being an open relay is just anti-social behaviour in the internet.
Honestly this thread has really made me think twice about continuing to host a friendica instance.
If the Devs don't understand the security implications of an open relay, then there is no hope for the project.
I hope this is still all a miscommunication. Because if not, that's scary AF.
Ian Molton
in reply to Ian Molton • • •Alastair Cooper
in reply to Ian Molton • • •Ian Molton
in reply to Alastair Cooper • • •I don't know.
What I do know is that I *REALLY* dont want to find out. Getting taken to court isnt my concern.
Its what the UK *public* do to people where there is even a *rumour* that something has happened.
I dont know if the @Friendica Support forum is the right place to raise this concern, but I do want people to realise that for people living / hosting a sever in the UK, this stuff is *SCARY* dangerous even to talk about.
And very easily taken out of context.
And the public *do not care* if you get acquitted - child sex related stuff sticks, and will stick to you FOR LIFE here.
Friendica devs - this is a serious, serious issue.
Michael Vogel
in reply to Ian Molton • • •But like I said: You can disallow the public timeline for visitors and for example only display posts from local users.
Ian Molton
in reply to Michael Vogel • • •Again. I am not concerned about my (or my other users) timelines.
Im concerned that my friendica node is sharing kiddie porn that I do not want it to.
Michael Vogel
in reply to Ian Molton • • •Roland Häder likes this.
Ian Molton
in reply to Michael Vogel • • •I'm sorry, but it very much was sharing it.
To all and everyone on the internet.
Can you not see my screenshots?
Ian Molton
in reply to Ian Molton • • •But it very much was, and it was not requiring a login (I logged out and used a private tab).
Michael Vogel
in reply to Ian Molton • • •Ian Molton
in reply to Michael Vogel • • •Ah, I think I see the miscommunication then.
By shared with the world, I mean "made accessible to the world” (not logged in users), not shared with other friendica servers.
I don't want my server to make it's cache available to the world at large. Only to my users.
Then this can never happen.
Hypolite Petovan
in reply to Ian Molton • • •Someone on your server interacted with an account on pawoo.net, whether by following this account, or fetching a public post (by entering its URL in the search bar) or subscribing to a hashtag if you have configured your node to accept content from post relays (although it appears unlikely).
pawoo.net then sends this post including a link to an image hosted on pawoo.net to your node. To protect your user's privacy, your node will download the image locally and rewrite the URL in the post to point at its location on your node.
So you are right, your node will be publishing this image from your domain until you take a moderation action against the post itself, the remote account (node-wide account blocking includes an option to delete all the content) or the remote server (node-wide server blocking includes an option to delete all the remote accounts and their content.
This local copy is meant to protect your user's privacy, but unfortunately it can't be limited to users at it stands. Since the same exact process is used to publish your user's own pictures in their public posts, making it logged-in user only would prevent their public posts to show their images to non-logged users. Think about RSS users or simply their public profile page.
Now, as Michael mentioned, there are ways of limiting the risks for you as a website publisher. Moderation is the main point (and the URL of the picture you mentioned now returns "Not Found") but as you said it is a game of whack-a-mole. It is made easier by domain blocking but there will be an amount of time during which questionable content will be published by your node.
Making the community pages (either from your local users or the global network your node knows about) private to your users only is another way of limiting exposure, as only your users will be able to be exposed to this kind of content through images your node is publishing. But then they would be able to share the image URL publicly for anyone else to see.
Currently images know whether they should be served to anyone or just to your users based on the permissions of the posts their are embedded in but I guess we could improve this system to take the site setting to make the community page private into account. This would further reduce the risk for you as even if one of your users shared the URL of such a picture with a non-logged in user they wouldn't be able to access it.
like this
Luca Nucifora e Roland Häder like this.
Luca Nucifora
in reply to Hypolite Petovan • •Roland Häder likes this.
Friendica Support reshared this.
Hypolite Petovan
in reply to Luca Nucifora • • •It also includes instructions on how to subscribe to relays.
like this
Luca Nucifora e Roland Häder like this.
Friendica Support reshared this.
Roland Häder
in reply to Hypolite Petovan • • •Parola filtrata: nsfw
system.blocked_tags
.Ian Molton likes this.
Friendica Support reshared this.
Roland Häder
in reply to Roland Häder • • •Parola filtrata: nsfw
return ['system' => ['blocked_tags' => 'nsfw,pussy,dick']];
It is only an excerpt of your full file in
config/local.config.php
.Ian Molton likes this.
Friendica Support reshared this.
Hypolite Petovan
Unknown parent • • •We do have a mechanism to authenticate a Friendica user on a remote node, but it involves several requests back and forth between the two nodes so it isn't really suited to authenticate image display.
Roland Häder likes this.
Friendica Support reshared this.
Ian Molton
Unknown parent • • •Surely an interim solution would be to serve local users from the cache, but serve the original URL to everyone else?
Friendica Support reshared this.
Ian Molton
in reply to Ian Molton • • •Id like to see this fixed before anything else
Luca Nucifora doesn't like this.
Friendica Support reshared this.
Hypolite Petovan
in reply to Ian Molton • • •A less costly solution would be to redirect anonymous users to the original URL but the image URL with your domain would still be visible in the source of the post page, I don't know how tech-savvy are your roving pedo hunter gangs.
Friendica Support reshared this.
Ian Molton
in reply to Hypolite Petovan • • •Likewise, when serving from the cache, only serve if local user.
Or is it impossible for the server to tell the difference between a cached image and a legitimate image belonging to a local user?
Friendica Support reshared this.
Ian Molton
Unknown parent • • •Friendica Support reshared this.
Hypolite Petovan
in reply to Ian Molton • • •Ian Molton likes this.
Friendica Support reshared this.
Ian Molton
in reply to Ian Molton • • •So can we have a "remote" flag or something attached to an image, which is set for images that are cached for local users, and is unset, should a local user actually make a post with that image?
That wouldn't prevent anyone seeing it if a user shared the image, but at least from a legal point of view, it's more clearly their fault, and easy for me to fix (by booting them)
Friendica Support reshared this.
Hypolite Petovan
in reply to Ian Molton • • •Ian Molton likes this.
Friendica Support reshared this.
Ian Molton
in reply to Hypolite Petovan • • •Certainly good enough for now.
Friendica Support reshared this.
Ian Molton
Unknown parent • • •the pedo hunters are, frankly, blithering idiots, and they aren't above planting evidence (this has ruined many police investigations).
There are definitely people who will sell them tools to do this.
So this is a very real threat imo.
Hypolite Petovan likes this.
Friendica Support reshared this.
Hypolite Petovan
Unknown parent • • •Friendica Support reshared this.
Hypolite Petovan
Unknown parent • • •Ian Molton likes this.
Friendica Support reshared this.
Ian Molton
Unknown parent • • •The people who share that kind of stuff will also share URLs out-of-band, so this is already a real world attack, rather than theoretical.
Really pleased to see this is high on @Hypolite Petovan 's priorities, that's all anyone can ask for :)
Friendica Support reshared this.
Hypolite Petovan
Unknown parent • • •Ian Molton likes this.
Friendica Support reshared this.
Hypolite Petovan
in reply to Ian Molton • • •Friendica Support reshared this.
Hypolite Petovan
Unknown parent • • •Ian Molton likes this.
Friendica Support reshared this.
Hypolite Petovan
Unknown parent • • •Ian Molton likes this.
Friendica Support reshared this.
Hypolite Petovan
Unknown parent • • •Friendica Support reshared this.