PLEASE READ - POSSIBLE IP HARVESTING ATTACK

[Lsuoma]

Hi All

A couple of folks have pointed out to me recently that someone malicious can easily harvest IP addresses of people reading here by posting images hosted externally for which they can read the access logs. Thus, if we get an image posted here that is hosted on freethoughtblogs.com any cunt with access to the FfTB logs can find out the IP address of all users that have viewed that image. This will work even with single-pixel images (web bugs) that you wouldn't even be able to see.

This is particularly egregious in PMs since someone send you a PM could embed a web bug and harvest the IP addresses of specific users. For images posted on the forums, the problem is less insidious since although it's possible in theory to correlate people online here with image accesses, it is much more difficult.

Given the known propensity of the FfTBers, Skepshits, A+Theists for actively trying to harm individuals by contacting employers, doxxing, &c., I've turned off images and flash in PMs.

Unfortunately, it's harder to protect the forums, even though the risk is less. Possible alternatives include -

1. Only allowing registered users to post images and videos. This is not much of a protection since I do virtually no checking on user registration requests, and it would be easy enough for a malicious actor to register.

2. Turning off image linking altogether, and requiring people to post images as attachments only.

What do people think?

[JayTeeAitch]

God, i'm so naive, i'd never even thought of that and I've just implemented a web bug so a company can detect when emails have been read! (plus I log the IP address)

Option 2 is OK for me but that's only because I always upload images as attachments.

[Dave]

Just a thought, not really endorsing the idea or not, but can you only allow linking to "known" or "reputable" image hosting sites?

[TiBo]

Yep. Restricting the use of direct calls to images, videos, flash etc in PMs is generally warranted.

Publicly posted links to resources (as images) generally don't pose that much of a threat because the context in which the http request is made to the hosting server (where the IP will be stored) is usually unknown. Therefor, as long as a call to these resources is not self-incriminating (...), no compelling conclusions can be drawn about the people who requested the resource.

However, this forum could be seen as a medium-risk environment for its visitors, so restricting direct access to remotely hosted media files in general might be a good idea. As long as your server can take the load, uploading stuff to your server is a minor inconvenience and provides a useful layer of security. And don't forget about avatars & signatures.

Therefor, +1

[Dave]

My second comment is that I sometimes have difficulty seeing attached images if Im not logged in. Not a big issue, but something to consider.

[Lsuoma]

Just a thought, not really endorsing the idea or not, but can you only allow linking to "known" or "reputable" image hosting sites?

Whitelisting doesn't appear to be easy on phpBB.

[Dick Strawkins]

I don't like the idea of not allowing linked images - almost all of the pitshops are hosted on imgur or other such external sites that have nothing to do with FTB.

Only allowing registered users to post is a good idea (it has the additional benefit of cutting down the ability of people to troll the forum.)

Banning the use of FTB hosted images sounds like a reasonable alternative - is it possible to do that?

[Matt Cavanaugh]

I say we rumble with them next time their in Brighton.

[Matt Cavanaugh]

they're

[Pitchguest]

What Strawkins said.

[John D]

The FTB and A+ fucks know my email address anyway. But, do as you see fit. I support your goal of keeping thing confidential.

[John Greg]

This is above my techno-knowledge pay grade, so I'll let my betters determine the best action to take.

Thanks for the heads-up.

[acathode]

Disabling images in the forums sounds like a really bad solution, considering that pitshops and screencaps of crazy comments/twitter is a big part of what's posted here.

Whitelisting seems like the best solution, but if that's to difficult technically, then meh, why bother? I mean, they can already easily harvest pitter IP addresses by simply checking the http referers anyway.

[franc]

Unfortunately, it's harder to protect the forums, even though the risk is less. Possible alternatives include -

1. Only allowing registered users to post images and videos. This is not much of a protection since I do virtually no checking on user registration requests, and it would be easy enough for a malicious actor to register.

2. Turning off image linking altogether, and requiring people to post images as attachments only.

What do people think?

Perhaps revert to using anonym.to?

[Lsuoma]

Unfortunately, it's harder to protect the forums, even though the risk is less. Possible alternatives include -

1. Only allowing registered users to post images and videos. This is not much of a protection since I do virtually no checking on user registration requests, and it would be easy enough for a malicious actor to register.

2. Turning off image linking altogether, and requiring people to post images as attachments only.

What do people think?

Perhaps revert to using anonym.to?

That only works for redirects. Once someone loads a page here with images linked externally that access is in the target hosts logs.

[welch]

There's not much of a good option here. The problem with attachments becomes one of space really. If you think you have the space for attachments instead of links, then option 2) becomes at least doable.

[Really?]

Aw, come on. FTB/A+ loonies would never fall prey to the guilt by association fallacy. Nor would they doxx anyone. I mean, even if they did do these kinds of things, they would acknowledge it and apologize. Right?

[Lsuoma]

There's not much of a good option here. The problem with attachments becomes one of space really. If you think you have the space for attachments instead of links, then option 2) becomes at least doable.

I have at least 400GB on the site - if Ape+Lust, Jan Steen, Gumbers, etc. can give us that much quality stuff I will die laughing long before we exceed that quota...

[Lsuoma]

I guess I'm asking if our resident artists are happy to go with option 2. Personally, I don't care about anybody tracking my IP since I use a VPN anyway, but others may be more sensitive.

My feeling is that the amount of work the 'tards would have to do to track IP impressions versus people logged in would trigger a severe attack of reGreta virus, especially in people like Twatson, and since images are now verboten in PMs, we should be safe. Also, their heavy hitters like Svain (heavy - get it?), Jason "Knuth" Thimbledick, Grag Laden, and Richard "Artillery" Carrier-Bag would have more chance of winning a Nobel Prize before they could understand Apache logs, so we're probably safe...

Unless anyone gets a huge woody for requiring upload rather than linkie-links, let's keep the status quo...

[acathode]

That only works for redirects. Once someone loads a page here with images linked externally that access is in the target hosts logs.

Would it really even work for redirects? Wouldn't it just show "anonym.to" as a http ref instead, and how many other sites than the pit would be linking to FTB through anonym.to? If they had any sense, they'd just assume that any IP using anonym.to as a http ref is a pitter.

I guess I'm asking if our resident artists are happy to go with option 2. Personally, I don't care about anybody tracking my IP since I use a VPN anyway, but others may be more sensitive.

My feeling is that the amount of work the 'tards would have to do to track IP impressions versus people logged in would trigger a severe attack of reGreta virus, especially in people like Twatson, and since images are now verboten in PMs, we should be safe. Also, their heavy hitters like Svain (heavy - get it?), Jason "Knuth" Thimbledick, Grag Laden, and Richard "Artillery" Carrier-Bag would have more chance of winning a Nobel Prize before they could understand Apache logs, so we're probably safe...

Unless anyone gets a huge woody for requiring upload rather than linkie-links, let's keep the status quo...

Even without VPN, I wouldn't care much about anyone finding out my IP. If your using a normal, private connection, there's not like they can find out very much about you, or do very much to you. Looking up anyone's location via IP is VERY unreliable, the only thing you can reliably see is country (or maybe state for the US?).

The only case where I'd be remotely careful about who get my IP address would be if I'd was using a uni or computer connection. That's the only scenario where I could ever imagine there being any sort of trouble, if say a loony SJW contacted the uni or company with stories of harassment and abuse coming from a IP within their network then most companies/unis would probably look into matters. But even then, I'd hardly worry, if the uni or company has any sense what so ever, they'd require a lot more than "Oh well this person is a member of evil forum where everyone hates women!" before taking any actions.

[German LurkBoatsman]

Unless whitelisting isn't an option, I'd vote for uploading to the server. This means guests like me couldn't see the pictures without logging in but having files embedded from the outside (if that means FTB or any privately hosted server) is just not a very safe idea for anyone who ever posts with a company IP, especially if it's a fixed IP that can be easily traced back to your computer.
As far as my understanding goes, embedded pictures send the IP every time the page is refreshed, e.g. by clicking preview or submit, so I think it should be not that hard to correlate pageviews/IPs on a picture with a poster name - for any post on the same forum page, even if not including the picture. It's almost no work if you also post about/quote from, say, FTB posts and they have your IP on that post also.

Normally not a big issue, but those people have zero qualms about doxxing, whatever they may say in public. Becky just wrote to someones employer last week and bragged on twitter about it. With those creatures you'll never know at what point they're in need of money, attention or just a "see how clever I am" post.
Even if you don't post and just read from work, your adress would appear in a list of IPs harvested from here. If they just publish that list, any of those twitter heros could put it upon themselves to start a contacting campaign.
Also, by publishing it here, they basically know what to do now, even if they hadn't thought of it before.

Of course, this is some worst case scenario and I guess this would only apply to a minority of pitters. It has also the potential to make it even clearer what sanctimonious assholes we're dealing with or just how many people participate here ;)

[JAB]

Except for the PM issue you mentioned that you can shut down, I don't see a problem. Since most of those reading the pit are guests, logging the ip of those seeing a pic would net more guests than pitters wouldn't it... maybe even more tfb regulars. I'm assuming guests see pics... do they?

[Guest]

Don't throw the baby out with the bathwater.

Eliminate direct linking to ftb. Encourage use of imgur and screen cap apps.

Send all images through a referrer stripping redirect service? bitly, donotlink, ...

http://dev.bitly.com/links.html

[Aneris]

Wouldn't whitelisting work by changing the way the [img] is being interpreted, so it works essentially like the YouTube tag? Imgur would be my preference, it seems most easy and has no shenanigans. Attachments are only viable if seen without being logged in, otherwise we limit our audience too much. Guests should stay intact, as it allows quick new impulses and it was beneficial so far. If these tricks don't do it, perhaps switch off image posting rights for guests, if that is a possibilty.

While I am at it, I urge to educate our fine audience here that capricious administration would be a direct result of keeping an eye out, because someone just has to be able to stop certain troll maneuvres (especially the clever ones). Everyone knows that Lsuoma isn't screwing around for fun, usually, but should then embrace that when he does, they should deal with it and not whine about it (that would be the troll exploit). If that's always a drama, its going to be abused (twice, first by trolling, then by playing on the conviction of no moderation).

YMMV.

[Skep tickle]

Frankly I would favor not restricting links etc - that would be like letting the terrorists win. But warning people about possibly being traced if they follow links to certain sites, that sounds quite appropriate.

But, then, since they've already pretty much posted my genome online, I don't think my IP address is going to tell them anything else. (And I don't check the site from work computers.) YMMV.

[Cousin it]

Just a thought, not really endorsing the idea or not, but can you only allow linking to "known" or "reputable" image hosting sites?

This. I'm a long time lurker that doesn't log in, so if the images are uploaded as attachments, I can't see them.

[DW Adams]

In the overall scheme of things, knowing IP's really doean't get anyone anywhere if they can't pair it with a user.

But, do what you think is best.

[Lsuoma]

My feeling is that leaving things the way they are - no images in PMs, but images in the forum - is a good balance, and I plan on leaving it that way.

Thanks for everyone's input.

[Aneris]

My feeling is that leaving things the way they are - no images in PMs, but images in the forum - is a good balance, and I plan on leaving it that way.

Thanks for everyone's input.

Did you try out my “capricious admin” troll exploit with the twerking turkey? Because that one proved the point (see above) rather excellently. :D

[Joseph Porter, KCB]

In the overall scheme of things, knowing IP's really doean't get anyone anywhere if they can't pair it with a user.

But, do what you think is best.

Without going into details (being deliberately vague), I think that IPs could be easily paired with certain users under certain conditions.

[Mykeru]

Aw, come on. FTB/A+ loonies would never fall prey to the guilt by association fallacy. Nor would they doxx anyone. I mean, even if they did do these kinds of things, they would acknowledge it and apologize. Right?

8371920952_a92eb3daff_b.jpg

(98.57 KiB) Downloaded 112 times

Also, Paul Elam was mean to me once.

P.S. What Strawkins says seems like a reasonable solution short of going bat-shit paranoid