Start a new topic

Prevent external image embeds

This is kinda a feature removal request, but I think it can be done without it creating problems.

Right now, a post can contain images hosted on cohost, but it can also include arbitrary images from external sites via use of custom HTML.

There's three problems with this:

  • Privacy: external sites learn the reader's IP address and a handful of details about their web browser. For most people that's no big deal but in rare circumstances that could be used to doxx people, and I'm sure that at least some segment of the site's users would be upset if they found out others are learning their IP address.
  • Bad netiquette! I'm old enough to remember when this was called "hotlinking". If a post on cohost that used external media got really popular, it might cause high bandwidth costs for that external site, which might not have asked for this extra traffic.
  • Mutability, dynamic content, and expiration. The external server is under no obligation to serve the same version of the image to everyone. Though there's undoubtedly cool things you could do with this, it's also ripe for abuse: with some effort, you could craft a post that has a horrible message for a select few people, but completely innocuous content if you're a cohost moderator. You can also use this to change a post after it's been posted (mind you, cohost does have an edit button). The final risk is that the external server goes down and the cohost post becomes unviewable.

Existing posts could either be left alone, or cohost could systematically mirror all external images in existing posts and update the URLs.

For new posts, I suggest only letting images be embeeded from attachments to the same post, or from data: URIs.

2 people like this idea

While I would love it if Cohost was willing to mirror anything I link, the big problem with this proposal at present is that it means there would be no way whatsoever to display an image larger than 10MB. 

1 person likes this

"a post can contain images hosted on cohost"

A post can, but I don't think a comment can? Whereas you show an external image in a comment.

There'd be no way to display it in-line, yeah, but you could link to an external site. Considering the typical size of a cohost post, that doesn't feel very restrictive to me? It only has to be roughly 600x600 pixels, or for high-DPI 1200x1200. I think 10MB is more than enough to get a beautiful image within that space.

there have been a number of posts in months past that used dynamic content to create "cohost plays" and widely editable shared boards, so i don't think disabling the ability entirely to source images from off site is a good idea

perhaps a warning when posting, to let people know there's a better way for static images?

2 people like this
Maybe the external media prompt you get for YouTube embeds could be used here too.

Disagree with this because it would prevent people from reposting/linking to images on their own websites, and because cohost's upload limits are (understandably) quite small.

2 people like this

It would also force everyone to only use Cohost's fixed layout and limit of four images or else use the very goofy workaround method to grab the URLs and add them.

That will be ameliorated later when the image UI is improved, but I would still strongly prefer to have the option to embed my photos from flickr when I want to. Not every embed is an illicit hotlink.

This would disable anyone's ability to build anything along the lines of "Cohost Plays Pokemon" again.

3 people like this
Login or Signup to post a comment