Oh I mean, sure, but I don’t think IP logging is the main privacy concern with spy pixels.
I’m assuming this trick uses the user agent string and other request metadata to identify clients. Even if it didn’t recognize Jerboa as a client, it did guess that I was on mobile. That’s not possible just by tracking IPs, unless they’re cross-referencing it with other datasets. Also, I was on VPN anyway, so the IP would have been useless.
It should be possible for clients to obfuscate/fake the metadata of image requests to make tracking with spy pixels less effective.
At it’s basic level it will capture your IP address, but it won’t really tie the IP to a user name, and there’s not a role lot you can do with it
Attacks I can think of:
target advertising at users in a particular lemmy community
get a collection of IP addresses of people with specific problems or beliefs (indicated by membership in a lemmy community) to target with malware
A VPN would protect you in this case, but you need to be a bit of a privacy nut to also protect yourself from things that identify for advertising right now
Can countermeasures be implemented in the clients to mitigate privacy risks, while not having to proxy images?
no. the remote server will log the requests based on the client address. it is a good argument for using a vpn.
Oh I mean, sure, but I don’t think IP logging is the main privacy concern with spy pixels.
I’m assuming this trick uses the user agent string and other request metadata to identify clients. Even if it didn’t recognize Jerboa as a client, it did guess that I was on mobile. That’s not possible just by tracking IPs, unless they’re cross-referencing it with other datasets. Also, I was on VPN anyway, so the IP would have been useless.
It should be possible for clients to obfuscate/fake the metadata of image requests to make tracking with spy pixels less effective.
Yup, I’m parsing the user agent with the
user_agentsPython library.At it’s basic level it will capture your IP address, but it won’t really tie the IP to a user name, and there’s not a role lot you can do with it
Attacks I can think of:
A VPN would protect you in this case, but you need to be a bit of a privacy nut to also protect yourself from things that identify for advertising right now
If you wanted to target a specific user, you could always send a DM with the image
You could also correlate time of your log entry to order of comments sorted by new, with errors from the few clients that don’t load images