[PSA] Beware of attaching any remotely sensitive data to Lemmy posts as you will immediately lose control over them [BUSTED]

randomperson@lemmy.world to Lemmy.World Announcements@lemmy.world – 18 points –

~~I was trying to add my first post but after I attached an image file I noticed it got automatically uploaded to ghostarchive.org, archive.org and archive.today even before making the actual post. There is also no warning about that anywhere to be seen. I think this is major privacy concern especially that user has no control to delete that image from abovementioned services. What if you mistakenly pick private image to upload when creating post? You can remove it from Lemmy to correct it but it’s already outside of your control.

Long story short: you completely lose control over any image you attach when trying to create Lemmy post.~~

edit: uploaded a screenshot (sorry it's in Polish) + that's the link you get when you click on 'archive.org' - https://web.archive.org/web/20230614181328/https://lemmy.world/pictrs/image/a307f984-4d30-4f45-813f-cbedfe1b596d.png

edit2: big thanks to @sunasaurus for explanation https://lemmy.world/comment/180906

9

it got automatically uploaded to ghostarchive.org, archive.org and archive.today even before making the actual post

How did you verify this? I don't see anything that would do this in the Lemmy code.

To be clear, if you put a private image anywhere on the public internet, then there's a good chance it will get archived - Lemmy is not special here. But if you're saying that you never made your post public, then I'm very curious about what's going on here.

I added the screenshot what you see after attaching a photo and added an output link I received. I tried it also on beehaw.org to see if it's not lemmy.world exclusive feature.

Ahh I see, in that case, you are triggering the "upload" to archive.org yourself by putting the URL into archive.org.

If you put any URL into archive.org that it doesn't know about, it will first always try to download whatever is on that URL, and that's how it ended up getting the screenshot. It wasn't "pushed" by Lemmy, it was "pulled" by archive.org, and it was only possible because you notified archive.org that something is there at that URL.

Ok I get this now, however this is still not cool as it's pretty easy to click it on accident as it needs no confirmation on warning and has no clear description what it does. Post will be deleted.

This doesn't auto archive your image. It's only if you click on one of those archive links that it's archived.

it only uploads if you click the link