Why is my browser trying to pull content from several other Lemmy instances?

CarbonatedPastaSauce@lemmy.world to No Stupid Questions@lemmy.world – 58 points –

I run a pretty locked down Firefox browser and I noticed when browsing lemmy.world that the browser wants to pull stuff from a long list of other instances, which fails because they aren't trusted. Is this normal? I thought an instance would collect the things you are subscribed to and store them locally so that you didn't have to go talk to 20 different servers. Not true?

20

Images are hosted on their home servers, only the links and text content are federated.

That includes user and community icons/avatars.

That explains it. Thanks!

On the bright side your setup should still work for mostly everything if the long list of errors don't bug you too much.

Yep I can still read the threads, I just have a lot of empty spaces where images would be. I do wonder about the security implications of this. Is it just downloading images, or would the 'foreign' instances be able to run javascript in my browser? I'll obviously need to brush up on **exactly ** how Lemmy works before trusting any of those other instances. I just threw out the question because I didn't want to assume, but it now makes sense that I've seen it more and more as I subscribe to more communities that aren't hosted on lemmy.world.

GDPR is going to be incredibly complex!

Yeah... even me just running a little single user instance is capturing a ton of user generated content from all over the world. Luckily it looks like deletes are federating for the most part, so if someone's home instance does a delete it should propagate eventually.

Sure but there is nothing stopping an instance owner from configuring the local database to not delete, or to have a copy of the database mirrored to some other database.

So while most instances will delete, it's fair to say that if someone wants to keep a copy of all messages somewhere, it's simple to accomplish that.

What I would do is simply to listen to the activitypub port, and send all raw incoming messages somewhere and store them forever.

Sure, it's not hard to not comply with GDPR. I was speaking from the perspective of a small instance admin who would like to generally comply without having to think about.

Will gdpr even apply to individuals running instances? I think it's just for corporations.

It's definitely not only static content tho, I block third party scripts with uBO and it shows other instances domains in the blocked list.

Edit: I was mistaken, it's just images

Interesting, I dug through my networks requests with ublock off and I don't see any remote scripts. Only requests to media.kbin and lemmy/pictrs locations on various instances. Any idea which pages you're seeing that on?

Well I was wrong, I checked my network panel and it's definitely just thumbnails that it's fetching, I'm dumb I thought that only domains that served scripts ended up in the uBO matrix panel, I did a test and it does that with any third party content instead, static or not :p

I thought media would be pulled direct and text and links on the thread is what is federated