Cary Wrote:
-------------------------------------------------------
> *sigh*
>
> This thread has been reported numerous times so
> I'll chime in.
>
> What Eli is doing here is the nature of the web.
> Off-site image includes are allowed on Fairfax
> Underground and as such when Eli (or any other
> user) posts an image that is referenced on another
> server your web browser will contact that server
> to display the image.
>
> The trouble comes into play when the server is
> owned or controlled by the poster, because then
> this poster may glean some details about your
> connection when your web browser reaches out to
> their server to retrieve the image.
>
> If I did not allow off-site includes on Fairfax
> Underground you wouldn't be able to embed Youtube
> videos, Google Maps imagery, or display in-line
> any image that wasn't specifically hosted on
> FairfaxUnderground.com. Any other website that
> allows off-site images via HTML, BBCode, etc.,
> including some big players such as Fark, suffer
> from this same consequence.
>
> The specific service that Eli has been using to
> glean this information has been banned, but any
> other forum member could still host a server and
> embed a link on Fairfax Underground that causes
> your web browser to retrieve reach out to their
> server and retrieve the image.
>
> An important thing to note here is that just
> because your web browser reaches out to an
> off-site server doesn't mean that your identity
> here has been compromised. The operator of the
> malicious server will only see the information
> that your web browser explicitly sends to it,
> namely your IP address, browser (User Agent), and
> referring URL. It does NOT mean that the
> malicious website operator will be able to
> determine your posting name here, or any other
> information about you. There is, however, the
> distinct possibility that your identity could be
> revealed if you post in a thread with a malicious
> image include, because then your web browser will
> reach back out to the malicious operator's server
> and they may be able to form a correlation based
> on timestamps if there is a light enough volume of
> traffic to exclude other possible IP addresses.
>
> The work-around to this is to set your browser to
> only load images hosted on the site you've
> specifically visited. An easy way to perform this
> using Mozilla Firefox is available here:
>
http://lifehacker.com/227199/firefox-20-tweak--loa
> d-images-from-originating-site-only
>
> (Note that the article says Firefox 2.0 but I've
> confirmed it still works in 10.0.2)
>
> Please do continue to report such things to me, as
> if off-site image includes are used with malicious
> intent I will simply ban the server hosting the
> files from being referenceable from any post.
>
> Please forgive any typos as this was produced in a
> rush.
>
> Further questions? Let me know.
>
> - Cary
> --Curator, FairfaxUnderground.com
Thus lead to the ban of YouTube embedding...You're Welcome!