I run a pretty locked down Firefox browser and I noticed when browsing lemmy.world that the browser wants to pull stuff from a long list of other instances, which fails because they aren’t trusted. Is this normal? I thought an instance would collect the things you are subscribed to and store them locally so that you didn’t have to go talk to 20 different servers. Not true?

        • CarbonatedPastaSauce@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Yep I can still read the threads, I just have a lot of empty spaces where images would be. I do wonder about the security implications of this. Is it just downloading images, or would the ‘foreign’ instances be able to run javascript in my browser? I’ll obviously need to brush up on **exactly ** how Lemmy works before trusting any of those other instances. I just threw out the question because I didn’t want to assume, but it now makes sense that I’ve seen it more and more as I subscribe to more communities that aren’t hosted on lemmy.world.

      • TheOneCurly@lemmy.theonecurly.page
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Yeah… even me just running a little single user instance is capturing a ton of user generated content from all over the world. Luckily it looks like deletes are federating for the most part, so if someone’s home instance does a delete it should propagate eventually.

        • mrmanager@lemmy.today
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          Sure but there is nothing stopping an instance owner from configuring the local database to not delete, or to have a copy of the database mirrored to some other database.

          So while most instances will delete, it’s fair to say that if someone wants to keep a copy of all messages somewhere, it’s simple to accomplish that.

          What I would do is simply to listen to the activitypub port, and send all raw incoming messages somewhere and store them forever.

          • TheOneCurly@lemmy.theonecurly.page
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            Sure, it’s not hard to not comply with GDPR. I was speaking from the perspective of a small instance admin who would like to generally comply without having to think about.

    • th4@feddit.it
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      1 year ago

      It’s definitely not only static content tho, I block third party scripts with uBO and it shows other instances domains in the blocked list.

      Edit: I was mistaken, it’s just images

      • TheOneCurly@lemmy.theonecurly.page
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Interesting, I dug through my networks requests with ublock off and I don’t see any remote scripts. Only requests to media.kbin and lemmy/pictrs locations on various instances. Any idea which pages you’re seeing that on?

        • th4@feddit.it
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          Well I was wrong, I checked my network panel and it’s definitely just thumbnails that it’s fetching, I’m dumb I thought that only domains that served scripts ended up in the uBO matrix panel, I did a test and it does that with any third party content instead, static or not :p