Note: This post now archived and as such no longer works

An external image showing your user-agent and the total hit count

  • A_A@lemmy.world
    link
    fedilink
    arrow-up
    17
    ·
    edit-2
    1 year ago

    Exactly. The text of this post is simply :

    ![An external image showing your user-agent and the total "hit count"](https://trilinder.pythonanywhere.com/image.jpg)
    I get the same result when I browse directly to the link.

    So, if OP links a malcious website we have a problem … (?).

    • Goddard Guryon@sopuli.xyz
      link
      fedilink
      arrow-up
      10
      ·
      1 year ago

      Oh dangit, it’s simpler than I thought. So the only data being sent is…just whatever is sent in your average GET request.

      • newIdentity@sh.itjust.works
        link
        fedilink
        arrow-up
        13
        ·
        1 year ago

        Yes. It’s also a pretty standard way of serving images. A lot of Email clients do that too.

        That’s also how these services that show you when a email is read work.

    • newIdentity@sh.itjust.works
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      1 year ago

      Not really that huge of a problem. When making requests you also usually send a header which includes the user agent.

      The program just logs how many times the image has been requested and it reads the user agent data. No Javascript is actually executed.

      Well it might be possible to have a XSS somehow but I haven’t really done much research into this possibility.

      In general it’s a pretty standard way of handling embedded images. Email does this too. That’s how you have these services that can check if someone read a mail