Bug 476132

Summary: URL preview is a very bad idea
Product: [Applications] NeoChat Reporter: yanestra
Component: GeneralAssignee: Tobias Fella <fella>
Status: RESOLVED NOT A BUG    
Severity: wishlist CC: carl
Priority: NOR    
Version First Reported In: 23.04.3   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description yanestra 2023-10-27 04:12:38 UTC 
SUMMARY
***
NOTE: If you are reporting a crash, please try to attach a backtrace with debug symbols.
See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***
URL preview and to less extent LAN device detection are very bad ideas when it comes to privacy.
In the case of URL preview the problem should be quite obvious: If you want to obtain a complete IP List of all the people watching this room, that's your way to go, no user interaction needed.
In the case of LAN devices it gives you the chance of oberserving a local participant, e.g. simply by timing answers to requests.

My proposal would be: REMOVE the functionality altogether, because modifying it in a way to turn it off when desired makes it lottery game, it makes a network intended to be secure insecure.
Comment 1 Tobias Fella 2023-10-27 08:23:01 UTC 
URL previews are proxied through the matrix homeserver - which knows your IP anyway. This means that the website being previewed will never see your IP at all.