Bug 476132 - URL preview is a very bad idea
Summary: URL preview is a very bad idea
Status: RESOLVED NOT A BUG
Alias: None
Product: NeoChat
Classification: Applications
Component: General (show other bugs)
Version: 23.04.3
Platform: Gentoo Packages Linux
: NOR wishlist
Target Milestone: ---
Assignee: Tobias Fella
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-10-27 04:12 UTC by yanestra
Modified: 2023-10-27 08:23 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description yanestra 2023-10-27 04:12:38 UTC 
SUMMARY
***
NOTE: If you are reporting a crash, please try to attach a backtrace with debug symbols.
See https://community.kde.org/Guidelines_and_HOWTOs/Debugging/How_to_create_useful_crash_reports
***
URL preview and to less extent LAN device detection are very bad ideas when it comes to privacy.
In the case of URL preview the problem should be quite obvious: If you want to obtain a complete IP List of all the people watching this room, that's your way to go, no user interaction needed.
In the case of LAN devices it gives you the chance of oberserving a local participant, e.g. simply by timing answers to requests.

My proposal would be: REMOVE the functionality altogether, because modifying it in a way to turn it off when desired makes it lottery game, it makes a network intended to be secure insecure.
Comment 1 Tobias Fella 2023-10-27 08:23:01 UTC 
URL previews are proxied through the matrix homeserver - which knows your IP anyway. This means that the website being previewed will never see your IP at all.