As I noted within my post, #9955859@lemm.ee (alternate link), URL thumbnail generation in Element is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:

In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.


Post Edit History

2023-10-02T00:54Z
1c1,2
< As I noted within my post #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server.
---
> As I noted within my post #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
> > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

2023-10-02T01:28Z
1,2c1,2
< As I noted within my post #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
< > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room. 
---
>  As I noted within my post, #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
> > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

2023-10-02T03:44Z
1c1
< As I noted within my post, #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
---
> As I noted within my post, #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), URL thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:

Post Signature

ul7mHTfs8xA/WWwNTVQ9HzKfj/b+xw+q9csWf60OJrT58jMJpmsX8/BicwFodR8W
Llo93EMtboSUEtYZ+wQhaL/HmrEr6arup7gJzZgslOBWPFj5azADHSpjX9RYuvpt
Fk2muTUgJP2e+SW3BGDPmlcluw6mQOYcap84Fdc1eU47LOZprBXob97qInMK5LrL
tzNqARRtXGdogZtQYlNCqCd9eQgqTwPfxKVadmM6G3xQMh6mWQxQz56sCXqj+mlG
OqJyZIgB1UXEuVZeAO3pl9wN+cSM4eqHLHQwEd+aVeSPf75r2d7mZs+VNwr1WfMu
0sWcPh3aZLXKqdls6UJMEA==
  • pressanykeynow@iusearchlinux.fyi
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Can’t the admins just edit it and sign with a new key? Either way there won’t be a way to know for sure who edited the comment, you could know if the original poster did it, but well they can just tell you that.

    • KalciferOP
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      1 year ago

      Can’t the admins just edit it and sign with a new key?

      Of course, but if the signature were to change, it would no longer match the public key.

      Either way there won’t be a way to know for sure who edited the comment

      The goal is only to know if the OP edited it or not. It doesn’t really matter who edited it if it wasn’t the OP. The only important information would be that it wasn’t the OP.

      but well they can just tell you that.

      Verifying with the user’s public key accomplishes the same, and is independent of a direct audit from the user.

      content-signature:qbUJz7ND/3+S+W0ptyja6zAeT0q7OyzFvJpAOr3iqbbN37+GcdAashDP8QNahRyAwA1X3tm9mh0PePV3VFDaiWzOeSNOQBwrVgnlepu+euG+07WJQT0Env8/vg+Q6qO7tcVN0vp8WGYftF5cjHCkjox2Mcu3dJ1g7ONMh+nJLIhrDTAki4nVLNJuJzznLBZJzohkW3/LBqDMjkPUDq0E3Mdulm6kUpWG8r3ECgxuOjdiHSvUS9yEjOZFpGiBibjQihAlDNqe2Rcx2kCP2H8nhJwclm667KnoinfV52z8v0zNrKlz8PIb6q+whwn6mNkisC02mQwQkStUi4SocZxaAA==
      
      • hikaru755@feddit.de
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        How can I find your public key without going through a channel that could also have been manipulated by the admins, though? That seems problematic to me

        • KalciferOP
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          1 year ago

          This is indeed an obstacle in practicality. You are absolutely right in that any channel under control by the admin could be used as a means to orchestrate a MITM attack and replace my public key with theirs. The only way for this to work is for me to personally provide my public key in a separate, and secure channel like Matrix.

          I would like to emphasize that this is all just an experiment for my own interest. I would certainly not recommend what I am doing to anyone else.

          content-signature:nHszcVqN6q4R+QXnem7w42nxw58kNPNV3UGVK/rxBP5QBWNjoHX5WstdcuLWiiuuky0ZwXVR6zif2/+oWwRcmDtbv+FNlBOKSIVfcW1lSOQNQeBddbmBNIfP7hBjtTSVbszIZPXNzJQykEFdxh9hJVaC3eEqxYnN4oIOdxWjj+MejQ2zpG3l/BdnTLqWX3rf4HK4VPD8OMYyxTbqhtTMMje+tfCrf/EtRfgY3gd0Clm6oWw6WeD6QgQdJHgbRlDrZwIVE8F5zdtnooFcIptlo4ovJl9VX7FdBCExRW9MQJUU+3AZv5gVCZ4pZ9zZaXihGmhdNRDbAX9XQVUSSRc+1w==
          
      • pressanykeynow@iusearchlinux.fyi
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        The goal is only to know if the OP edited it or not. It doesn’t really matter who edited it if it wasn’t the OP. The only important information would be that it wasn’t the OP.

        OP can edit comment, sign with a different key and claim his comment was edited by the admins.

        So we can’t know who really edited the comment unless in the default boring situation: it was OP and he signed it with the correct key which is the same as him just telling “yeah, it was me” or not saying anything at all since it’s the default.

        • KalciferOP
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          1 year ago

          OP can edit comment, sign with a different key and claim his comment was edited by the admins.

          Dang, that is a scenario that I hadn’t considered. I’m not sure that there’s anything that can be done about it.

          content-signature:h0Iy5AaMSi9fo+LeWpR1hFpbRygi066LKPL7+5aDJ4Y0mf33R8/E+wn9At+N0dvNr8HH1eAghGkpfCbfcoe5NzzcsRMgfl+qSYjrpb4DmN124DLLoFd7q55R/aqXdqqZP+4DaVTLVN5G2MKg5SPL0SMhHxTl6f4BUxhQCWy6PapqwvsG3D59hVQtNlgm4/ab7oo5ORIR+ENV59+rrssNxaNBsKud4rths93SFMCf/si3Uewo0VNCorTb/KUMoZaHv21zmneq5UxZRkqXD3ZR4/H7vDILWArp350OSpZxm69kTJAeBH3VuvYkKunMlouzsxEJqdLDaaApYWwSyyUYLQ==
          
          • glowie@infosec.pub
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Why not just host your own lemmy instance on a cheap vps and be satisfied you’re the only admin heh

            • KalciferOP
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              Aha, yeah that is also an option. If signatures are possible, it would be less maintenace compared to hosting an instance. Also, I think other instances can still overwrite your data should they choose. It’s just stored data after all – if it’s not inherently tied to the user, then anybody can modify it; having federated servers only increases this attack surface.