Hey folks!

I am looking for feedback from active lemm.ee users on what you all value when it comes to images on Lemmy. I’ll go into a bit of detail about what our options are, and then I would ask you to voice your opinion about the issue in the comments.

First, some context for those who don’t know. Lemmy software can be configured to handle images in three different ways:

  1. Store images locally - whenever an external image is posted somewhere, lemm.ee will download a permanent local copy. When you view posts, you are seeing our local copy of the image.
  2. Proxy all images - similarly to the first option, lemm.ee will download a local copy of external images, however, this copy is temporary. It will be automatically deleted shortly after, and if users open the relevant post/comment again in the future, there will be another attempt to download a temporary copy at that point.
  3. Pass through external images directly - lemm.ee never downloads any external images, users will always connect directly to the source servers to load the images.

There are pros and cons to each configuration.

Storing images locally

Benefits:

  1. Your IP address is never leaked to external image hosts, as you never connect directly to the source server. External image hosts only see the IP address of the lemm.ee server.
  2. External servers don’t become bottlenecks for opening lemm.ee posts. If an external server is slow, it won’t matter, because the image is always available locally

Downsides:

  1. As time goes on, our storage will fill up with hundreds of gigabytes of useless images, most of which will never be viewed again after the relevant posts fall off the front page.
  2. Many big external image hosts will rate limit bigger Lemmy servers, causing broken images when we fail to make a local copy.
  3. Crucially: some people love to spend their time uploading illegal content to online servers. There are tools to try and filter out such content, but these are not perfect. The end result is that there is a high chance of some content like this inadvertently reaching lemm.ee storage and staying there permanently. This downside is why lemm.ee has not, and will not, use this particular configuration.

Proxying images

Benefits: In addition to the same benefits as exist for the permanent local storage, by only temporarily making local copies for the moment they are requested by our users, we free up a ton of storage & remove the risk of permanently storing illegal content on our servers.

Downsides: The key downside is that external rate limits hit us much harder, as we will be requesting external images far more often. This results in a lot of constant broken images on lemm.ee.

Passing through external images

Benefits:

  1. Images are rarely broken, unless the source server goes down.
  2. The images never touch our servers, removing a lot of risk with illegal content as well as with storage costs.

Downsides:

  1. Our users lose a degree of privacy. Every external image that is loaded on your browser will result in the remote server getting a request directly from your computer to fetch that image - this is pretty much the same as you had visited that external server directly, which lets them log your IP address if they wish.
  2. When remote servers are slow, it can slow down the entire page load in some cases.

Current situation

Initially, lemm.ee was using the third option of passing through images. Ever since support for option 2, image proxying, was implemented in Lemmy code, we immediately switched to that option, mainly for the privacy benefits. However, after many months, and being blocked by more and more external servers, it is clear that image proxying is seriously degrading the user experience on lemm.ee. We often end up with broken images, and our users have to deal with the results.

I still believe image proxying is a really valuable feature, but I am starting to believe it is a better fit for small instances which make much less requests to external servers.

As a result, I am now seriously considering switching back to the previous method of passing through external images.

This is where you come in - I would ask you as users to please let me know which do you value more: the privacy that you get from image proxying, or the better user experience you get from directly passing through images from their source. Please let me know in the comments how you feel. If I get enough feedback about people being against image proxying, then I will be switching it off for lemm.ee soon. Thanks for reading & sharing your thoughs, and I hope you have a great weekend!

  • Venia SilenteEnglish
    2·
    3 days ago

    Frankly, one of the big reasons why I like the Fediverse is that you don’t have to depend on the source keeping up their stuff - we get our own copies. That includes both the text (the posts) and the media (the images), and to me, that’s one third of the point of the entire thing. If I wanted an image that can only be seen at the dumpster cage that is Twitter, I’d go over there shrug and move on.

    Of course that’s not always workable because storage is (despite everything) not cheap, medias grow large (I can eg.: understand saving pictures, but heaven forbid trying to save a video) and there’s still not a good way to deal with “”“problematic”“” storage. So, my recommendation and expectation would be something that functions like Option 2: Proxying Images. Basically, we download our own copy but only store it “while it matters”.

    How to Supplement Options

    Now, maybe some proposals I would lift to have their feasibility studied. Any combination of one or more of these could, if implemented, help in enhancing or even supplantting the chosen method for storing remote media. I personally see them more as a means to enhance Option 2.

    • Only save copies of images (perpetual or proxy) that are below certain thresholds: file size, resolution, trusted hosts, etc… Sure, that still means you have to download every image at least once to evaluate it, but at least we get some sort of automated guarantee that for “easy” stuff, we won’t be filing more connections than necessary. The big win of this option is that lemm.ee is not paying for the larger resource cost of fetching larger images after their post is made. I’m guessing the main drawback would be the bikeshedding required to decide which images get saved locally.
    • Related option to the above: only save (perpetual) thumbnails or smallened versions of images, never the real ones. Would pretty much instantly cover the case of eg.: most memes. The big drawback I can see to this is managing those images for deletions would be harder unless a Lemmy instance can keep a searchable map of hashes from each image to their thumbnail and vice versa.
    • Require that any image is linked from an imagehost or filehost that is trustable for durability. Big drawback: notoriously more effort (and potential loss of privacy) for users means this actually disincentivizes posting rich content.
    • Pool up resources and get some cooperative work going with some other instance(s) to set up a shared proxy agent that downloads the images for us, so that lemm.ee doesn’t have to host the images but can have the clients fetch them without sacrificing privacy. I feel this one incentivizes posting rich content because you can get some level of assurance that it’ll remain available and be “cheap” to access from across the Fediverse, but requires more instances to chip in.
    • Images? Pfff. Text is where it’s at.