[jrrrr]

Re: proxy security concerns:

>Unlike GitHub, most of them don't even bother proxying the image to hide IP, referrer, and browser agent. If you want to allow external images on your site, you must proxy them and hide everything about a person who requested it. > A person with bad intentions can trick a victim into opening your profile that looks completely legit and detect his IP and a browser.

Can you explain this in more detail? Given a profile host that doesn't proxy, how does that attack work?

[nso]

Attack?

1. your browser opens image from external server (in this step the server gets your IP and potentially user agent as that's how browsers communicate with servers)

2. there is no step 2

[cutemonster]

What? My step 2: Go to ip addr and ask your favorite celebrity (whose ip you got) for an autograph and selfie together

[f311a]

The IP itself can be a very valuable information if you target famous people, politicians, criminals and so on.

Such people usually know, that clicking on random links is not safe.