Wish: remove ability to hotlink images in signatures
Wish: remove ability to hotlink images in signatures
I noticed a user was hotlinking an image in their signature. That means anyone viewing any of the user's posts connects to a third party site to download that image. That is a possible means of tracking users on the forum. To prevent that I suggest removing the ability to hotlink images in signatures.
I'm not saying that any particular user is trying to track anyone. I only suggest removing an ability to do so.
While at it, perhaps also remove the ability to hotlink inside posts too! New posts, as it would be a lot of work to convert older existing hotlinks I guess. In addition to reducing tracking risk making user attach images instead of hotlinking them means forum post history can be preserved without having to rely on various third party sites to keep hosting the hotlinked images in the future.
I'm not saying that any particular user is trying to track anyone. I only suggest removing an ability to do so.
While at it, perhaps also remove the ability to hotlink inside posts too! New posts, as it would be a lot of work to convert older existing hotlinks I guess. In addition to reducing tracking risk making user attach images instead of hotlinking them means forum post history can be preserved without having to rely on various third party sites to keep hosting the hotlinked images in the future.
Re: Wish: remove ability to hotlink images in signatures
I would to see what other think, but here are my my thoughts.
I do prefer images to be independent of 3rd party hosting, but it is much more accommodating for new users to allow them to attach images however they like or know how. Arguably, we could indicate the "how" in the reply/posting section, but this has proven to be ineffective with [\code] tags being the prime example. However, setting the limitation may "encourage" (or maybe discourage) users to figure out how to include images without "hotlinking".
Unfortunately, this does not seem like it is a built-in feature of phpBB. An appropriate plugin or custom implementation would be needed.
I do prefer images to be independent of 3rd party hosting, but it is much more accommodating for new users to allow them to attach images however they like or know how. Arguably, we could indicate the "how" in the reply/posting section, but this has proven to be ineffective with [\code] tags being the prime example. However, setting the limitation may "encourage" (or maybe discourage) users to figure out how to include images without "hotlinking".
Unfortunately, this does not seem like it is a built-in feature of phpBB. An appropriate plugin or custom implementation would be needed.
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
Re: Wish: remove ability to hotlink images in signatures
I see that you also hotlink images in your signature though to the old ahkscript domain
Re: Wish: remove ability to hotlink images in signatures
indeed
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]
-
- Posts: 48
- Joined: 11 May 2020, 20:45
Re: Wish: remove ability to hotlink images in signatures
Maybe it would be possible to limit to certain URLs (such as the most common places to upload images (Imgur, etc)? Seems like a nice compromise. And then there could be a thread where people could request URL's to be added to the whitelist.
Re: Wish: remove ability to hotlink images in signatures
Marium0505, yeah that could be a middle way.
I hope there is some phpBB plugins or code snippet to block the [img] tag. That can whitelist [img] tags for the imgur.com domain. And apply only to post creation or edits at times after the code is enabled, to avoid breaking older posts that hotlink.
More ambitiously (and beyond the scope of this request) some script could trawl through all older posts and detect [img] hotlinking, retrieve the hotlinked image and make it into an inline attachment.
I wonder why some currently use imgur over of attach+inline. How much is due to UI design?
- The "insert image tag" image icon button is close to the edit box.
- The "add file" button is much further down, users may need to scroll to see it. "place inline" is only visible after attaching a file, so users might not know it is possible. Drag and drop image on edit box attaches it. But there's no hint that that feature exists and again can require scrolling to see "place inline".
UI change ideas for attach+inline. Given it an icon button above the edit box. Or let the image icon button open the "add files" popup. A text hint could say "drop image to place inline". After attaching an image a "place inline" button could show and flash above the editbox. Maybe rename "place inline" to "place image inline" or "place image in text".
In the meantime here is a uBlock origin dynamic rule to on this site show only images hosted on autohotkey.com and ahkscript.org and joedf's specific signature images
.
I hope there is some phpBB plugins or code snippet to block the [img] tag. That can whitelist [img] tags for the imgur.com domain. And apply only to post creation or edits at times after the code is enabled, to avoid breaking older posts that hotlink.
More ambitiously (and beyond the scope of this request) some script could trawl through all older posts and detect [img] hotlinking, retrieve the hotlinked image and make it into an inline attachment.
I wonder why some currently use imgur over of attach+inline. How much is due to UI design?
- The "insert image tag" image icon button is close to the edit box.
- The "add file" button is much further down, users may need to scroll to see it. "place inline" is only visible after attaching a file, so users might not know it is possible. Drag and drop image on edit box attaches it. But there's no hint that that feature exists and again can require scrolling to see "place inline".
UI change ideas for attach+inline. Given it an icon button above the edit box. Or let the image icon button open the "add files" popup. A text hint could say "drop image to place inline". After attaching an image a "place inline" button could show and flash above the editbox. Maybe rename "place inline" to "place image inline" or "place image in text".
In the meantime here is a uBlock origin dynamic rule to on this site show only images hosted on autohotkey.com and ahkscript.org and joedf's specific signature images
.
Re: Wish: remove ability to hotlink images in signatures
Put together a list of domains. I like this idea enuff to do the enhancement. Once finalized I will do the work of generating a notification to those out of compliance, remove hotlinks in sigs by db and then alter the ucp functions to screen signatures for hotlinks fome unapproved domains
We are troubled on every side‚ yet not distressed; we are perplexed‚
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
but not in despair; Persecuted‚ but not forsaken; cast down‚ but not destroyed;
Telegram is the best way to reach me
https://t.me/ttnnkkrr
If you have forum suggestions please submit a
Check Out WebWriter
Re: Wish: remove ability to hotlink images in signatures
Neat, I think imgur and github.[com|io] are at the top of my list haha
Windows 10 x64 Professional, Intel i5-8500, NVIDIA GTX 1060 6GB, 2x16GB Kingston FURY Beast - DDR4 3200 MHz | [About Me] | [About the AHK Foundation] | [Courses on AutoHotkey]
[ASPDM - StdLib Distribution] | [Qonsole - Quake-like console emulator] | [LibCon - Autohotkey Console Library]