Option to shield users from loading third party ressources

https://www.phpbb.com/ideas/
Post Reply
Author:
heinrich_k
Posted:
Sat Feb 01, 2020 10:14 am
Rating:
Status:
New
heinrich_k
Registered User
Posts: 220
Joined: Fri Jul 17, 2009 11:40 am

Option to shield users from loading third party ressources

Post by heinrich_k »

It would be neat if there was an option that would change all bbcode-tags that reference to an outside ressource, like img-tag in a way, so that the file in question is loaded by proxying through the board.

Why?
Well, currently, one could add code like this:
[img]http://domain.tld/pic.jpg[/img]
to get an image into a post, privmsg or signature. Also possible would be:
[img]http://domain.tld/pic.dll?id=dasjldaslkjdalskj[/img]
or any other file, that responds with a picture. Any visitor's browser would therefore establish a connection with doman.tld and thereby reveal itself to the server at domain.tld. Depending on what information is integrated into id=dasjldaslkjdalskj now domain.tld also knows what post the visitor was loading, when and so on.

As a boad adminstrator you can stop this behavioir with "Content Security Policy" (CTS), but that would advice a visitor's browser to not load outside sources at all or report outside sources to the board admin but load them anyway. Both not necessarily behaviour you want.

So, by altering the behaviour of the bbcode "img" one could create a system that works like that:
  1. When a post, privmsg or signature with a tag that relates to outside source is saved and parsed the board accesses that resource, caches it.
  2. When the post, privmsg or signature in question is shown to a visitor, change the code so that the cached item is send instead. Re-download it to the server, if cache is to old.
    1. If it is an image suitable, even switch to inline-coding.
This will require more disk space and more bandwith for the board server, but it will only reveal the servers IP-address to domain.tld and only happen, when the resource in question needs to be recached. However, your visitor's information will be keept secret.

Obviusly, some limits should apply, for you wouldn't want someone to crash you board/server by posting [video]http://doman.tld/hugefile.mpg[/video] and force the server to cache those files.
Last edited by heinrich_k on Tue Feb 04, 2020 8:50 am, edited 1 time in total.

KYPREO
Registered User
Posts: 312
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: Option to shield users from loading third party ressources

Post by KYPREO »

By incorporating this into core code, it would expose phpBB and every board administrator to liability for copyright infringement. To mitigate this risk, this would then require mandatory terms of use under which each user warrants they own copyright in or are able to sublicense reproduction of the content and grant an indemnity in favour of phpBB and the board administrator if a third party brings a claim for copyright infringement. To be enforceable, this in turn would require records of the user's IP address and other contact details to be stored indefinitely to later identify the user (if it became necessary to rely on the indemnity or breach of warranty) thereby contradicting the very purpose for introducing the feature in the first place.

Fwiw I am a fan of an extension to automatically cache copies of all hotlinked content and serve it direct from the board server. This has the same copyright implications, but if it was an extension then it's on the administrator to put appropriate terms of use in place. I put this up as an extension request a while ago and got no interest: viewtopic.php?t=2526146 Based on that, there's no way this is going to be made core.
phpBB user since 2002
www.AusRotary.com

User avatar
AmigoJack
Registered User
Posts: 5697
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン
Contact:

Re: Option to shield users from loading third party ressources

Post by AmigoJack »

Proxying and caching add potential for manipulation: requesting a resource directly from its source is by default more trustful than to get a "copy" from somewhere else. If such a feature is incorporated into the core I'll publish an extension that will modify all those files in a subtile way, spreading false information on purpose.

It's the same ill-conceived approach as in Re: [3.2][BETA] Image Redirect - this is not killing the culprit (how people behave) but instead only symptoms (wounds that no longer bleed won't be noticed anymore).
The worst thing about censorship is ███████████
Affin wrote:
Tue Nov 20, 2018 9:51 am
The problem is probably not my English but you do not want to understand correctly.
...
We will not come anybody anyway, nevertheless, it's best to shit this.

Post Reply

Return to “phpBB Ideas”