PSA: Do not enable URL thumbnail generation in Element - eviltoast

As I noted within my post, #9955859@lemm.ee (alternate link), URL thumbnail generation in Element is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:

In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

Post Edit History

2023-10-02T00:54Z
1c1,2
< As I noted within my post #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server.
---
> As I noted within my post #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
> > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

2023-10-02T01:28Z
1,2c1,2
< As I noted within my post #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
< > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room. 
---
>  As I noted within my post, #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
> > In encrypted rooms, like this one, URL previews are disabled by default to ensure that your homeserver (where the previews are generated) cannot gather information about links you see in this room.

2023-10-02T03:44Z
1c1
< As I noted within my post, #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:
---
> As I noted within my post, #9955859@lemm.ee ([alternate link](https://lemm.ee/post/9955859)), URL thumbnail generation in [Element](https://element.io/) is an enormous privacy, and security vulnerability. Thumbnails are generated server-side, regardless of E2EE settings. What this means is that the URLs that one sends would be leaked out of your encrypted chats to the server. Here is a notable excerpt from the settings within Element:

Post Signature

ul7mHTfs8xA/WWwNTVQ9HzKfj/b+xw+q9csWf60OJrT58jMJpmsX8/BicwFodR8W
Llo93EMtboSUEtYZ+wQhaL/HmrEr6arup7gJzZgslOBWPFj5azADHSpjX9RYuvpt
Fk2muTUgJP2e+SW3BGDPmlcluw6mQOYcap84Fdc1eU47LOZprBXob97qInMK5LrL
tzNqARRtXGdogZtQYlNCqCd9eQgqTwPfxKVadmM6G3xQMh6mWQxQz56sCXqj+mlG
OqJyZIgB1UXEuVZeAO3pl9wN+cSM4eqHLHQwEd+aVeSPf75r2d7mZs+VNwr1WfMu
0sWcPh3aZLXKqdls6UJMEA==
  • Kalcifer@lemm.eeOP
    32·
    1 year ago

    Indeed, it does. It can be overlooked, however. I added that info to my post, though. Thank you for the note.

    AcN4ig5AQaP5RPDXd4zDkAmFvg+Xp65zI6i5ossToWdpV7Ad2r7s0UAn6TRKG5NbiBOvr+ZWk8fVS8abFcXGEmEp9axEG/BOxJVSMteDTjhf74fVmRbIxik8EpYR2FA5DXTK/r6nrxxiuTTak5kNUrSi2Bb4ebdFEEhrdikuDm68jjHiXsqOS2O4JYxUhhd0qrjnzaCAtiCr1KnqyR+9eEtUDv8nx8IvAnk/9EmzSnPxn5BinJYFjM3qEh3KYyqfY//d0brUQFkbKJmqn1KGdhmzZG7SUtZPsAozJSrVFHynavEwx6SIhxAbJYojQ10RjkYYXVQ10RNmB+NiPs1Zgg==
      • Kalcifer@lemm.eeOP
        1·
        1 year ago

        Using a bot to generate a URL preview is an interesting workaround.

        Content Signature: cLObDckmLviCA8xG832rJ8PFk9UTYN/PrdRb5/lCZkl+GsjtkMp90r6PWD+Ffxby0izyxVeDocLbJh8xrP7L3a1dUX2whEABb8mAhl+cHJqbxq07Z3SWBcroLyolMjmIfUQIgRRRB6lUhbsiwCfKcoVrf0HQchXZS+83YcyMtr+dgiIhVQar3/WMkIk+4nJ/sS+O2vz7c/RfxAzYYzFSPErFVe8Y1NWXWqPOajV/BdLS0U8239ElxUb7Q2Zq8SCgzqoOBtFbgWXTsa6lHFj4gqkRiaDzH6jlJhuO4rRZdA6E2dP+G0Ru7MexI1P6ev65I6VMWxYye0nqtdXC8Alp3A==