Hey folks!

I am looking for feedback from active lemm.ee users on what you all value when it comes to images on Lemmy. I’ll go into a bit of detail about what our options are, and then I would ask you to voice your opinion about the issue in the comments.

First, some context for those who don’t know. Lemmy software can be configured to handle images in three different ways:

  1. Store images locally - whenever an external image is posted somewhere, lemm.ee will download a permanent local copy. When you view posts, you are seeing our local copy of the image.
  2. Proxy all images - similarly to the first option, lemm.ee will download a local copy of external images, however, this copy is temporary. It will be automatically deleted shortly after, and if users open the relevant post/comment again in the future, there will be another attempt to download a temporary copy at that point.
  3. Pass through external images directly - lemm.ee never downloads any external images, users will always connect directly to the source servers to load the images.

There are pros and cons to each configuration.

Storing images locally

Benefits:

  1. Your IP address is never leaked to external image hosts, as you never connect directly to the source server. External image hosts only see the IP address of the lemm.ee server.
  2. External servers don’t become bottlenecks for opening lemm.ee posts. If an external server is slow, it won’t matter, because the image is always available locally

Downsides:

  1. As time goes on, our storage will fill up with hundreds of gigabytes of useless images, most of which will never be viewed again after the relevant posts fall off the front page.
  2. Many big external image hosts will rate limit bigger Lemmy servers, causing broken images when we fail to make a local copy.
  3. Crucially: some people love to spend their time uploading illegal content to online servers. There are tools to try and filter out such content, but these are not perfect. The end result is that there is a high chance of some content like this inadvertently reaching lemm.ee storage and staying there permanently. This downside is why lemm.ee has not, and will not, use this particular configuration.

Proxying images

Benefits: In addition to the same benefits as exist for the permanent local storage, by only temporarily making local copies for the moment they are requested by our users, we free up a ton of storage & remove the risk of permanently storing illegal content on our servers.

Downsides: The key downside is that external rate limits hit us much harder, as we will be requesting external images far more often. This results in a lot of constant broken images on lemm.ee.

Passing through external images

Benefits:

  1. Images are rarely broken, unless the source server goes down.
  2. The images never touch our servers, removing a lot of risk with illegal content as well as with storage costs.

Downsides:

  1. Our users lose a degree of privacy. Every external image that is loaded on your browser will result in the remote server getting a request directly from your computer to fetch that image - this is pretty much the same as you had visited that external server directly, which lets them log your IP address if they wish.
  2. When remote servers are slow, it can slow down the entire page load in some cases.

Current situation

Initially, lemm.ee was using the third option of passing through images. Ever since support for option 2, image proxying, was implemented in Lemmy code, we immediately switched to that option, mainly for the privacy benefits. However, after many months, and being blocked by more and more external servers, it is clear that image proxying is seriously degrading the user experience on lemm.ee. We often end up with broken images, and our users have to deal with the results.

I still believe image proxying is a really valuable feature, but I am starting to believe it is a better fit for small instances which make much less requests to external servers.

As a result, I am now seriously considering switching back to the previous method of passing through external images.

This is where you come in - I would ask you as users to please let me know which do you value more: the privacy that you get from image proxying, or the better user experience you get from directly passing through images from their source. Please let me know in the comments how you feel. If I get enough feedback about people being against image proxying, then I will be switching it off for lemm.ee soon. Thanks for reading & sharing your thoughs, and I hope you have a great weekend!

  • homesnatch@lemm.ee
    link
    fedilink
    arrow-up
    20
    ·
    13 days ago

    Storing permanently locally doesn’t sound like a good solution…

    If you could adjust the length of time to keep cached/proxy’d images locally and increase it significantly, I’d think that would be the preferred solution.

  • Blaze@feddit.org
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    13 days ago

    No opinion for the moment, but thank you for the very detailed post

  • TachyonTele@lemm.ee
    link
    fedilink
    arrow-up
    12
    arrow-down
    1
    ·
    13 days ago

    I’m on a lot, and I scroll from All/Hot. I rarely see broken images. They do pop up, but not enough to ever bother me. The only option I’d avoid is method 1, because of that image debacle a few months ago. Regarding methods 2 and 3, they both seemed to work fine. I leave it to smarter minds than myself.

    Good work on next, btw. Enjoy your weekend and thank you for everything you do!

  • shackled@lemm.ee
    link
    fedilink
    arrow-up
    10
    ·
    12 days ago

    Option 3 is the only one that seems sustainable long term. Donations will NEVER keep up with user growth, thus storage costs will balloon out of control.

    Completely avoiding any chance of illegal content touching the servers should immediately have everyone agreeing on this option. I doubt anyone here is willing to foot legal bills and as such even minor legal actions would be the end of this instance.

    Privacy is nice but ip logging is the simplest form to “protect” against with even a free VPN. If those claiming privacy concerns here aren’t already using a VPN and are depending purely on lemme.ee’s proxy then their internet hygiene needs an update.

    As for usability, the image being deleted from external provider presents the same issue to the user between option 2 and 3. The cache from option 2 will inventually get cleared and it’ll fail to pull a fresh copy if deleted from the external hosts.

  • thefartographer@lemm.ee
    link
    fedilink
    arrow-up
    8
    ·
    13 days ago

    I say option 3. Sure, it’s annoying, but that’s our problem. Your problem is keeping the server operational, safe, and low-cost.

    Considering the vote:content ratio, it looks like most users spend most of their time spectating. The spectators feed our egos and determine the trends in content by singular positive or negative votes. The spectator experience seems far more important to me and it should be the onus of the contributors to ensure their own privacy, just like they do in avoiding doxxing themselves via text.

    Option 2 certainly follows in the vein of improved performance, but if real-world implementation is proving too unstable or creating too much overhead, then I say “fuck it, option 3 sounds great.”

  • simple@lemm.ee
    link
    fedilink
    arrow-up
    8
    ·
    edit-2
    13 days ago

    Thanks for your hard work as always.

    I’m in favor of moving away from proxying. Too many images break and proxying in general is very wasteful, having to download images from potentially small servers constantly would definitely get you ratelimited.

    Passing through external images is OK. Many people often post external links anyways to sites like imgur and catbox because of the file size limits anyways.

    I think the end goal would always to store images locally though - or at least caching them for extended periods of time. Don’t large instances like Lemmy World and huge Mastodon instances work this way? How do they manage the risk?

  • Rexios@lemm.ee
    link
    fedilink
    arrow-up
    7
    ·
    13 days ago

    Have you thought about solving this issue in the front end? The client I’m using (Mlem) implemented a feature to directly access the image if the proxy fails. This feature can either be triggered automatically or by pressing a button on the failed image. This allows users the benefit of the proxy while also having the option to give up their IP if they want to see a broken image.

    • kyle@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      13 days ago

      If this is feasible, it sounds like an elegant solution. Does it work for the various mobile apps, or would each app need to do it on their end?

      • Rexios@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        13 days ago

        If there was a Lemmy account setting to automatically bypass the proxy on failure then it might not require any front end work, but the manual bypass button would definitely need to be implemented in each client

    • ArchRecord@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      13 days ago

      This is something I think would be the best solution. It seems like the best possible tradeoff between user privacy, and actual effectiveness.

  • flashgnash@lemm.ee
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    12 days ago

    I believe just passing through external images is the way to go, it’s always the one I opt for if I can

    Hosting those images is gonna get expensive and that kinda sucks for a donation run platform when that money could be far better spent elsewhere

    I think also using external image sources is more in line with the idea of decentralisation, Lemmy isn’t an image host it’s a link aggregator and forum - I believe most image hosting sites will be far better at loading images quickly than Lemmy’s implementation could ever be

  • CRUMBGRABBER@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    ·
    12 days ago

    I like 3 also. if you can’t get a good user experience privacy matters less because there are no users, and anyone can spin up a super privacy enhanced instance if they want.

    I was thinking however that a super stand alone image server would be a great thing for Lemmy, and pixelfed and the Fediverse in general.

    Imgur blew up and was the go to for image hosting on Reddit for years, until Reddit realized it was leaking traffic and users to them and started their own. But hosting images has a lot of potential headaches like copyright violations and big corps suing you into oblivion, in addition to inadvertently hosting illegal stuff. The Fediverse will need some good image hosting servers and video hosting servers as part of the plan in the long run though.

  • perishthethought@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    13 days ago

    Definitely OK with either option 2 or 3. And I trust @sunaurus to choose what’s best for this instance.

  • fossphi@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    ·
    13 days ago

    Images have been a bit problematic for me lately, for sure. If storing them locally is not a solid option, the question I would have is how much of the other requests are proxied? As in, what other stuff apart from images/media is not being proxied? If the clients are leaking IPs anyway, maybe it’s okay to have them download the images, too. But if the server is proxying everything else then having some sort of a cache might not be that bad an idea

  • Thassodar@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    ·
    13 days ago

    I would pick image pass through because I’m not necessarily concerned about the image hoster logging my IP. I have been more frustrated with broken links, so I am very much opposed to the current method.

  • ditty@lemm.ee
    link
    fedilink
    English
    arrow-up
    5
    ·
    13 days ago

    I think it’s important for us to be mindful of content retention for posterity’s sake if we want Lemmy to compete with Reddit long-term. If possible, I’d hope we can avoid dead image links like we see with old forums and photobucket pics, for example.

  • uiiiq@lemm.ee
    link
    fedilink
    arrow-up
    4
    ·
    12 days ago

    Although I value privacy, I value sustainability more. Choose an option you feel most comfortable with, option which puts the least burden on your shoulders.