62

There are two issues with embedded images in posts that link to outside hosts:

  • These images are likely to expire at some point, which can render the post meaningless
  • External images allow users to track visitors of the page the post appears on

While the second item is what triggered my feature request, I think the first one is the bigger issue. And it is an issue that is far easier to fix early than later when the image is gone. This check should also not be applied retroactively, but only for new posts.

I did a quick check to get an idea on how many images are embedded from other sources, and on Arqade 119 images are on non-imgur hosts compared to 7258 images in total. I chose Arqade as it is a reasonably image-heavy site and one of the larger sites in the network without being too large for the query to time out.

Images from external sources are a small minority, but not so small that one could ignore this entirely.

To avoid annoying users too much when prohibiting them from using images from external sources, the option to upload the image to SE imgur could be added to the notification when such an image is blocked. This dialog would of course have to mention the licence implications of uploading the image.

Improve this question
7
  • 1
    What would my new workflow be if I want to link to a legitimate, durable image, like Google Ngrams, WikiMedia, or XKCD? (And yes I've used that last, on meta posts.)
    – Monica Cellio
    Commented Oct 10, 2014 at 2:33
  • This is really a critical feature for gamedev.SE... it makes it very difficult or impossible to understand certain questions without the original images. So the quality of the site is reduced when these links fail.
    – Engineer
    Commented Jun 4, 2015 at 15:58
  • 1
    Possible duplicate of How to handle possible user tracking through images?
    – Deer Hunter
    Commented Feb 9, 2016 at 12:20
  • 6
    @DeerHunter I don't see why this is a duplicate. My question is a feature request, the other one a discussion. Mine is also the older question.
    – Mad Scientist
    Commented Feb 9, 2016 at 12:58
  • 3
    And the higher upvoted one. I think the two questions are different too @MadScientist
    – Patrick Hofman
    Commented Feb 9, 2016 at 12:59
  • 2
    @MadScientist - you are right. Retracted.
    – Deer Hunter
    Commented Feb 9, 2016 at 13:31
  • I just posted this comment re another comment: "... you are violating copy right, amongst other things. Posts to SE are covered by a CC licence and storing images on Imgur is (or was)(see current Meta discussion) claimed to give Imgur the right to do almost anything they wish with them for any reason. | ALL images are copyright except those (perhaps) for which an explicit Public Domain licence exists. By posting an image to Imgur you are ignoring any licencing or copyright issues. <rudemode=1>. By flagging for moderator attention you are calling in a bigger bully. "
    – Russell McMahon
    Commented Sep 9, 2019 at 20:03

2 Answers 2

Reset to default
29

I'd support this if Imgur added support for SVG images and removed the size limit from PNG images (or at least raised it to something more reasonable than 1 MB). Until that happens, though, there are sometimes valid reasons not to use Imgur.

(I guess I could be OK with this if Wikimedia Commons was also whitelisted as an allowed image source. They do support SVG and large PNGs, are not likely to disappear or start losing images in the near future, and while their images can, technically, be modified by anyone, they're pretty good at catching and reverting vandalism.)

All that said, I do 100% support the banning of certain specific image hosts known to behave in ways that make them unsuitable for Stack Exchange.

Improve this answer
16

Let's not forget that off-site hosted images can also be replaced by whoever controls the image host (in case of imgur, whoever uploaded the image).

For this reason we should not be editing image links from low-rep users into inline images in the question, nor accepting suggested edits that add or modify image URLs. Because even if the image is safe for work today, next week it may not be. The suggested edits are particularly problematic, because offensive/spam flags count against the original author, not the user who introduced the vulnerable image URL.

Mad Scientist's feature request should close that loophole completely, assuming that stack.imgur.com is configured not to allow changes to existing images.

Improve this answer
4
  • 1
    It's meta, people vote to express their agreement/disagreement. FWIW, I got a random upvote around the same time; looks like someone decided that they liked my answer and disliked yours. That happens. Here, have a sympathy upvote (for pointing out a valid issue with external images).
    – Ilmari Karonen
    Commented Jun 26, 2015 at 9:47
  • @IlmariKaronen: Thanks. Anyway, my answer consists of a fact plus my opinion that this fact describes a undesirable loophole/ability. Since the fact is indisputable, the disagreement must be with the undesirability, so someone thinks that the ability to replace images without review is a good thing.
    – Ben Voigt
    Commented Jun 26, 2015 at 14:02
  • 3
    ...or they might just think that the inconvenience of allowing images only from stack.imgur would outweigh the gain of plugging this security hole. Which is not a completely unreasonable position to take, given that we've lived with unrestricted image embedding for years by now, and AFAIK haven't had a plague of shock images yet.
    – Ilmari Karonen
    Commented Jun 26, 2015 at 14:50
  • In principle, this is a valid threat to model. In practice, not so much. I, and hopefully other editors and reviewers, perform a basic sanity check to make sure added images are relevant to the post. Finding or making relevant images is non-trivial to automate, so that's a fair amount of manual effort to set up this attack. So that limits the threat to those who are willing to spend time carefully setting up hours-delayed vandalism on someone else's post. These users are so few in number they can simply be banned manually once found. If any are ever found.
    – Nathan Tuggy
    Commented Sep 7, 2015 at 16:54

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .