jerboa icon indicating copy to clipboard operation
jerboa copied to clipboard
verified publisher icon LemmyNet

Setting to hide the "upload media" button

Open maltfield opened this issue 1 year ago • 3 comments

Pre-Flight checklist

  • [X] Did you check to see if this issue already exists?
  • [X] This is a single feature request. (Do not put multiple feature requests in one issue)
  • [X] This is not a question or discussion. (Use https://lemmy.ml/c/jerboa for that)

Describe The Feature Request Below

Feature request: Please add a setting that will prevent any UI element from appearing on the screen that, when clicked, has the possibility to upload a file to a lemmy server.

Problem

Currently in just two accidentally mis-taps, a user can inadvertently upload a very sensitive photo to lemmy.

If, for example, a user:

  1. tries to click the "bold" button while composing a comment (but accidentally taps the "upload media" button) and then
  2. tries to click the "back" button (or do a "go back" gesture), but accidentally taps a very sensitive photo in their gallery (that are littered all over the screen like landmines)

...then the very sensitive photo will be swiftly uploaded to the user's lemmy instance -- and be publicly available to anyone with the photo's URL :'(

This is especially an issue because users cannot delete any images that they've uploaded to lemmy in jerboa nor can they delete images that they've uloaded in the lemmy WUI. Moreover, deleting their account doesn't delete the images that they've uploaded either.

Solution

Some users have very sensitive photos on their phone, and they never, ever want to be able to use lemmy to upload photos (either lurkers or people who are fine with just posting text only).

These users should be able to protect themselves from the risk of accidentally uploading very sensitive photos to lemmy by going into their settings and ticking a box that says never upload files to lemmy. The result of this box would either:

  1. Hide the "upload media" buttons or
  2. Trigger an error before the Android Intent is called that would display the user's gallery (for picking a photo to upload)

Demo

For a video demonstrating this risk, please see the following video where, in a totally hypothetical situation), a user:

  1. browses some lemmy community
  2. clicks to comment on some thread
  3. types a comment
  4. accidentally clicks the "upload media" button (when attempting to format their comment with "bold")
  5. accidentally clicks on a very sensitive photo
  6. realizes, to their horror, that their very sensitive photo is now publicly accessible
  7. ... (panicked googling) ...
  8. realizes, to their immense horror, that they can't even delete the photo from the Internet

https://github.com/dessalines/jerboa/assets/5026712/094d3056-1ab1-4c11-9aac-96f12f209077

(Note: in the above dramatized video reconstruction of a totally hypothetical situation, the blurred-out photos are oil paintings taken from mediawiki. In reality, when this happened to me, the photo that was uploaded was an image of my government-issued ID -- which was a nightmare that I never want to experience again)

maltfield avatar Feb 09 '24 19:02 maltfield

Note: it appears that it's not possible for users to block apps from being able to initiate an Intent.ACTION_GET_CONTENT

  • https://android.stackexchange.com/questions/256092/permissions-how-to-deny-an-app-intent-action-get-content

maltfield avatar Feb 09 '24 19:02 maltfield

See also:

  • https://github.com/dessalines/jerboa/issues/1361
  • https://github.com/dessalines/jerboa/issues/1363

maltfield avatar Feb 09 '24 20:02 maltfield

For additional context of this issue, please see Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)

Nightmare on Lemmy St - A GDPR Horror Story

maltfield avatar Mar 04 '24 20:03 maltfield