jerboa icon indicating copy to clipboard operation
jerboa copied to clipboard
verified publisher icon LemmyNet

Add "confirm upload" button between selecting image and uploading image

Open maltfield opened this issue 1 year ago • 5 comments

Pre-Flight checklist

  • [X] Did you check to see if this issue already exists?
  • [X] This is a single feature request. (Do not put multiple feature requests in one issue)
  • [X] This is not a question or discussion. (Use https://lemmy.ml/c/jerboa for that)

Describe The Feature Request Below

This is a feature request to add an additonal confirmation step [a] after a user selects a file-to-be-uploaded on their device and [b] before the image is actually uploaded to their lemmy instance.

Problem

Currently in just two accidentally mis-taps, a user can inadvertently upload a very sensitive photo to lemmy.

If, for example, a user:

  1. tries to click the "bold" button while composing a comment (but accidentally taps the "upload media" button) and then
  2. tries to click the "back" button (or do a "go back" gesture), but accidentally taps a very sensitive photo in their gallery (that are littered all over the screen like landmines)

...then the very sensitive photo will be swiftly uploaded to the user's lemmy instance -- and be publicly available to anyone with the photo's URL :'(

This is especially an issue because users cannot delete any images that they've uploaded to lemmy in jerboa nor can they delete images that they've uloaded in the lemmy WUI. Moreover, deleting their account doesn't delete the images that they've uploaded either.

Fact: Phones are small, unwieldy devices. Anyone who has tired to use a smartphone soft keyboard (or communicated with someone else who was using a software keyboard), knows that typos are especially prevalent on smartphone apps due to fat-fingered mis-taps or other common input errors.

Considering the likelihood (very high on smartphones) and the impact (very high for users who store any sensitive photos on their phones), the risk that a user accidentally uploads a very sensitive photo to lemmy in Jerboa (due to accidentally I/O) is just too high right now.

Solution

Jerboa should change the UX of media uploads to decrease this risk.

This can be achieved by adding an additonal step in-between

  1. Selecting the image and
  2. Uploading the image

Very simply, a "confirmation" dialog should be added in-between the above-two steps where a user can view the image(s) that have been selected and be presented with two buttons (that are not very close to each other)

  1. Upload (green button)
  2. Abort (red button)

Demo

For a video demonstrating this risk, please see the following video where, in a totally hypothetical situation), a user:

  1. browses some lemmy community
  2. clicks to comment on some thread
  3. types a comment
  4. accidentally clicks the "upload media" button (when attempting to format their comment with "bold")
  5. accidentally clicks on a very sensitive photo
  6. realizes, to their horror, that their very sensitive photo is now publicly accessible
  7. ... (panicked googling) ...
  8. realizes, to their immense horror, that they can't even delete the photo from the Internet

https://github.com/dessalines/jerboa/assets/5026712/094d3056-1ab1-4c11-9aac-96f12f209077

(Note: in the above dramatized video reconstruction of a totally hypothetical situation, the blurred-out photos are oil paintings taken from mediawiki. In reality, when this happened to me, the photo that was uploaded was an image of my government-issued ID -- which was a nightmare that I never want to experience again)

maltfield avatar Feb 09 '24 20:02 maltfield

See also:

  • https://github.com/dessalines/jerboa/issues/1362
  • https://github.com/dessalines/jerboa/issues/1361

maltfield avatar Feb 09 '24 20:02 maltfield

Is there another app that we could have an example for this flow? IE how does Eternity or other ones handle it?

dessalines avatar Feb 09 '24 23:02 dessalines

Is there another app that we could have an example for this flow? IE how does Eternity or other ones handle it?

This is a great question. Unfortunately I don't know because I've never uploaded an image to reddit or lemmy via an app before (well, I hadn't uploaded an image to lemmy -- until this horrible incident in jerboa).

maltfield avatar Feb 10 '24 00:02 maltfield

I do think its a good idea tho, at least until https://github.com/LemmyNet/lemmy/issues/4445 .

dessalines avatar Feb 12 '24 15:02 dessalines

For additional context of this issue, please see Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)

Nightmare on Lemmy St - A GDPR Horror Story

maltfield avatar Mar 04 '24 20:03 maltfield