linkwarden icon indicating copy to clipboard operation
linkwarden copied to clipboard
verified publisher icon linkwarden

Archiving - imo should be disabled by default

Open linuxd3v opened this issue 1 year ago • 1 comments

Is your feature request related to a problem? Please describe. it's a privacy and security issue in my opinion.
I think archiving should be disable by default. Tool shouldn't be automatically crawling links and websites that people add into the tool (unless explicitly allowed).

why:

Unintended Data Transmission: GET requests often include parameters in the URL that can reveal sensitive information, such as session tokens or identifiers. When bookmarks are accessed automatically, these details could be inadvertently sent to the server without the user’s consent, exposing personal or private data.
GET request to a bookmark url can even trigger some process that shouldn't be triggered. :woman_shrugging:
I mean in theory GET requests should be idempotent, but who knows how people set things up in real life.
Also - it's not just one GET request, there is full fledged Playwright thing... It can load a page and who knows what javascript will get executed and potentially do unexpected breaking things.

Potential Account Lockouts or Security Alerts: Many online services track unusual access patterns to detect unauthorized activity. Automated GET requests from a bookmarking tool could trigger alerts or lockouts on accounts if they are interpreted as suspicious activity, especially if the requests come from unusual IP addresses or happen too frequently.

information leakage/unauthorized proxy: imagine a situation where this tool is on EC2 server on some internal network.
Only linkwarden is exposed to the outside world, but... people adding links are in effect have access to a sort of unauthorized proxy.
So I can add a link to some internal tool on the same network and it will pull entire page html or make a screenshot of some system that user is potentially not authorized to access otherwise. and what makes this worse - there is no way to remove those screenshots/ html data.

Describe the solution you'd like

  • Disable all archiving or bookmark crawling by default.
  • Add env variable option in docker compose to not have these archival options present entirely.
  • add ability to remove all crawled content

Describe alternatives you've considered n/a

Additional context should-not-be-enabled

linuxd3v avatar Nov 09 '24 23:11 linuxd3v

I completely agree - Linkwarden’s storage demands grow fast. It’s unmatched for collaborative bookmarking, but storage costs scale linearly with every user and every link. As users accumulate links over time, the data footprint becomes unsustainable - 100,000 links over a lifetime is hardly unusual. Assuming 5 MB per page, that would be equivalent to 500 GB allocated to archives which I do not care about.

werererer avatar Oct 30 '25 00:10 werererer