Sanitize the sites' download/update

[danimesq]

When updating or downloading a site, even being the media optional or not, don't download media automatically. Notify when a download/update contains media, and show user all media for approving.

[purplesyringa]

First, define "media". Second, how would it improve ZeroNet safety? If someone wants to distribute illegal stuff, they have a lot more ways than just publishing a file with xxxunsafe.mp4 name.

[danimesq]

First, define "media"

You already could guess it. Audios, images, videos.

Second, how would it improve ZeroNet safety?

Because not even the deep web is known to automatically download stuff.

If someone wants to distribute illegal stuff, they have a lot more ways than just publishing a file with xxxunsafe.mp4 name

Name doesn't matters; I refer to any audio/video/image. And these lot more ways to distribute illegal stuff is responsibility of the sharer, not of the victim; that's why ZeroNet needs to avoid automatic multimedia download.

[purplesyringa]

You already could guess it.

Nope. Is a 1 GiB myawesomevideo.txt file media?

[ghost]

I believe he's talking about when a zite contains a video or picture and when you go to the page with this "media" it automatically downloads it so that it can display/play the media.

Of course, the language he uses is a bit confusing, particularly "sanitize", but whatever...

[danimesq]

Nope. Is a 1 GiB myawesomevideo.txt file media?

It can be recognized as multimedia if it haves more than 5MB size.

I believe he's talking about when a zite contains a video or picture and when you go to the page with this "media" it automatically downloads it so that it can display/play the media.

The core of this issue is proposing to identify multimedia on download/sync/update, and even not being a optional file, ask user to accept or not. It could also be integrated with blocklists, telling when a file is included. If a file uses a known multimedia file extension, shows it blurred also for user accept.

[purplesyringa]

It can be recognized as multimedia if it haves more than 5MB size.

Ok, this makes a bit more sense but has many false positives. There can be (and there are) 5MB scripts, repositories, databases and such.

[purplesyringa]

If a file uses a known multimedia file extension, shows it blurred also for user accept.

Doesn't this mean the file has to be downloaded first?

[ghost]

Yeah, the blurring effect means at least a portion of the file must have already been downloaded - or perhaps the ZeroNet client could store the blurred image data in the database with the rest of the metadata for optional files. Anyways.. this particular part basically has to be handled by the site - the site puts a placeholder for unloaded images/media. I'd rather not have ZeroNet touch my zite's images/videos and force me into a particular method (for example, my site might want to do something else for unloaded images instead of displaying a placeholder, then there's the dimensions of the image within the site, and a bunch of other things).

Basically, it seems this is what you want: 1.) All images and videos and other media become optional files by default. 2.) When a zite goes to display an image, don't automatically download the media, but prompt the user in some way.

One problem, this could get annoying if you're being prompted for a hundred images on a page, etc.

[Thunder33345]

why not make it an optional "reject ruleset" on client side? basically a rule set that reject files even if they are not optional purpose: a way for client to overwrite "mandatory" files and make it "optional for themself" i dont think automatically rejecting will be a good idea though, as most sites probably will just break when they fail to find the media it could be persite, global, automatic for new site etc, and probably something regex based