The dashboard should not refer to github for images (i.e. when viewing apps in the app-store, before installing them).
It's ok if the node backend will download the images on demand, but using an <img src="..." /> allows github to link the browser's ip to the umbrel apps that the user looks at.
This is especially true for users that use Tailscale and think that they are completely safe - only the requests to their node go through the VPN, not the requests to the other resources.
Obviously you can't enforce this on every app that the user installs, but this is no longer under your control.
The dashboard should not refer to github for images (i.e. when viewing apps in the app-store, before installing them). It's ok if the node backend will download the images on demand, but using an
<img src="..." />allows github to link the browser's ip to the umbrel apps that the user looks at.This is especially true for users that use Tailscale and think that they are completely safe - only the requests to their node go through the VPN, not the requests to the other resources.
Obviously you can't enforce this on every app that the user installs, but this is no longer under your control.