Open yuv opened 2 years ago
After the most recent "upgrade" things became worse. Try editing a a Markdown file in the web interface. Enter a URL. Without asking for permission, Nextcloud triggers a fetch of the URL and add an (unwanted, because it occupies display space) preview. Please make such features optional and disabled by default.
Description
I am trying to operate a private Nextcloud instance. I find that there are many features such as update notifications or the updating of contact avatars from social media that trade off privacy for convenience. I kindly ask you to adopt a development rule:
No server-side fetching of external resources/URL without explicit permission.
A few examples:
defaults matter and should be chosen for privacy first, not for convenience. even when that privacy is less beneficial to the Nextcloud project (Usage survey). put your users' privacy first and you will be rewarded with more trust. there is nothing wrong with guiding the users to change the defaults, explaining the benefits/costs trade-off.
Steps to reproduce
1.Install a new Nextcloud instance with default settings 2.watch for the instance's fetching of external URLs
Expected behavior
no fetching of external URL that has not been previously consented to by the instance admin.