zlacker

[return to "Image Scrubber: tool for anonymizing photographs taken at protests"]
1. comboy+iO[view] [source] 2020-05-31 21:38:59
>>dsr12+(OP)
Really weird that nobody in the thread is pointing out that this is basically a website that says "give me your photos, specifically from protests, which have details that you want to keep private".

It doesn't matter that it theoretically all happen in the browser. You can serve different versions to different IPs etc. Every heuristic in me would be screaming don't use that if I would have a need for such tool.

◧◩
2. dmart+j71[view] [source] 2020-05-31 23:52:39
>>comboy+iO
It's a static site running on GitHub pages, over HTTPS, directly out of a linked repo so you can examine the source code. I literally could not imagine a more transparent way to serve this application.

The only way an attack vector is possible here is if you think GitHub themselves would maliciously inject an altered version of the code in the repo, and even then you'd be able to see the code and network requests in your developer tools.

◧◩◪
3. underw+J12[view] [source] 2020-06-01 12:18:00
>>dmart+j71
That's assuming the author can be trusted. The link is not pinned to a specific commit so their is no way to know if the code is updated later without auditing it every time the tool is used.
[go to top]