I'm just happy to find out it wasn't an issue on my end.
It's been plaguing me for days and I was going to make a new account on a different instance to troubleshoot it today.
this post was submitted on 16 Jul 2025
309 points (100.0% liked)
Lemmy NSFW
13187 readers
4 users here now
Updates about lemmynsfw.com
founded 2 years ago
MODERATORS
I thought it was my client being a shit. Thanks for all your work.
You are doing great and are appreciated.
Thank you for the update.
Godspeed fellow porn gremlins
Thanks for all your work!
thanks for your hard work
The problem seems to be that for some reason you're messing with image urls and adding https://lemmynsfw.com/api/v3/image_proxy in front of them for some nefarious reason, which obviously prevents them from working.
Just stop messing with people's posts and everything will work fine.
There's clearly something both extremely ill intentioned and extremely incompetent happening here.
This is precisely the kind of profoundly stupid meddling I left reddit for.
Time to look for a new instance or quit lemmy altogether, I guess.
It was... somewhat almost okayish while it lasted.
I'm just going to include a section from the patch notes for Lemmy version 0.19.4.
There is a new config option called image_mode which provides a way to proxy external image links through the local instance. This prevents deanonymization attacks where an attacker uploads an image to his own server, embeds it in a Lemmy post and watches the IPs which load the image. Instead if
image_modeis set toProxyAllImages, image urls are rewritten to be proxied through/api/v3/image_proxy. This can also improve performance and avoid overloading other websites...
For the issue at hand, it appears to be related to Cloudflare based on the 403 error message when tying to view an image.
Sure, the visible symptom of the issue is cloudflare blocking the image proxy, probably with good reason, since the explanation is absurd (except for the deanonymization part, which is just schizophrenically paranoid; no one cares enough about who's looking at some random image to waste their time setting that up), but the unnecessary and nonconsensual meddling with the urls is the root cause.
We're talking Lemmy here. As great as federation is, small self hosted instance servers will always provide less performance and get overloaded faster than whatever CDN the site the user is linking to is using, so that argument is evidently fallacious.
(Plus, the option to host the image on the instance server has always been there: just download the fucking image from wherever you found it and upload it to the fucking instance. If anything, what this does is take away that choice from the user, leaving us with the “choice” to upload the image... or have it silently uploaded for us anyway.)
Let's be serious, the only reasonable motive behind this (especially when you take into account the devs' notorious ideology) is to be able to better control what the users post.
The deanonymization bit falls by its own weight, since, sure, the original hoster can't see who's loading the image (not that they ever cared to to start with), but now the instance admins (and / or the devs) can. Nothing is ever anonymous in the cloud, for fucks sake. Again, this is just taking away the choice of who to trust, and making lemmy look like the most untrustworthy option in the process.
The most important part, though, is that by highjacking the image hosting without the user's knowledge (and against the user's will, since, again, we could always choose to host the image on the instance, and this applies specifically to the case where the user did not intend to host it here), the instance (and / or the devs) gets control over what image gets actually served.
Enshittification happens. Every single image in the cloud will, sooner or later, be replaced with an ad. That's as certain as the third law of thermodynamics. When you link to a cloud hosted image, you're (mis)placing your trust on the hoster to keep serving that version of the image for the foreseeable future. Maybe I trust the lemmy instance more than the original site, in which case I'll upload the image. Maybe I trust the site more, in which case I'll link it. Maybe I trust neither, and I'll self-host the image, and link it (which is almost certainly the best option for people posting images of themselves, as is the main intended case for lemmynsfw).
But those two later options are now gone. Stolen from us, the users. And, obviously, I (and hopefully most other users) no longer trust the instance, or lemmy. Now the instance (and / or the devs) always has the option to change the image, instead of only when we misplaced our trust on them.
Plus, as the current kerfuffle so evidently shows, it adds a completely unnecessary extra point of failure.
The images would work perfectly if they weren't being shoveled through a hostile proxy no one asked for which is being blocked by cloudflare, probably with good reason.
The lemmynsfw admins could trivially solve the issue for newly linked images by disabling this stupid malicious option (already uploaded ones would probably require fixing the mangled urls at the database level, which is the least that they deserve for having enabled it in the first place), but they're not, they're trying to get cloudflare to fix it, a well known sisyphean task, i.e., an evident waste of everyone's time.
But they're not, so they clearly want to keep the proxy, the very root of the problem.
The whole thing is therefore not only malicious, but profoundly stupid, and depressing.
Just like good old reddit. 🤢
That is not the issue, we are having issues with our cloudflare account and our S3 bucket, we are in contact with support and working on a fix. You are making wild assumptions.
It must be hard to deal with these kind of paranoid nutcases, thanks for your hard work.
What fucking hard work?
They're just waiting for a response from cloudflare that almost certainly will never come, when they could fix the issue by simply removing the proxy.
You can check it for yourself, look at the URL of any random external image they're serving, https://lemmynsfw.com/api/v3/image_proxy?url=https%3A%2F%2Flemmy.world%2Fpictrs%2Fimage%2F301480eb-7622-41f3-a66a-a868c3544b90.jpeg, for instance.
Opening that will give you an error instead of an image, because cloudflare is being cloudflare and causing the proxy to fail.
Remove the unnecessary proxy part and fix the mangling, however, and it'll work perfectly: https://lemmy.world/pictrs/image/301480eb-7622-41f3-a66a-a868c3544b90.jpeg.
(The link is just some random image from the front page, irrelevant but harmless.)
This could and should have been fixed days ago, and would never have happened if they hadn't tried to hijack the urls in the first place!
(Well, it might still have happened with local images, but at least external ones would still work, instead of the whole instance being unusable.)
I think the part that makes your posts seem hostile is that you either know and haven't stated, or are assuming, that this is an intentional behavior on the part of lemmynsfw.
Was this behavior added to Lemmy's master codebase, or is there evidence lemmynsfw's admins customized the code to add a Cloudflare proxy for images? Either way, it doesn't seem like lemmynsfw is acting in bad faith.
I get that there's a larger Reddit / enshittification narrative you're viewing this through, but if you want them to not do that thing - use the URL-cloud-ifier - you'd be much more persuasive and probably get a more constructive reply if you just explained why it's a bad thing and asked them not to do it.
Oh, the original malicious intent is evidently on the devs part. They perpetrated this shit and tried to hide it under a stupid “think of the children” blanket.
The lemmynsfw admins did keep this malicious setting on, though, without telling their users, and are persisting on keeping it on despite evidence that it's been causing their instance to be unusable for days (to the point that I very much doubt it'll ever recover).
Hanlon's razor might have applied when this started happening. Maybe they just didn't know they had turned this shit on.
Them persisting on keeping it on when it's clearly harming the instance, though, is making it look more and more likely to be a combination of incompetence and maliciousness instead of just ignorance (and, let's be fair, also incompetence).
And, obviously, their insistence on keeping it on has irrevocably destroyed any trust the users could place on them, which for an instance based on trust (people are supposed to post their own extremely personal pictures here, after all) doesn't bode well at all for the future of the instance.
Call me a rat if you will, but my first instinct is to flee the sinking ship (already made a backup account elsewhere a few weeks ago when it kept randomly crashing) and warn everyone to do the same.
Some people demand a lot. I think most of us are happy just knowing whats going on.
Any way thanks!
Some people demand a lot
Dude, I'm just asking them to apply the obvious fix and stop messing with people's posts.
If you think that's a lot you have a serious case of Stockholm syndrome.
Though, to be fair, given the current massively enshittified state of the internet and the world in general, who doesn't, I guess.
If it's so obvious, feel free to make your own instance and run it how you want
load more comments
(6 replies)
That is not the issue
It's the underlying cause of the issue. (Well, that and dealing with cloudflare.)
we are having issues with our cloudflare account
Yes (that's what cloudflare appears to be for). Which is causing your stupid proxy to produce this shit instead of an image:
{"code":"object-request-error","msg":"Error performing PUT https://eb21b514652257169b552d5ece7ddfd2.r2.cloudflarestorage.com/lemmynsfw/01/98/22/63/d5/9e/74/c2/94/48/97232eff1bb0.jpeg in 45.917481ms - Server returned non-2xx status code: 403 Forbidden: NotEntitledPlease enable R2 through the Cloudflare Dashboard."}
You'll notice how the first link, which is what your site produces, craps out (because your cloudflare account isn't working properly, as tends to happen with cloudflare, no surprise there), while the second link, which is the original URL reconstructed from your mangling, works perfectly. (I grabbed it from some random post in the front page, the content is irrelevant but harmless).
So keep the fucking original URL instead of hijacking it with some stupid unnecessary proxy and it'll fucking work!
Q.E. fucking D., for fuck's sake! 🤷♂️
You’re an idiot. Proxies protect privacy. That’s literally why you’re here and not on Reddit, right?
Calling it a proxy doesn't mean it is one.
We have no way of knowing what's behind https://lemmynsfw.com/api/v3/image_proxy. All we have is the admins' word that it is one (wait, no, not even that, since they've never told us about it to start with).
All we know is that our urls are being hijacked (and that this is causing them not to work, and that the reason the devs — which are known to be untrustworthy — tried to justify this option with doesn't hold water) without anyone asking us first or warning us..
If I care about privacy I'll take care of that. I'll upload my images somewhere I trust or, better yet, control. If I want a proxy or CDN it'll be on my terms.
Even supposing it is a proxy, does it have a cache? Or a CDN? The whole cloudflare kerfuffle seems to suggest it does. How often do they update? If I decide to remove my image from wherever I hosted it, how long will it take for the cache to reflect that?
I don't know; lemmynsfw never told me, just like they didn't tell me they were using this alleged proxy and hijacking my urls.
Even if we apply Hanlon's razor and assume the lemmynsfw admins didn't know they had this option turned on and the devs just snuck it in by default in an update, the fact that they've kept it turned on for days when turning it off would fix the issue for external images makes the ignorance excuse moot.
They know it's on, they want it on, and they've got no intention of telling anyone or asking if we're fine with it.
This destroys any trust we could have had on them, and makes moot any assurance on their part (if they ever made one, which they have not) that this alleged proxy is benign.
That’s literally what a proxy is. We do know it is because the url is going to the lemmynsfw server. That’s all the proxy has to do to provide privacy. From then on it can literally do whatever, as long as you’re not hitting the third party server directly.
The proxy isn’t to protect images you upload. It’s to protect other people from you. You have so little understanding here it’s laughable. Fuck off.
load more comments
(1 replies)
Well that and spez' attempts to kill off any interesting community on Reddit. And the way it's just an OnlyFans ad site now 🤭 Here the amateur spirit still lives on.
I really appreciate all the work on this.
load more comments
(5 replies)
Oh this is a nice feature, I hope it's going to stay.
Nefarious or not, I appreciate you calling out the problem
load more comments
(1 replies)
I figured it was my connection.
Keep doing what you do!
It's always DNS.
Just to inform the admin, uploading photos does not work, I get an error(I copied it if you want it), and community photos in the side won't show up. Thanks for the hard job!
I'm surprised some images still work though, even recently posted ones.
Thank you for all the work on this and now importantly on building and maintaining lemmynsfw in the first place.
Waves fist at the clouds ✊☁️ Damn you cloudflare!!!
cloudflare
I don't understand why this malware is allowed to exist.
Their only purpose seems to be to stop the Internet from working properly.
Not to mention they man-in-the-middle every site that's proxied through them. So that's clear text passwords for every login at a proxied site.
load more comments
(1 replies)
load more comments
(1 replies)
well done, thanks to your team.
Any word on an ETTR?
Hopefully sometime today
Awesome! Thank you so much!
Great job👌👌 Thank you for your efforts
Thank you so much.. Have a nice weekend
Well I hope we get our old images and stuff back cause I worked hard on all those and not wanting to reupload
load more comments
(1 replies)
All my images still not showing up even my profile picture is all crashed out...
Yes unfortunately our Cloudflare has been locked in some way, meaning we are unable to make payments on it. Our b2 bucket (which is where all the photos for the site were stored) was hosted on cloudflare and is now locked behind a paywall that we cannot pay for some reason. We have contacted cloudflare support to try and get access again.
In the meantime even when it gets fixed we are NOT going back to cloudflare’s B2 bucket service, so we made another b2 bucket with a separate service and we’re waiting for access to the old one so that we can transfer all the existing data into the new bucket.
We're doing everything we can to try and get access to the old storage, but we haven't heard back from cloudflare yet. As for now, the new service allows us to backup our data so even if something were to happen to our photo storage again, we won't lose our photos in this way again.
Sorry for the inconvenience, this was really unexpected and frustrating for us aswell
load more comments
(6 replies)
I know you're doing your best and I hope it will work as usual soon. I'm here to report my situation. Right now I can't see any photo from my communities, neither the profile pics. I tried to upload something new and it reported an error message. I even tried to edit an old post recharging the image, but nothing changed. Thank you for what you're doing.
EDIT: it seems I can unload totally new pics, not the old ones I already used.
If you edit old pics and change something small it will allow you to upload it, it's trying to find the cached version of that picture that you've uploaded, but because we moved storage systems, that image doesn't exist. We're going to restore old images as soon as we can, but cloudflare has been giving us trouble still. We currently are still waiting to hear from cloudflare support about removing the lock on our account. Once that's resolved we will be able to copy everything in the old b2 bucket into the new one
load more comments
(1 replies)
load more comments
(1 replies)
Thank you for your dedication.
Damn, just as I was about to post something, which I rarely do
Locally uploaded images work, you can still post
Sorry, by "locally uploaded" what exactly do you mean? I tried to upload one here (to /c/sissychastity ) if that's what you meant and got the following error:
{"data":{"files":null,"msg":"Error performing PUT https://eb21b514652257169b552d5ece7ddfd2.r2.cloudflarestorage.com/lemmynsfw/01/98/28/af/16/04/76/42/91/07/3f775b0b643a.jpeg in 47.241919ms - Server returned non-2xx status code: 403 Forbidden: <?xml version=\"1.0\" encoding=\"UTF-8\"?><Error><Code>NotEntitled</Code><Message>Please enable R2 through the Cloudflare Dashboard.</Message></Error>"},"state":"success"}
Thanks for the info, we're switching S3 bucket providers, hopefully today, so hopefully that resolves the issues
view more: next ›