Important: Managing external media and links

maxmoon

In many countries there are laws, which are restrictive about external media/scripts or linking to external websites.

Examples

Example 1:

If an external image was embedded with the image tag (Markdown or BCC), which is copyrighted/pornographic/pedophile or any other illegal content, the maintainer of the forum could get in serious trouble.

The website operator might have to pay heavy fines or could even go to jail for (help) spreading child pornography (providing a platform for it).

Example 2:

For distributing links to right-wing extremist / pedophile websites, high fines can also be the consequence. DNS providers could block your website, too.

Example 3:

If external media is loaded, the privacy of the users is at risk (like a tracking pixel, which Facebook once used, but is illegal nowadays in the EU).

An admin has to write privacy policies, which a user have to accept, if it's about their data, but most admins don't even know that Flarum (or an extension) collect data or help to share data. In general it would be a better idea to be able to restrict Flarum to do it at all.

Solutions

Solution to example 1:

Trigger an error before a post gets committed if the post contains image tags containing links to external media, telling the user that external media is not allowed. Extended option: Only internal media should be allowed.

Solution to example 2:

Open a prompt with useful information and terms if a user clicks on a link, like:

You are about to leave Flarum

Flarum is not responsible for the content of any linked website.
If you agree with that, press "ok" to visit the website in a new tab or click "cancel" to abort.

After the user clicks on "ok", the website will be opened in a tab.

Solution to example 3:

An extension or script should be able to scan all extensions if they make a connection to a third party and list those links so that the admin at least knows that a specific extension makes connections to XYZ, which could be enough to deactivate the extension and not use it at all.

Additional: Maintainers of extensions could get informed to use downloaded sources instead of making a connection every time the extension is used. Or we could ask the developers to provide information, which third parties will be connected and which data will be shared so admins could create fitting privacy policies.

Do extensions for this already exist?

The only thing I could find is FoF Filter and filter for the word "http" so every time a link or image gets posted, it must be approved by a mod, which might be a lot of work.

Are there other extensions?