Topic: Upload domains

I noticed that if I try to upload from certain domains, it tells me that I cannot because the domain in question is not in the upload whitelist. Got it. But in order to adhere to the spirit of this rule a little better, I'd like to know a little more about the philosophy behind it?

Like, if it's a cybersecurity thing with transferring data directly from an unknown domain to e6, that makes sense. But then would it be ok to upload the image directly from my device, and cite the non-whitelist domain as a source? Or would that be seen as trying to sidestep rules, and get anyone attempting such a thing in trouble?

I also haven't been able to find an inverse list of blacklisted domains. Is there one? The whitelist has a column for reason why a domain was whitelisted - knowing the reason why specific sites aren't trusted could help me treat them accordingly?

Downloading an image from a domain that isn't whitelisted and uploading it to e621 is fine. I would guess the whitelist exists because the foreign domain could do some type of spoofing to e621 while appearing legit to a human.

azurezenith said:
I noticed that if I try to upload from certain domains, it tells me that I cannot because the domain in question is not in the upload whitelist. Got it. But in order to adhere to the spirit of this rule a little better, I'd like to know a little more about the philosophy behind it?

It's to prevent e621's server IPs from being exposed to malicious sites that could have used it in DDoS attacks.

Like, if it's a cybersecurity thing with transferring data directly from an unknown domain to e6, that makes sense. But then would it be ok to upload the image directly from my device, and cite the non-whitelist domain as a source? Or would that be seen as trying to sidestep rules, and get anyone attempting such a thing in trouble?

Yep, users have been doing that since before the whitelist.

Any first-party/original source is allowed as long as they aren't banned (i.e., piracy sites) or illegal.

I also haven't been able to find an inverse list of blacklisted domains. Is there one? The whitelist has a column for reason why a domain was whitelisted - knowing the reason why specific sites aren't trusted could help me treat them accordingly?

Probably not accessible by normal users. We also don't want to encourage people to visit these blacklisted sites.

thegreatwolfgang said:
It's to prevent e621's server IPs from being exposed to malicious sites that could have used it in DDoS attacks.

I would argue that this isn't a major concern.
Not allowing potentially malicious users to have e6 make requests to arbitrary sites sounds like a good idea to me.
Same goes for not allowing e6 to download completely arbitrary content from anywhere on the web, however temporary.

It's not perfect, I'm sure. I actually had to patch it a few months ago because someone found a way to bypass it.
But it's just one more layer of protection we have.

eightoflakes said:
But then would it be ok to upload the image directly from my device, and cite the non-whitelist domain as a source? Or would that be seen as trying to sidestep rules, and get anyone attempting such a thing in trouble?

Yes, this is okay.

azurezenith said:
I also haven't been able to find an inverse list of blacklisted domains. Is there one? The whitelist has a column for reason why a domain was whitelisted - knowing the reason why specific sites aren't trusted could help me treat them accordingly?

There isn't a blacklist for sites that you cannot use as sources.
However, sourcing your uploads from piracy websites is a great way to have those posts deleted.