I care deeply about user privacy, which is why I don't store any user-related information. The website simply have two key-value buckets to store information related to the uploaded files. The file data stored is as follows:
'MD5 hash key-value bucket'
- Key: MD5 hash of the uploaded file
- Value: MD5 hash of the file after being processed (if it wasn't converted/resized then the value will be the same as the key)
The value is basically the MD5 hash of the file that ends up being stored on the server. The purpose of this bucket is to prevent duplicates and processing files that has already been processed.
'File data key-value bucket'
- Key: A unique ID pointing to the file (this is the short ID you see in the URL)
- Value: Filename of the stored file (this is the MD5 hash + file extension), along with a randomly generated password that can be used to delete the data from the bucket
It's worth noting that the file itself won't be deleted from the server, but no one will be able to view the file unless they know the MD5 hash. I can manually delete the file from the server, but will only do so if you can prove you are the copyright owner.
That's it. There is no futher information being stored. The uploaded images are not associated with an IP or anything else. Moreover, the website doesn't use any analytics or tracking. I do however use Cloudflare, which means I can see number of unique visitors and requests for 1 month. This information also include the country from which the request was made, but contain no other information.
In order to protect imgasm against abuse and attacks, I use a rate limiter package, that will store your IP in memory for 1 hour. I also use CloudFlare, which will discard access logs within 4 hours. I do not log anything myself, as I feel confident that the rate limiter together with CloudFlare can mitigate any attacks that may occur.
imgasm also use AES-256 encrypted cookies for the sole purpose of displaying potential error messages. You can easily delete and block the cookies without breaking anything (besides the fact that potential error messages won't be displayed if cookies are being blocked).
If you encounter any problems, or have any questions, then feel free to open an issue on GitHub.