There are 4 problems that can be caused by hotlinking (the practice of embedding images from other websites into yours).
Slashdotting
1st: if a website that has zillions of visitors every day hotlinks an image of a website that has almost no visitors, the hotlinked website's web server is probably going to be overwhelmed by the traffic from the larger website (i.e. it will be slashdotted).
In the worst case, it won't be able to server webpages to people actually accessing the website because it has to spend all its bandwidth send images to visitors of the other website!
Breach of Privacy
2nd: when a resource is embedded like this, the web browser sends the HTTP request to download the resource with a referer HTTP header that tells the target web server what URL the request is coming from.
That is, if you visit example.com, and it hotlinks virtualcuriosities.com, then when the web browser downloads the image, it's going to tell my server (virtualcuriosities.com) that YOU are visiting example.com.
This is kind of a privacy issue.
The reason why web browsers do this, and why they HAVE to do this, is exactly because hotlinking and embedding exists.
Any webmaster can prevent (most forms of) hotlinking by checking the referer HTTP header. If the header says the user is visiting from another website, they can just reject the request and save bandwidth with that.
If you have ever heard about "tracking pixels," this is what they are: a 1x1px image hidden somewhere in the webpage that forces your web browser to send a request to somewhere revealing data about your web browser that can be processed by some server!
By the way, this HTTP header is also sent when you click a link. Any link. I personally use this information on this website, although not server-side, client-side with Javascript. I have webpages for every image uploaded. If someone lands on them from Google or other website, I show a message that reads "hey, this image you're seeing was published in this article, are you sure you don't want to see the article instead?" If the user clicks on a thumbnail in this website to go to the image, the referer will be this website, so I don't show the message.
Security Risk
3rd: hotlinking creates a dependency, which introduces security risks. For example, there is no guarantee that the owner of the website is always going to be the same, or even display the same image at that specific URL. They could replace the image with something else.
They could replace the image with something disgusting to teach hotlinkers a lesson.
Yes, this has happened in the past.
And then your entire audience is going to see that.
One common case, I believe, are people who use image hosts. Image hosts are websites that allow users to upload image and allows hotlinking. The image host essentially bears the cost of hosting images for smaller web forums. On the image host's page there will be a lot of ads, but at least you don't need to pay for the hosting costs of the images. Some image hosts may start watermarking images all of sudden, and then all images in the forum that looked fine until then will start looking watermarked, which would be terrible.
Link Rot
4th: perhaps the biggest problem with hotlinking is that it depends on the hotlinked website outliving the hotlinker. If the hotlinkee shuts down, the hotlinked content won't be available anymore for download. In other word, we have a case of link rot! The hotlink is rotten! It's hotrottenlink? I don't think there is a specific word for it!
Leave a Reply