What are you using to detect proxies? User agents?
Also blossom can help prevent tampering with media since the files sha256 is in the URL which is in the signed event
Discussion
UA.
Also Primal ignores blossom hashes and does not validate. Not sure if they even do failover
And I might also know of a way to bypass Blossom checks in several clients
Most web clients cant easily validate the hashes since its not possible to get the raw blob from a element. I have a button to do it in noStrudel but the user has to intentionally click it
Also it does not detect https://github.com/willnorris/imageproxy which is the image proxy that noStrudel can use :)
https://api.nostr.land/detect-cache/v1.jpg" class="embedded-image" loading="lazy">
Will implement.
The manual verify button has a problem as well