Well, this is certainly concerning. A flaw in Cloudflare's content delivery network allows an attacker to geolocate a target simply by sending them an image over Signal or Discord. This is a zero-click vulnerability.
Accuracy depends on a user's location and the number of Cloudflare data centers nearby with urban areas providing potentially greater accuracy.
@peteorrall I'm not a tech person, so this may be a dumb question, but wouldn't this vulnerability apply to any messaging app? iMessage for instance. And there would be no way to avoid it, other than not accepting incoming messages from unknown senders?