Eh, it's only centralized if all clients use the same image proxy server. If all clients use their own it's not a big deal, IMO. Also, give users the ability to turn it off like Snort does.
I don’t know if this has to do with that interesting new account or not and the funny url that was DMed out.
I don’t know if images from followers is the best approach.
Right now so many services have your IP and even your followers might find a url or repost something from a non follower that is from a honeypot web server.
The weird url link that was DMed to me has 2 attributes, my npub and some crc value that is provably a hash or some part of the npub or something.
I’d say a good start is that any url or image that might have your npub (or anyone’s npub) should maybe have an option whether to load it or not. I’m sure clients can identify a suspicious url and filter.
I can just send you a URL there 1.2.3.4/file10.jpg and enter into a local DB that file10.jpg corresponds to this npub DM. Their method was just for easy scripting.