The main issue I see here is not privacy, but the fact that someone can “share” a media file (link to an image/video), and some users will see a different file if the server is malicious.

This could be solved if the event contained the sha256 of the media file, so clients could verify.