the argument goes "we can't trust servers to hand off pre-fetched and rendered preview cards because they could alter them and facilitate all sorts of link fraud trickery and confusion and lies" and so forth - at least that's how I understand the reasoning put forth to not pre-fetch and render preview cards for links on the originating server for any given toot.
but here's the thing: I also cannot trust servers to not send absolute bile to my server. I can't trust them to moderate their users. I can't trust them to be "good, upstanding" admins in the overall fediverse-adminning metacommunity. I can't trust them not to use the things my server sends out upon request to do things I expressly do not want done with them.
but we have some meager tools at our disposal for handling servers we feel are bad actors according to our local definition of the concept on any given fediverse server. we can defederate. we can block by user agent and IP subnet and any other heuristic we can identify about the bad actor. we can enable features like authorized fetch. we can name and shame. and we can keep working on better tools and methods for keeping our common shared voidspace a pleasant and happy place to be and a good neighbor besides.
so, like, fetch and render the dang preview card at the source server. accept the pre-rendered preview cards in network. if you catch nefarious shit happening, shout about it.
y'know, Wednesday in the fediverse.