diff --git a/proposals/2858-Multiple-SSO-Identity-Providers.md b/proposals/2858-Multiple-SSO-Identity-Providers.md
index e3d3059c..75f377cb 100644
--- a/proposals/2858-Multiple-SSO-Identity-Providers.md
+++ b/proposals/2858-Multiple-SSO-Identity-Providers.md
@@ -53,7 +53,8 @@ ALPHA  DIGIT  "-" / "." / "_" / "~"
 The `name` field should be the human readable string intended for printing by the client.
 
 The `icon` field is the only optional field and should point to an icon representing the IdP.
-If present then it must be an HTTPS URL to an image resource of type `image/png` or `image/svg+xml`.
+If present then it must be an HTTPS URL to an image resource. This should be hosted by the
+homeserver service provider to not leak the client's IP address unnecessarily.
 
 
 A new endpoint would be needed to support redirecting directly to one of the IDPs: