5
Lemmy and privacy issues
(lemmy.world)
Yes, posts you make to public forums are public.
Yes - Indeed.
But: Not what I liked or disliked. Every federated server can see that in their logs. Normally this would at least need you to talk to reddit/meta/some other company in order to get a hold of this data, but here literally everyone with basic Linux knowledge can get everyone's data very easy, very quick, and very reliable.
Before the recent API purge, you could access public data from sites like Reddit and Twitter pretty easily too. I mean it's still easy now, just not free. The same thing used to be true for Facebook, but their API purge was several years ago and their data model made less data straightforwardly public.
Personally I'd rather have my public posts be straightforwardly public than the illusion of privacy provided by sites like Facebook. Maybe a lot of people can get away with treating messages to a private Facebook group as private a lot of the time, but it's simply a wrong mental model that will lead to wrong decisions. A message can either be private or be broadcast to an open-ended set of people - not both.
So you're saying you can get my lemmy data easily?
Yes. When you like or dislike something it gets synchronized with different federated servers. Which means, federated servers have a database of all your likes and dislikes, and even your posts. The server admins of that server have, by nature, the password for the database and can therefore track every move you make. Just one "Bad guy" that has a server that is federated with your accounts server and they will know a lot about you. And since its open source theoretically everyone can do this. Criminals, Stalkers, Governments, Companies, everyone.
You can literally go and setup your own lemmy instance in less than 10 minutes. Its so well documented that even the least tech savy person should be able to do that with a bit of research.
When you've done that just wait for the data to flow in. And thats it.
So you're saying you can get my lemmy data easily?
It is better than what we have. Not ideal, but best to assume there is always the risk of people watching and knowing your activity.
I would assume if it was gov run, it would be performant and fast growing. So not sure they are involved.
There's nothing you can really do about it. Lemmy should encourage as much privacy as possible, and it's plain to see that there is work to be done in that realm, however, you should always protect yourself from the servers you connect to and store data on, regardless of whether it's oriented to privacy or otherwise.
Using VPN or TOR, not saying anything that could identify you, making multiple accounts, things like this.
What is “data of users”? Federated instances don’t get anything except username. Only the instance owner sees your IP address and browsing habits
Yes. But it is pretty easy to "connect the dots". A lot of people are reusing their usernames, which makes them identifiable. And since the other instances do save data like Posts you made, likes or dislikes you send, it can be pretty easy to make a profile out of your data and identify you.
Hmm...if people followed basic privacy rules, like not reusing usernames, it wouldn't be an issue.
Lemmy is not a privacy focused platform. End of story. Neither is Reddit or Facebook.
If you want to be anonymous and private, either use TOR or disconnect your internet.
Since lemmy instance can be deployed and federated by anyone it’s fair to assume that some bad actors are already doing it. With some scripting or machine learning you could determine user habits and subscribed feeds. Based on other posts the subscription information (activitypub) have also upvotes and downvotes which could be used to gauge one sentiment/political affiliations. I think the only way to circumvent this is to have disposable accounts maybe with some script to to rest scribe to topics of interest every time you have new account. Then don’t use moderator account for anything other than moderating specific sub.
Yes! It gives me the chills that everyone can easily snack all of our data. From criminals, to stalkers to governments to companies (Example would be Meta right now). I think we should be very careful what we post and like/dislike on this platform. Gives me the chills.
I could literally go and get your data in less than 10 Minutes. And potentially thousands ofdifferentt users too.
Yes. That is exactly what I wanted to say. Thank you!
I have a bad feeling about this. Companies can sneak in easily (As Meta is doing now), Governments can sneak in easily, Stalkers, Criminals, everyone.
I could literally go, setup and instance and get most of you data in an blink of an eye. I don't know. This gives me the chills
Yes. That is exactly what I wanted to say. Thank you!
I have a bad feeling about this. Companies can sneak in easily (As Meta is doing now), Governments can sneak in easily, Stalkers, Criminals, everyone.
I could literally go, setup and instance and get most of you data in an blink of an eye. I don't know. This gives me the chills
Why upvotes and downvotes are availible from every instance? They should only give the total.
I don't think there is a way to post to public forums and be private at the same time if normal privacy practices aren't followed.
This obviously will depend on your threat-model. I am breaking plenty of privacy focussed guidelines by posting here but I'm doing it anyway
view more: next ›
this post was submitted on 01 Jul 2023
5 points (85.7% liked)
Privacy
31252 readers
660 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 4 years ago
MODERATORS