122
submitted 1 year ago by iraq_lobster@lemm.ee to c/privacy@lemmy.ml
top 22 comments
sorted by: hot top controversial new old
[-] rrobin@lemmy.world 34 points 1 year ago

To be fair I do not expect any privacy protections from lemmy/mastodon in general, or from blocking/defederation in particular.

Lemmy/Mastodon protocols are not really private, as soon you place your data in one instance your data is accessible by others in the same instance. If that instance is federated this extends to other instances too. In other words the system can be seen as mostly public data since most instances are public.

The purpose of blocking or defederation (which is blocking at instance level) is to fight spam content, not to provide privacy.

[-] taladar@sh.itjust.works 22 points 1 year ago

I do sort of expect the Lemmy instance to protect my IP address, email associated with my account and whatever fingerprinting can be done in the browser as well as protect any Javascript they use from injections of third party Javascript, but only when accessing the instance, not when following external links or otherwise loading external content (e.g. images hosted elsewhere).

[-] rrobin@lemmy.world 12 points 1 year ago

Fair point (IP, email, browser session data). Those should not be exposed via the federation in any way. And the existence of the federated network means we could switch instances if we are concerned our instance is a bad actor about this.

I did not mean to suggest the ecosystem is not valuable for privacy. I just really don't want people to associate federation with privacy protections about data that is basically public (posts, profile data, etc). Wrong expectations about privacy are harmful.

[-] pjhenry1216@kbin.social 32 points 1 year ago

This isn't how any of this works at all. Defederation does not increase your privacy from them. That's not how federation works. They still will see your posts. Blocked or defederated. You just won't see theirs. Blocked means you filter out their content. But they could theoretically show up in comments. Defederated means it won't populate. But it doesn't mean your content won't get populated there. They simply can't comment on content from or direct message folks on a server that defederated them.

Privacy through obscurity is as bad as security through obscurity.

Any real danger Meta presents is looming regardless of federation. I'm not against defederation. I'm just against defederating without purpose. And to be honest, what I've heard so far leads me to believe defederation will be my likely call if and when Threads goes live with ActivityPub (well, defederate with their primary instances at least, not sure of the details of how one can defederate with every Threads based instance, though it may be simple). But I don't even know if they'll federate with Lemmy/Kbin to begin with and I do not want to start some trend of instances needing to act on hypotheticals.

Tl;Dr - defederation does not increase your privacy at all. Not saying you shouldn't defederate for other reasons, but your exposure is absolutely unchanged one way or the other. This article has federation entirely wrong.

[-] Gleddified@lemmy.ca 21 points 1 year ago

Lemmy isnt't meant to be private, it's a public forum. One should fully expect everything one posts to be seen by anyone. Assume Meta is using all your Lemmy posts to try and build a profile on you - be careful how much personal info you post.

[-] Hildegarde@lemmy.world 3 points 1 year ago

Also periodically delete your account and start a new one with a new name. Harder to build a profile on you if the data is spread between unrelated accounts that don't reference each other.

Or has AI made this untenable?

[-] Isthisreddit@lemmy.world 4 points 1 year ago

Depends what your trying to hide and from who. Someone trying to stay anonymous from creepy dudes is fine (ops sec best practices should be used if one wants to stay anonymous). If someone with resources (say some agency) wants to figure out who you are, they can de-anonymized instantly due to all the tracking that's out there, plus any subpoena power they might have, it's a wrap. "AI" doesn't even need to come into play (not that I even know what you mean by AI)

[-] Tangent5280@lemmy.world 1 points 1 year ago

Is that it then? The best privacy we can expect to have is to never be looked upon by Sauron's Eye?

There must be atleast one community out there who specialises in privacy that even the acronym boys can't see.

[-] Isthisreddit@lemmy.world 3 points 1 year ago

Honestly I think the answer is a depressing no. Your face is already on some facial recognition software somewhere (most likely). If you pay for an internet connection, your IP will be able to get traced back to your real world identity. If you have a cell phone or use a modern computer, there is so much finger printing and tracking going on that its basically a lost cause.

Now there are steps you can take to fight for your privacy, but if you take part in the modern world, I don't think there are any easy steps. The acronym boys have access to all the identifying systems and much more.

Now if you are serious about guarding your privacy, there are steps to take and a more privacy focused forum/board/community can give better pointers than me, but if you are looking to not be identifiable or untraceable by a state actors, that's some real spy level shit. Remember "they" can find and identify the serious cyber criminal players, but most of the time these guys are in countries that dont have extraditions to the US. An anonymous cyber criminal only has to fuck up once to be uncovered

[-] DmMacniel@feddit.de 13 points 1 year ago

The case with Matisse is absolutely horrifying.

[-] taladar@sh.itjust.works 11 points 1 year ago

Sort of reminds me of that Google thing, I think it was when they started Google Plus when they had this braindead idea of adding everyone in your phone book without your consent.

[-] nothacking@discuss.tchncs.de 11 points 1 year ago

All content on Lemmy are public by design, you can collect any data by just connecting to any instance, they don't need a full on federated instance. Threads changes nothing as far as privacy is concerning. Don't post anything you don't want to be spread all over the internet, with no way to remove it.

[-] Gush@lemmy.ml 0 points 1 year ago

You should read the article first

[-] nutbutter@discuss.tchncs.de 7 points 1 year ago

Question - If Threads become a part of Fediverse, will they be able to collect the telemetry, such as who saw a post on their server, for how long did they look at an image etc, if we are using an instance other that Threads' official server?

[-] pjhenry1216@kbin.social 6 points 1 year ago* (last edited 1 year ago)

Short answer, probably not. Long answer, they may try, but everything needs to be within spec of ActivityPub and that at least means if they do inject something like that, itll be easier to find and developers can filter it out. So I'm hoping Meta realizes it's a draw and not try. They could try to put in recommendations to the spec, but I don't see those getting passed very easily. W3C wouldn't bow to them that easily. They do have centralized power, but their power inside is fairly spread out, so they'd need to appeal to a lot of people, many of whom are very principled.

For example, a very basic concept is the tracking pixel. Embed an image the size of a pixel and host it on a server that tracks requests to it. It's not a very advanced tracking system, but it's common in emails and the like so as to guage how many people read an email or something. Broad metrics, but metrics nonetheless. If Meta automatically injects these into posts, it's easy enough for developers to either filter out images below a certain resolution or simply disallow images from certain hosts. And it's 'easy' because there's limited places where Meta can place it so folks who watch out for this kind of stuff will be able to see any trickery Meta tries to pull.

Edit to add: also, many local methods of preventing tracking may also help. Hardening your hosts file or setting up a DNS black hole like PiHole for example. I highly suggest looking into PiHole if you haven't already and are serious about not being tracked. It may not stop all, but it can stop a lot.

[-] maynarkh@feddit.nl 1 points 1 year ago

W3C wouldn’t bow to them that easily.

They don't do so for Google either, but Google still does shit like this.

They could absolutely include extensions to ActivityPub to their instances, even sell it in a freemium model for companies. Host your instance on Threads instead of Mastodon and get "analytics".

[-] pjhenry1216@kbin.social 1 points 1 year ago

It wouldn't work with any other instance though. You can extend it all you want, but the other instances need to comply. That's why the extension prong of EEE doesn't really work here. It only applies to themselves. They can extend it all they want but they'll only get metrics from themselves and other Threads-based instances.

[-] maynarkh@feddit.nl 1 points 1 year ago

Other Threads instances will comply, and Meta can court big instances to use the extended Threads API, and you will see small instances to follow the flock.

[-] pjhenry1216@kbin.social 1 points 1 year ago

Big instances would instantly lose every instance other than Meta's. Why would they ever do that? Especially when the biggest instances are mostly approaching Meta with caution if not already defederating?

The fediverse doesn't handle rogue actors all that well if they change the literal language used to communicate. It breaks it. Even Microsoft, the one who basically invented the strategy decided against it in the end. They broke the internet for a long while, but only because they were in a much stronger position than, say, Netscape, which was originally designed to fail anyway.

Meta would need to change the actual protocol if they wanted to get anywhere. Even then, instances can simply refuse to upgrade.

It is much more difficult than you think. And id much rather users see they can live without Threads than to force them into Meta's corner. I'd rather help people get away rather than ignore their existence. If Threads is too annoying overall, I'll vote defederate. But I want to see what happens first.

[-] GustavoM@lemmy.world 1 points 1 year ago

Here is a major red pill that no one from this community will ever shallow:

You will never be 100% anonymous.

load more comments
view more: next ›
this post was submitted on 13 Jul 2023
122 points (92.4% liked)

Privacy

32103 readers
701 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS