KingIf Lemmy became popular, what would prevent any three-letter agency from opening a server to get all the user data?
VanthAssume they do have access, as do the Russians and the Chinese and whoever else. Don’t share identifying info. Limit even non-identifying info that is unique to minimize opportunities for triangulation.
I think back to training I had many years ago about posting enough info that my identity could be obtained. Post that I was a soldier and it does next to nothing to identify me. Post that I lost a leg and it starts narrowing down but still not enough to identify me. Post that I am from Idaho and someone with any websearch skills can make a pretty good guess who I am, or at least narrow down to where more direct techniques can be used. And because it’s quite difficult to remember all the details I’ve posted, I tend to nuke my account and start from scratch periodically, especially any account that touches on the political.
Those were examples btw, I am not a legless vet nor a potato farmer. Or am I?
bradorsomethingIt’s always important to keep as much as possible in the something, but let people assume it’s not.
-Mark
Corollary I am already doxed and I don't post things I would not associate with in my personal or professional life.
I assume that someone vindictive could use things against me that I say, so I only say things I believe in or that are obvious satire. I'm outright hostile to people that don't have any empathy or critical thinking ability. I'm hostile to my co-workers when they don't show any critical thinking skills and I guess that's privilege I enjoy.
AdaOn the other side of the coin, I use my real name openly and have done so for decades. I’m also openly trans, and it’s not hard to work out where I’m from, so with that, it’s trivial to track me down. Yet I’d rather roll the dice of that possibility than interact anonymously, and lose my connections and community.
Have you had any trouble with this approach or has it worked out?
No problems so far
treadfulThis is really good and a great example. Also, can’t hurt to poison the well a bit and just straight up bullshit about your background in some posts.
As a world leader in cybersecurity, recipient of a nobel prize, liquid billionaire, and hobbiest musician making #1 on the Billboard Hot 100, I agree.
Bragging is unseemly, like I was telling my good friend Elon and my other two good friends Taylor and Kanya
Yeah… but my dick is fuckin huge so I win.
Oh shit is that you Frank?
No Frank Drebin is a fine police officer
Oh, hi Mark! I wish more people would take the approach to start new accounts periodically. I was amazed at people on Lemmy complaining about losing 15 year accounts from le Reddit.
🇰 🌀 🇱 🇦 🇳 🇦 🇰 🇮 🏆If you just assume that everything you put online is being saved and used by everyone and everything you’d be better off.
This used to be the default when I was a kid. Never give out your real name. Never give out personal information. Don’t post pictures or videos of yourself or anyone you know or that contain identifying info like addresses, landmarks or anything else that might make it easier for someone to figure out where/who you are.
All the data you send to Lemmy can be viewed by just about anyone. Including your votes. Deleting something doesn’t necessarily get rid of every instance of your content across the whole fediverse or anything that’s scraping data (including other users who just have a habit of saving every single thing). If you have an app that lets you share content and you find a “deleted by creator” post, you can even copy the post body and paste it elsewhere to see what it said prior to the deletion.
Always assume everything you put anywhere on the internet is going to be saved somewhere whether you want it to or not.
Listen to this person
Mossy Feathers (She/Her)It’s wild to me how many people have forgotten or refuse to follow basic Internet safety. People complain about privacy and then attach things to their real name. Stop that. Make up a name and use that one instead. No, don’t put your birth year in your email address. You think using a reversed version of your mother’s maiden name is real clever but it really isn’t. Stop that.
The infuriating issue I’m dealing with lately is the crossover between IRL and internet friends. They refuse to stop naming when typing or speaking. I don’t care that they know who I am, but there’s a reason that I want my nickname being used when we’re in a discord server and random fucking people join in. It’s even worse on forums. You go to one meetup and suddenly someone wants to make a post saying, “it was great to meet X, Y, Z, AA, AB, AC, AD, AE, AF…” using the names of the people instead of their aliases. And of course they took a picture.
I blame facebook. It introduced and reinforced the concept of name=person=online to everyone.
Happens to me as well with meetup. I am in a bunch of atheist meetups and most people who go do not want their name or photo associated with it.
The data is already public, that’s how ActivityPub works
BlackmistYour account details (email, password hash, IP address) are held only on one instance, but yeah, the rest is shared.
You don’t even need to set up a server, you can scrape pretty much anything of value. And they already will have done.
I think that some data such as every single upvote and downvote an account makes isn’t public but can be viewed by admins
As far as I understand votes are published as ActivityPub messages, otherwise multiple servers could not have the same vote counts. They need to be able to deduplicate the same vote coming from two different servers.
So everyone can read your votes there’s just not an easy UI for it.
roadkillIf Lemmy became popular, what would prevent any three-letter agency from opening a server to get all the user data?
What makes you think they haven't already?
They already did.
Lemmy appears in Google search.
Nothing. Anytime telling you signing up to a bunch of random servers is more private than reddit is lying to you.
SavvyWolfWeren’t people losing their shit when a certain four letter corporation started reading information from the fediverse?
I don’t really understand it, public posts are public, and you should assume that anyone you don’t like can read them.
Worth noting that your IP and password are stored only on your instance, and pms are visible to only the source and destination instance. So that information is as private as stuff like Gmail or Discord.
LerajeWithout wanting to stir that hornets nest again, it wasn’t so much about that four letter company reading what we wrote on Lemmy that people were concerned about, more that it was inevitable wed end up seeing content from the sort of right wing shitfest accounts like libsoftiktok etc and the so-called minority groups here would be brigaded by masses of these people.
Agreed, and that is a perfectly valid concern. But there were certainly some people that focused a bit much on the “they can read and use machine learning on my posts!” part of things.
Call me Lenny/LeniI would assume the fediverse is like the US government where a new state cannot be admitted to the union without the consent of the other states, which would ensure for example that something like the Church of Scientology couldn’t make Lemmy.ology, though maybe I’m just taking that rule of thumb for granted.
That’s unfortunately not how it works at all, it’s an block-list model rather than an allow-list
Unless I misunderstand something, that sounds like it would defeat one of the core purposes of a fediverse. If there is no membership coordination, it at least seems like it would be less a council and more like what it would be if it was just a group of sites with a common goal.
Are people downvoting what I was saying because they think I was asserting a statement of fact or because they disagree with that being how it should work (or because I used Scientology in my example)? Cue the line “this is why we can’t have nice things”.
The fediverse isn’t any kind of council, it’s just sites which use the same protocol to put their information in a form they all understand. It is open by default.
There are implications to the protocol though, for example you and I can communicate despite being registered to different parts of the fediverse. The lack of any safeguards against a group being unruly in ways that affect the rest of the fediverse (Lemmygrad comes to mind) seems like something that would backfire, kind of like if I was queen of a territory but then joined the US as a state and then proceeded to send people to the three branches of government just to troll the system. But there are safeguards against that, just not on Lemmy.
The safeguard is defederating from that rogue instance
Probably safe to assume they already have.
The same as anywhere else on the internet. Anonymity is the user’s responsibility, not the platform. This is generally the case.
The server operator and every hop on the network, along with dns has your IP. Tor or a trustworthy VPN on a burner phone hotspot driving around in a van with an untraceable Craigslist laptop would do the trick.
This is a public facing site, none of that data is secret.
Nothing, it’s inherently part of the design of ActivityPub.
Encryption.
Lemmy does not use encryption.
Then nothing
Iq omz qzodkbf agd yqeemsqe geuzs tustxk eqogdq oubtqde!
Nothing. A social network is a public forum, and you have no expectation of privacy on a public forum.
DMs are the exception, and it should be explained to users that they are not private. E2E DMs would be cool, but the potential for spam and abuse is just too high.
ikiddYou think they don’t already? You can spin one up in a docker in about 5 minutes and download to your heart’s content today.
Nothing?